G PACE LIMITED

HRI

HRI offers a cloud-based Cardiac Rhythm Management Platform that automates data integration from implantable cardiac devices and home monitoring systems. It generates automated implant and follow-up reports, enhances cardiac device traceability, and supports clinical decision-making with robust data security. The platform is scalable and compliant with global standards.

Features

• Pro-Link Automation: Automatically transfers device data into comprehensive reports.
• Barcode Scanning: Ensures immediate device traceability and compliance.
• Home Monitoring Integration: Seamlessly connects with home monitoring platforms.
• Advisory Alerts System: Delivers manufacturer updates in real-time.
• Customisable Dashboard: Provides tailored analytics and performance insights.
• Regulatory Compliance Assurance: Adheres to global healthcare and MDR standards.
• Enhanced Data Security: Features robust encryption and threat monitoring.
• Scalable Architecture: Adjusts to increasing data and user demands.
• Cloud-Based Infrastructure: Reduces local IT burden, ensures reliability.
• Real-Time Reporting: Offers instant insights for quick decision-making.

Benefits

• Pro-Link Automation: Reduces manual data entry, enhances reporting efficiency.
• Barcode Scanning: Speeds up device logging, improves workflow efficiency.
• Home Monitoring Integration: Enhances patient data accuracy and follow-up care.
• Advisory Alerts System: Maintains clinical safety with current manufacturer guidelines.
• Customisable Dashboard: Aids precise healthcare decisions through customised data.
• Regulatory Compliance Assurance: Minimises compliance risks, ensures operational safety.
• Enhanced Data Security: Secures patient data, builds trust and compliance.
• Scalable Architecture: Supports expansion without degrading performance.
• Cloud-Based Infrastructure: Minimises IT overhead, focuses on patient care.
• Real-Time Reporting: Enables proactive care and timely interventions.

£20,000 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at robert@heartrhythmintl.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

288990502451126

Contact

Robert Kelly
+353833325468
robert@heartrhythmintl.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Service constraints include scheduled maintenance windows primarily outside of peak usage hours to ensure minimal disruption. Our platform's support is optimised for the latest versions of major web browsers to guarantee full functionality. We recommend a stable and secure Wi-Fi connection for the best performance, particularly for features like Pro-Link, which requires continuous cloud connectivity.
• System requirements:
  • Hardware: Compatible with any modern device; minimum specs 4GB RAM.
  • Software: Supports latest versions of Windows, macOS, Linux, iOS, Android.
  • Network: Requires stable internet connection
  • Security: Multi-factor authentication required; updated antivirus advised.
  • Browser: Compatible with latest Chrome, Firefox, Safari, Edge versions.
  • Accessibility: Complies with WCAG 2.1 AA standards.
  • User Training: Initial platform training recommended; ongoing support provided.
  • Support: Assistance available via phone, email, or help desk.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide 24/7 support through our AI-powered response system, ensuring that all inquiries are addressed promptly at any time, including weekends and holidays. Our AI bot instantly acknowledges incoming requests and provides timely solutions, escalating complex issues to human support when necessary.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Our web chat is available 24/7, powered by AI to provide immediate support. When AI-generated solutions are insufficient, issues are escalated to human support for resolution. We are committed to accessibility and continuously improving our services. Although specific testing with assistive technology users has not yet been conducted, plans are in place to ensure our web chat meets accessibility standards and is user-friendly for all customers.
• Onsite support: Yes, at extra cost
• Support levels: Support Levels at HRI; ; Basic Support:; ; Business hours via email and online ticketing.; Included in base subscription.; Premium Support:; ; 24/7 via email, ticketing, and phone.; Response within 2 hours.; Includes a dedicated technical account manager or cloud support engineer.; Priced higher than Basic, reflecting additional resources.; Technical Account Manager or Cloud Support Engineer:; ; Available at Premium level.; Acts as a trusted advisor, optimising your environment and supporting scalability.; Cost included in Premium package, additional customisation extra.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: To ensure a smooth introduction for users to our service, we provide a variety of tailored resources and support aimed at enabling effective and efficient use.; ; Online Training: We offer comprehensive online training programmes. These cover basic setup, configuration, and advanced functionalities, ensuring users can fully leverage our service.; ; Onsite Training: For organisations requiring a hands-on approach, our expert trainers deliver bespoke onsite training sessions. These are tailored to the organisation's specific needs and focus on practical guidance for integrating and optimising our service within their existing frameworks.; ; User Documentation: We supply user documentation, including manuals, FAQs, and best practice guides. This documentation is consistently updated to reflect the most current features and enhancements.; ; Dedicated Support: Our dedicated support team is available to assist users in getting started through our helpdesk, accessible via phone or email. They are ready to address any queries or issues that may arise.; ; By offering these resources, we ensure that all users receive the necessary support to deploy and utilise our service successfully, thus minimising the learning curve and facilitating a quicker integration process.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: End of contract data extraction is based on contractually agreed terms and is usually one of the following:; 1. Data is securely, and permanently, deleted. Evidence to support this deletion is provided to the client/customer.; 2. Data is security transferred to the client/customer and permanently deleted from HRI systems. Evidence to support this deletion is provided to the client/customer.
• End-of-contract process: End-of-Contract Process:; ; As a contract nears completion, we engage in a clear termination process:; ; Notification: Clients are informed in advance about the impending end of the contract to facilitate a decision on renewal or termination.; Review Meeting: A meeting is arranged to evaluate service performance and discuss future requirements. This meeting determines the continuation or cessation of services.; Data Handling:; Data Transfer: Should the client choose to retain their data, we securely transfer it to a designated system.; Data Deletion: Alternatively, we can securely erase all client data from our systems, with evidence provided.; Closure Documentation: All relevant documentation, including service performance reports and final invoices, is supplied.; Pricing and Additional Costs:; ; The contract price includes:; ; Normal service usage within set limits.; Standard customer support during business hours.; Regular updates and maintenance.; Additional costs are incurred for:; ; Services exceeding the standard scope, such as extra data storage or processing power.; Out-of-hours support services.; Bespoke customisations or integrations.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our service is designed for mobile devices, offering a user-friendly interface optimised for smaller screens and touch interactions. While it retains core functionalities consistent with the desktop version, the mobile layout is simplified to enhance usability and ensure seamless navigation
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Yes, our service includes a user-friendly web interface that enables users to access and manage the Cardiac Rhythm Management Platform efficiently. The interface is designed for ease of use with clear navigation, allowing users to quickly perform tasks related to cardiac device management and patient data analysis.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: We have not yet conducted specific external interface testing with users of assistive technology. Plans to conduct such testing are underway to ensure our service meets broad accessibility standards and is usable by all customers.
• API: Yes
• What users can and can't do using the API: Our service includes an API that is designed for internal use only, facilitating seamless integration with hospital Electronic Health Records (EHR). The API is not accessible directly by users but is utilised by our internal development team to ensure robust integration and management of the service. Key aspects include:; ; Internal Configuration: The API allows our development team to set up and configure the integration with hospital systems, handling authentication, data mappings, and synchronisation settings through secure, token-based access.; Updates and Maintenance: Our team uses the API to make necessary adjustments and updates, ensuring the service remains responsive to the evolving needs of hospital systems.; Limitations include:; ; External Access: Users cannot interact directly with our API; instead, they interface with our service through a user-friendly dashboard provided by our platform, which communicates with the API internally.; Technical Requirements: Given the API’s internal usage, technical interactions require specific internal credentials and are managed by trained personnel only.; This design ensures that while the API is a critical component of our service infrastructure, it is optimised for security and functionality, managed by our skilled development team.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: To ensure users are unaffected by others' demand, we use an auto-scaling architecture. Our Code Engine and databases dynamically adjust resources based on real-time usage, scaling up during peak times and down when demand decreases. Resource isolation techniques like containerisation and dedicated tenancy ensure that one user’s activities do not impact another's. Load balancers distribute incoming requests evenly, preventing bottlenecks. We continuously monitor performance and employ predictive analytics to preemptively manage resources, guaranteeing consistent service quality for all users, regardless of overall system load. This robust infrastructure maintains optimal performance and high availability at all times.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export and download the data as standard csv file
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: HRI commits to a guaranteed minimum uptime of 99.9% during each calendar month, ensuring high reliability and minimal service disruptions for our customers.; ; SLA Details:; ; If this uptime guarantee of 99.9% is not met, customers are required to promptly notify HRI of the occurrence, providing all necessary supporting documentation (the "Notification").; Upon validation of the claim and confirmation that the guaranteed uptime was not achieved, customers will receive service credits. These credits are calculated as a percentage of the monthly service fee, proportionate to the extent of the downtime experienced.; Compensation Structure:; ; Service credit calculations are detailed in our SLA, with compensation rates escalating based on the severity and duration of the service interruption. For instance, missing the 99.9% uptime target by a small margin may result in a moderate compensation, while more significant deviations result in higher compensations.; These service credits can be applied against future payments as a direct discount on fees.; ; By promising 99.9% uptime, we aim to provide our customers with reliable access to our services, ensuring operational continuity and trust. Our SLA is designed to offer transparency and protect our clients' investments, reflecting our commitment to quality and customer satisfaction.
• Approach to resilience: At HRI, resilience is at the core of our service design. We understand the criticality of maintaining uptime and ensuring continuous availability for our customers' mission-critical workloads. Our approach to resilience encompasses several key pillars:; ; Redundant Infrastructure:; We maintain redundant infrastructure across multiple geographically distributed data centers.; Our data centers are equipped with redundant power supplies, networking equipment, and storage systems to mitigate the risk of single points of failure.; ; High Availability Architectures:; Our services are built on high availability architectures, utilising load balancing, auto-scaling, and failover mechanisms to distribute workloads and maintain service availability even during hardware or software failures.; Multi-zone and multi-region deployment options are available to customers.; ; Continuous Monitoring and Incident Response:; We employ robust monitoring systems to proactively detect and respond to potential issues before they impact service availability.; ; Data Protection and Disaster Recovery:; Data protection is a top priority. We implement industry-leading encryption techniques and backup solutions to safeguard data integrity and availability.; Disaster recovery plans are in place to recover from catastrophic events swiftly.; ; Compliance and Security:; We adhere to stringent compliance standards and implement robust security measures to protect our infrastructure and customers' data from unauthorised access and cyber threats.
• Outage reporting: Outage Reporting Mechanism:; ; Our service ensures transparent and timely communication during outages through a multi-channel approach:; ; Public Dashboard: We offer a real-time public dashboard accessible to all users. This dashboard displays the current status of all services, including any active incidents or outages. Users can check this at any time to get instant updates on the status of our services.; Email Alerts: In addition to the dashboard, we provide email alerts to notify users of any significant service disruptions. These alerts are sent out to all registered users and include details about the nature of the outage, expected resolution time, and any workarounds that may be available.; API Access: For developers and IT professionals using our service, we provide an API that can be integrated into their own monitoring systems. This API delivers real-time status updates, allowing for automated handling and response to changes in service status.; ; By combining a publicly accessible dashboard with direct email notifications and API integration, we ensure that our users are well-informed and can plan accordingly during any service interruptions. This approach not only enhances transparency but also supports our commitment to reliability and user support.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: We ensure secure access to management interfaces and support channels through robust protocols:; ; Multi-factor authentication (MFA) and Role-Based Access Control (RBAC) strictly limit access based on job roles.; Encryption protects data in transit, with VPNs mandatory for critical tasks.; Audit Trails log all activity, supported by continuous monitoring to detect unauthorised access.; Security Training is compulsory for all staff, enhancing awareness against phishing and social engineering.; Support Channels employ strict identity verification and role-based access to safeguard customer interactions.; ; These measures guarantee that access is secured and monitored, maintaining high standards of data integrity and security.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Will be ISO 27001 certified by end of 2024
  • Will be Cyber Essentials Plus certified by August 2024

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: HRI is certified with Cyber Essentials and is in the process of certifying to ISO 27001:2022.
• Information security policies and processes: HRI has a full suite of policies to meet the organisation's information security management system and privacy information management system. These include, but are not limited to:; - Information Security Policy; - Data Protection Policy; - Risk Management Framework and Risk Register; - Access Control Policy; - Asset Management Policy including data classification and handling; - Acceptable Use Policy; - Remote Working Policy; - User Agreement; - Data Retention Policy; - HR Security Policies; - Supplier Management Policies; - Incident Management Policy including data breaches; - Operating Procedures for IT Management; - Business Continuity Plan; - Records of Processing Activities; - Data Protection Impact Assessments; - Data Subject Rights Procedures; - Information Transfer Policy; We ensure our policies are followed via:; - Delivery of Information Security and Privacy training at onboarding and annually thereafter. ; - Adherence with the Acceptable Use Policy and completion of the User Agreement.; - Monitoring on an ongoing basis.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We prioritise robust configuration and change management processes to ensure the integrity, security, and reliability of our services. ; ; 1. Configuration Management:; Component Tracking: We maintain a comprehensive inventory of all hardware, software, and configurations deployed within our infrastructure.; ; 2. Change Management:; Change Control Procedures: All changes to our services undergo rigorous change control procedures. ; Impact Assessment: Changes are assessed for potential security, performance, and operational impacts before implementation.; ; 3. Security Impact Assessment:; Changes are subjected to a dedicated security review process to assess potential security implications. This analyses the impact on security controls, access permissions, data protection mechanisms, and vulnerability.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management process begins with continuous threat assessment, leveraging threat intelligence sources to identify potential risks. We prioritise rapid patch deployment, ensuring timely mitigation of vulnerabilities. Information about potential threats is sourced from a variety of channels, including security advisories, vulnerability databases, and industry partnerships. Our proactive approach minimises exposure and safeguards our services against emerging threats.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We employ robust protective monitoring to detect potential compromises, utilising intrusion detection systems and anomaly detection algorithms. Upon detection, we initiate immediate incident response procedures, isolating affected systems and containing the threat. Our response to incidents is swift, with dedicated teams mobilised to investigate and remediate within minutes. This proactive approach minimises impact and ensures the integrity and availability of our services.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: HRI has an Incident Mangement Policy (which includes data breaches) in place along with and Incident Mangement Form and an Management Action Log.; Information security weaknesses and events are reported, immediately after they are seen or experienced, using the Incident Report Form, which is kept on HRI’s internal network. ; All security incidents reported are entered onto the Management Action Log. This log is used to ensure that all incidents are addressed, analysed, logged and closed out. Evidence is retained.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Although we do not directly control the data centres, our commitment to fighting climate change is reflected in our careful selection of partners who demonstrate strong environmental stewardship. We utilise IBM's data centres, which are renowned for their efforts towards sustainability, including the use of renewable energy sources and advanced energy-efficient technologies.

  Equal opportunity

  We are in the initial stages of enhancing equal opportunity within our organisation and through our service delivery. We plan to review and refine our recruitment and employment practices to ensure diversity and inclusion at all levels. This will include unconscious bias training, promoting diverse hiring, and creating more inclusive workplace policies. We aim to set up measurable diversity targets and will monitor our progress closely to ensure our workforce reflects the diverse communities we serve.

  Wellbeing

  Our commitment to wellbeing focuses on developing initiatives that promote mental and physical health among our employees and clients. We are planning to introduce programmes that support work-life balance, such as flexible working arrangements, wellness workshops, and resources for mental health support. Our approach will be to create a supportive environment that fosters a healthy work culture, enhancing productivity and employee satisfaction. We will track the effectiveness of these initiatives through employee feedback and wellbeing surveys.

Pricing

• Price: £20,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at robert@heartrhythmintl.com. Tell them what format you need. It will help if you say what assistive technology you use.