eConsult
eConsult is the most widely used online triage tool in NHS Primary care, built by NHS GPs for NHS patients. eConsult was designed to enhance patient access and generate practice efficiencies by providing clinicians with a full structured patient history upfront, allowing them to safely and efficiently manage patients remotely.
Features
- Integrates with EMIS Web, SystmOne and Vision
- Proprietary patient and clinician facing red-flags
- Bespoke clinical and administrative consultation templates
- Integrated self-help and sign-posting
- Structured patient history collected asynchronously
- Customisable practice dashboard/inbox with NHSMail SSO integration
- Integrated patient messaging via SMS and Email
- Integration with the NHS App and NHS Login
- Ad hoc and planned demand management features
- Can operate as a federated model - "eHub"
Benefits
- Up to 90% of all eConsults can be managed remotely
- 15% of patients journeys are closed with patient self management
- Patients red-flags redirect unsuitable patients to suitable settings
- Clinician flagging support more efficient triage
- Range of post-consultation contact options cover all needs
- Dashboard/Inbox can be configured to practice needs
- Reduces burden of practice phone lines by up to 30%
- LTC templates allow for regular reviews to be managed remotely
- Full service and support wrapper included
- Structured data mirrors a typically F2F consultation
Pricing
£0.29 to £0.35 a licence
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
2 9 0 7 1 9 0 5 0 6 8 1 8 5 7
Contact
eConsult Health
Aman Kundraw
Telephone: 020 7062 5737
Email: commercial@econsult.health
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- Users require an up to date web browsers
- System requirements
-
- NHS Mail
- Robust internet connection
- EMIS Web, SystmOne, Vision or Microtest access
- Up to date browser
- Suitable device (laptop, desktop, tablet, smartphone)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Support hours 08:00 – 18:00 Monday – Friday
Response times are determined by priority. In addition to email, we provide live chat support via our website and telephone support.
Priority 1: Within 1 hour
Priority 2: Within 2 hours
Priority 3: Same day
Priority 4: Same day - acknowledgement and triaged.
Out of hours support:
Out of hours 18:00 – 08:00 Monday – Friday.
Priority 1 Within 12 hours
Priority 2 Within 12 hours
Priority 3 Next working day
Priority 4 Next working day - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
-
We have a User Research team dedicated to ensuring a user centric design.
This team maintain user groups of all end users (patients and clinicians), assistive users are a core component of these groups. Our User Research team regularly host interviews, focus groups and interviews with these groups to understand how our existing functionality and new feature and function (i) meets the needs of the end users, and; (ii) where adaptation is required.
Customer side, we work actively to ensure that the platform is intuitive for users to ensure that the seamless interaction with customer side systems aligns to existing experiences. - Onsite support
- No
- Support levels
-
Support hours 08:00 – 18:00 Monday – Friday. Response times are determined by priority. In addition to email, we provide live chat support via our website and telephone support.
Priority 1: Within 1 hour
Priority 2: Within 2 hours
Priority 3: Same day
Priority 4: Same day - acknowledgement and triaged.
Out of hours support: Out of hours 18:00 – 09:00 Monday – Friday.
Priority 1 Within 12 hours
Priority 2 Within 12 hours
Priority 3 Next working day
Priority 4 Next working day - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Full implementation and mobilisation including 2 week technical deployment and 2-6 months change management for individual practices. Systems and functionality training provided via a mix of channels (online, face-to-face, webinars etc) alongside modular change management programme. User guides, training videos, library of on-demand webinars, scripts, manuals, templates and marketing collateral is provided via our customer portal, accessible 24/7.
In addition, we hold quarterly webinars to discuss shared learning, share best practice and advise of the product roadmap. - Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
- Hosted videos
- End-of-contract data extraction
-
At the end of contract, as per national guidance all data should be saved by users to respective clinical systems, this can be undertaken by our interoperability options to provide ease and convenience.
Data will stay within the users Smart Inbox for up to 8 years, but only whilst the users are customers, data is purged when the contract ends. Any data sustained in the Smart Inbox at the end of the contract can be extracted at the users request. - End-of-contract process
-
Customer are required to provide a 90 day notice period. Upon request, the agreement will not auto renew. Customer will internally agree step down pathways and business continuity approach. We will support this process for smooth transition.
If no termination request is received, the agreement will auto-renew for 12 months.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
EConsult is accessible via a web browser and the NHS app.
The web version is compatible with internet browsers that carry 99% of all internet traffic (inc mobile browsers), and is written as a responsive web platform to ensure optimum display across screen sizes and devices/mobile. - Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
-
The patient side service interface is web-based and accessed by patients through a browser (e.g. via practice website or directly) or the NHS App (England only). This interface collects patients demographic detail, NHS Number (if NHS Login is used - England only), contact details and a structured triage history that is subsequently deposited within the customers clinical system.
On the practice side our smart inbox/dashboard is a cloud-based interface that is access via NHS Mail Single Sign-on. This inbox can be customised by the practice, allows for full patient management and integrates with the practices clinical system. - Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
-
We have a User Research team dedicated to ensuring a user centric design.
This team maintain user groups of all end users (patients and clinicians), assistive users are a core component of these groups. Our User Research team regularly host interviews, focus groups and interviews with these groups to understand how our existing functionality and new feature and function (i) meets the needs of the end users, and; (ii) where adaptation is required.
Customer side, we work actively to ensure that the platform is intuitive for users to ensure that the seamless interaction with customer side systems aligns to existing experiences. - API
- No
- Customisation available
- Yes
- Description of customisation
-
We have a range of customisation options available:
These include:
- Practice response times
- Practice website banner
- Localised patient self-referral pathways
- Ad hoc and planned demand management features
- The option for practice to adapt consultation pathways to suit local needs (inc opt in/out of select pathways and including/excluding select questions to be asked of patients).
These customisations are undertaken by our Operations team at service deployment and can be maintained/adapted via request to our support teams at anytime during the license period.
Ad hoc and planned demand management features can be configured directly by the practice.
Scaling
- Independence of resources
- All processing occurs on our multi-tier, AWS London infrastructure, which is configured for elastic scaling in order to handle peaks and troughs in usage,
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Practice data:
- All patient journeys (consultation, self-help, sign-posting)
- Consultation pathways
- Patient demographics
- Time and date of use
- Contact modality (SMS, email, video, telephony)
Patient experience:
- Recommendation rates
- Satisfaction rates
- Anonymised patient feedback
ICS/CCG/HBs will also be provided with access to Tableau to allow for real time data access. - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
If a customer, user or patient requests a documented data extract, we provide a structured CSV file detail all data that we hold about them.
Requests can be made directly to our first line support team who operate on a 24 hour SLA if requests are received between 9am - 5pm, Monday to Friday. - Data export formats
- CSV
- Data import formats
- Other
- Other data import formats
- N/A - users cannot upload their data into the service
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Bonded fibre optic connections
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
Guaranteed availability of 99.9% - this excludes planned downtime for regular product releases and spot fixes. This is communicated to customers well in advance.
All product releases are undertaken at the quietest period of usage and typically are completed as "blue/green" deployments (i.e. no downtime).
No refund or credit scheme is currently in place. - Approach to resilience
-
Housed in UK-based, multi-region, Tier 3 Data Centres for high availability and resilience.
Our range of products are utilised by more than 2000 unique organisations UK wide, and uptime has been stable at 99.9% for last 24 months.
Our products are housed on a multi-region cloud, using elastic scaling to handle the peaks and troughs in usage. - Outage reporting
-
We run a multi channel approach to maximise the opportunity of users to review and understand any communication shared on outages. This includes:
- Emails to affected users.
- A "status page" on our corporate website
- Use of Social media (Facebook and Twitter)
- Messaging shared within our WhatsApp user group
- Patient messaging via our patients facing, cloud based interface
- If appropriate, phone calls to users (dependant upon scale)
In addition, we undertake full business investigation of any outages to fully understand what occurred and what learnings we can take from it.
An abstract of this review and any changes being undertaken are shared with users within our monthly newsletters.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Username or password
- Other
- Other user authentication
- NHS Mail Single Sign On
- Access restrictions in management interfaces and support channels
- All access is via a VPN, using MFA and SSH keys
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Alcumus ISOQAR
- ISO/IEC 27001 accreditation date
- 07/12/2021
- What the ISO/IEC 27001 doesn’t cover
- All business areas are covered.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
We have a broad range of policies to support our ISO27001 certification.
We use a Jira add in to ensure that all polices are read and confirmed by staff.
Monthly internal audits are performed to validate clauses of the standard.
The Information Security and Risk manager reports to the Chief operating Officer, who sits on the Exec board.
As a continous improvement environment, we have a CAPA (Corrective Actions/Preventative Actions) process in place, which we record non-conformace and general security improvements.
Security incidents are reported via Jira Service Desk on a dedicated request offering.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- We have formal change management processes in place with AWS, recording all changes to production as part of our ISO27001 ISMS.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
We use Codacy and Snyk for code quality and library vulnerabiities.
We perform quarterly Vulnerability scans and yearly Penetration testing (or on major release)
We are signed up to the NCSC Weekly Threat Report and also get threat reports from NHS England and our security partner
Critical risk vulnerabilities – 2 Business days
High risk vulnerabilities – 5 Business days
Medium risk vulnerabilities – 15 Business days
Low risk vulnerabilities – 30 Business days - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
We use Datadog for all security alerting.
Datadog monitors events such as component issues, to service issues to security issues, for example, a server fails to start as a component issue, failure to connect to NHS Login service as a service issue and excessive connection attempts by one address made in quick succession.
All of these alerts are available in the console and via Slack alerts - Incident management type
- Supplier-defined controls
- Incident management approach
-
An Incident Management policy is in place.
Incidents are investigated and resolved. This could lead to a change request.
Service impacting issues are reported on our status page. https://status.econsult.net
Major incidents are reported to the NHS England helpdesk and a full incident report is generated.
Clinical incidents are reported via the website and our Clinical Governance team investigate each one thoroughly. Responding back promptly and offering a full explanation of our findings at the end of the investigation.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Health and Social Care Network (HSCN)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
Fighting climate change
eConsult Health is committed to achieving Net Zero emissions by 2050 for emissions scopes 1, 2 and 3. This commitment was made on 10 November 2023 by the Executive Team with support from the Board. This statement is publically available on the eConsult website. Emissions Scope 1 is not relevant, we do not operate company fleet vehicles. Emissions Scope 2 - eConsult Health is committed to contributing to effective stewardship of the environment. We conduct all aspects of our activities in accordance with approved, sustainable and acceptable environmental practices, and operate within current environmental legislation. Our Environmental and Sustainability Policy is reviewed by all staff during onboarding and annually, aiming to: comply with current environmental legislation, consider and assess best practice; taking action where necessary to continuously improve environmental practice, emphasise to all employees at all levels their responsibility to environmental wellbeing; providing training where applicable, audit our environmental and sustainability performance, train and educate staff on behaviours that they can exhibit to reduce waste and use resources more efficiently e.g. run a paper free office and maximise the productivity of remote meetings to reduce requirement on daily commuting. Emissions Scope 3 - we offer volunteering opportunities for all staff through our Volunteering Leave Policy, with two paid days per year for employees to undertake activities that can encourage direct positive impact. The eConsult Health business travel policy ensures that only travel that is absolutely necessary is undertaken. Employee commuting has significantly decreased post COVID 19 pandemic, where an approximate average of 10 people attend the London office per working day. We support a reduction of emissions through enabling staff to work from home. We offer an employee benefit, “Bike2Work Scheme”, enabling staff that live within an appropriate distance to purchase a bike for commuting.Covid-19 recovery
eConsult Health recognises the employment, skills and other return to work issues in the healthcare and technology sectors following COVID 19. There have been growth opportunities in health technology, e.g. the mandation of online consultation in 2020 to GP practices and a move towards digital triage in urgent & emergency care. We have a direct positive impact on COVID 19 recovery, with remote digital consultations enabling contact free assessments and protecting the most vulnerable. eConsult has a rigorous and fair approach to recruitment. We implement gold standard recruitment practices and offer competitive employment conditions, e.g. enhanced benefits package, enhanced parental leave, sickness cover and annual leave. This ensures that we remain competitive in the marketplace and attract good candidates from all backgrounds. We take measures to ensure equality and accessibility to employment and will continue to do so for the duration of the contract. We actively encourage more women to apply to job roles through the use of “gender decoder” software to review all job descriptions and remove masculine bias. We focus on employing the best suited person for the role, maximising success with onboarding and minimising staff turnover. Within eConsult, during COVID 19 we initiated full remote working in March 2020 (having been a company where everyone worked in the office five days a week). Over the subsequent two years, we moved to a more flexible working model, and now the team work in the office 2-3 days a week. This has a direct beneficial impact on our staff, particularly those with families. We conduct desk assessments for every member of staff in the office and ensure that they have the appropriate equipment and conditions to work safely at home.
Pricing
- Price
- £0.29 to £0.35 a licence
- Discount for educational organisations
- No
- Free trial available
- No