Ortus Solutions limited

Ortus-iHealth

Ortus-iHealth’s digital platform enables the digitisation of outpatient care pathways. Through one unified solution, healthcare professionals can deliver personalised and remote care, using digital consent tools, remote patient monitoring, configurable virtual wards, customisable pathway dashboards, PROMs, PREMS, and vitals measuring software. Ortus includes integrated telehealth functionality empowering and enabling patients.

Features

• Configurable remote patient monitoring and virtual wards
• Automated and customisable clinical pathways, patient-focussed dashboards
• Integrated telehealth functionality, including video and asynchronous messaging
• Automated content including care plans, e-consent, condition education and self-help
• Configurable APIs (FHIR and HL7 v3 compatible)
• Comprehensive reporting functionality, including patient-reported outcome measures (PROMs)
• Condition/specialty-agnostic platform
• Flexible delivery across Pathway, Department or Enterprise roll-out
• Training, onboarding, project management and Support included
• Integration with NHS infrastructures (e.g. SPINE Patient Demographics Service, PDS)

Benefits

• Elective list prioritisation and management, supporting Early Patient Discharge
• Enables patient prioritisation of deteriorating patients
• Improved patient questionnaire completion rate (81%)
• 75% reduction in Outpatient DNAs (Did Not Attends)
• Improves up-titration of medication for patients
• Improved operational and service efficiencies
• 58% increased clinic capacity
• 95% patients 'satisfied' or 'very satisfied'
• Patient travel and time costs reduced
• Integrates with EHR and existing systems

£28,950 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick.niziolomski@ortus-ihealth.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

279089475894620

Contact

Nick Niziolomski
+447802241946
nick.niziolomski@ortus-ihealth.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • Up-to-date web browser (e.g. Google Chrome, Microsoft Edge)
  • Internet access supporting 5mb+ download speed is recommended

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support hours are Monday - Friday 09:00 - 17:00 (UK time), with a response time of 3-hours. ; Weekend support requests as above on Monday.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Support requests can be made via the Ortus Support channels, or directly to the Customer Success/Account Manager assigned to the account. Channels include telephone and email. ; ; Support is available to customers throughout the duration of any contract in place, and covers onboarding and offboarding, Technical, Clinical, Operational, Educational, Strategic and Commercial, with a focus on working in partnership with customers. ; ; Key contacts for each function will be identified and agreed during the implementation and deployment phase of the project.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Ortus provides a full project management process for any implementation covering: ; ; (1) Kick off meeting to understand clinical and operational processes in collaboration with the appropriate customer teams and clearly define roles and responsibilities; (2) Define and capture specific requirements from the customer, including any customisation work required; (3) Create and share the project plan, with associated actions and timeframes for deployment ; (4) Support with testing and management sign-off requirements before go-live; (5) Provide training sessions (typically online); (6) Hold monthly and quarterly review meetings with customer teams to ensure ongoing support; ; Ortus provides customers with full manuals for patient, clinician, and administrator roles for use of the platform, as well as recordings on demonstration and how-to guide videos.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Ortus can provide an extract of data in CSV and other SQL-compatible formats.
• End-of-contract process: Ortus will follow a pre-agreed demobilisation plan, ensuring an appropriate time period of access for current users. This is typically a 12-week period, but would be agreed with the customer. The final stage would be to provide an (encrypted) copy of the customer's data and then delete the data in-line with our ISMS policies.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile access is through either a mobile browser or Ortus-iHealth Apps (Android and IOS options available). Our browser service is web app, so the user experience is mirrored across both environments.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: We support FHIR and HL7 connectivity, integration is available subject to individual customer requirements, approvals and conformance levels.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The Ortus platform can be customised in a number of ways based on the requirements of the service including:; - branding/logo; - functionality; - reporting requirements; - content libraries and information provided to service users; ; (Depending on the scope of customisation) authorised users can configure customisations in the portal. Ortus can support with customisations or can complete this on behalf of the user organisation.

Scaling

• Independence of resources: Load testing is performed in-line with ISMS policies, and in collaboration with technical infrastructure partners. Planned updates are communicated with customers in advance of updates.; ; In addition, our servers are rapidly scalable, ensuring excess capacity for any spikes in demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Ortus can provide service metrics on: ; ; - Patient Reporting; - Diagnosis and Procedure Reporting; - Procedure Reporting; - Pathways; - Behaviour Reporting; - Clinic and Consultation Reporting; - Population Reporting (anonymised); - System User Reporting; - Clinician/Professional User Reporting
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data export requests can be completed through Support Channels.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • FHIR
  • HL7
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • FHIR
  • HL7

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Ortus-iHealth is hosted on UKCloud's secure and resilient platform. ; ; UKCloud guarantees the availability of each cloud service (dependent upon the service and the service level chosen, as defined within the Service Definition) and the underlying cloud platform.; ; UKCloud operates a 24/7 Cloud Operations Centre (CloudOps), which provides proactive monitoring of its cloud platform, resolving issues at source where possible, or take immediate action to escalate to; internal teams for further investigation and resolution.
• Approach to resilience: Ortus-iHealth utilises the resilient UK Cloud Platform for both hosting and back up. Further information can be found here https://docs.ukcloud.com/articles/other/other-ref-high-availability.html ; ; Further specific details are available on request.
• Outage reporting: Ortus-iHealth maintains ISO27001 for process management including business continuity and incident management policies. ; ; In the case of a major incident, processes and policies will be followed and escalated from Account Management, through Senior Management Team and to the Ortus Board (as required). ; ; Communication routes/methods will be agreed with the Customer as part of the implementation process, and would likely include both Support Channels and the dedicated Account Manager for the specified customer, acting as a central communication and support point. This would include email alerts as appropriate.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Ortus employs Roles-Based Access Controls (RBAC), with access rights restricted to users' roles when their account is created. ; ; Ortus Support and Management have limited-view access to interfaces to provide operational and technical support as required. This is again based on RBAC principles.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 21/06/2021
• What the ISO/IEC 27001 doesn’t cover: The scope of the certification is:; Provision of the Ortus-iHealth Application Suite, including the Development, Delivery, Maintenance, Support and Management of its Software-as-a-Service platform.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: NHS Data and Security Protection Toolkit (DSPT)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The Information Security Policy is the means by which the Company meets the requirements of ISO/IEC 27001:2013 relating to its business risks. It specifies the requirements for the implementation of appropriate security controls to meet identified risks relating to the activities of the Company. ; ; The implementation and continuing control of this system are fundamental to all work undertaken by the Company. The procedures established are adopted and practised by all employees at every level. ; The Company has adopted the process approach for developing, implementing and improving the effectiveness of its ISMS. ; ; The Company, in adopting the process approach is committed to:; ; (1). Understanding business information Security requirements and the need to establish Policies and Objectives for Information Security ; (2) Implementing and operating controls in the context of managing the Company’s overall business risk ; (3) Monitoring and reviewing the performance and effectiveness of the ISMS ; (4) Continual improvement based on objective measures ; (5) Communicating throughout the Company the importance of meeting all relevant statutory and regulatory requirements specifically related to its business activities ; (6) Ensuring that adequate resources are determined and provided to monitor and maintain the ISMS; ; Any breach is reported to Director-level management and escalated as required.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change management requests are managed and in-line with Ortus' Change Management Policy and ISO 27001. ; ; Changes will be deployed to a test environment and fully tested before deployment to the production environment. ; ; Major changes are signed-off at Director level and will be evaluated with a risk assessment process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Ortus-iHealth is hosted by UK Cloud. UKCloud's vulnerability management process is outlined below.; ; 'UKCloud has a documented vulnerability management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. Where technically possible, real-time updates and status reports are identified and sourced from credible vendor sources, which cover a significant proportion of UKCloud’s asset population. For other systems and software, assigned personnel have responsibility for regularly reviewing technical forums and specialist groups to promptly identify and evaluate any emerging patches or updates which require our attention.'
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Ortus-iHealth is hosted by UK Cloud. UKCloud's protective monitoring process is outlined below.; ; Following best practice from the National Cyber Security Centre, UKCloud protects both its Assured and Elevated platforms with 24x7 enhanced protective monitoring services, vulnerability scanning and assessment. Our approach to protective monitoring at minimum meets the Protective Monitoring Controls (PMC 1-12) outlined in NCSC document GPG13 (Protective Monitoring for HMG ICT Systems). It includes checks against systems events (SIEM) and network traffic analysis, including time sources, cross-boundary traffic, suspicious activities at a boundary, network connections and status of backups. Any alerts generated are logged and investigated 24x7.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents can be reported through the Ortus Support channel and will be reviewed and escalated through Senior Management and Directors. Ortus will engage with partners including Data Protection Officer, Clinical Safety Officer, and UKCloud (hosting provider) as required, taking into consideration guidance and ensuring obligations are met. ; ; UKCloud has a documented incident management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  Ortus supports patients and hospital teams in the recovery from COVID-19.; ; Patients can be supported and experience continuity of care from the comfort and safety of their own home, without needing to go to hospital, supporting those who are clinically vulnerable. Patients can submit their observations and symptoms from home, seamlessly communicating with their hospital teams through integrated telehealth. ; ; For hospital teams, the elective surgery backlog is ever-growing, but with Ortus enabling patient prioritisation and early discharge, we are supporting teams with operational efficiencies, meaning more patients can be seen quicker and supported better. Patients are remotely monitored at home, with the ability to create and configure care pathways for patients as required. ; ; The flexibility of Ortus as a condition-agnostic solutions enables us to scale rapidly across departments, specialties, and care organisations furthering the number of people we can support.
• Tackling economic inequality:

  Tackling economic inequality

  Ortus is an example of a product that can support economic inequalities with scalable and innovative offerings that can supports services as they look to establish integrated and connected care offerings whilst delivering operational efficiencies and opportunities to learn and develop through research. ; ; Remote solutions like Ortus offer opportunities for those who are economically challenged to receive a continued standard of care, meaning that high volume of low complexity patients can be managed from their home, saving them unnecessary expenses and trips to hospital appointments. Our experience has shown 75%+ of patients have saved an hour or more on transport by using Ortus, and that 50%+ would have had to take time off of work had they not used Ortus.

Pricing

• Price: £28,950 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick.niziolomski@ortus-ihealth.com. Tell them what format you need. It will help if you say what assistive technology you use.