HENRY SCHEIN ONE UK LIMITED

Dentally

Fully cloud hosted Dental Practice Management platform for multiple clinical locations in a single patient database. We provide a comprehensive suite of software and UK based support services.

Features

• Comprehensive real time reporting suite
• Browser based remote access
• Online patient forms (e.g Medical History)
• Online patient appointment booking
• Open API for extended reporting & interoperability
• Full dental clinical recording
• Automated recall management
• Configurable role based user access
• Full NHS features & claiming capabilities

Benefits

• Automated features reduce administrative workload
• Reduction in paper usage through use of e-forms
• Increase in patient mobility through centralised database
• Reduction in local infrastructure costs
• Centralised administration & configuration

£185 to £390 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.edwards@henryscheinone.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

293077111384253

Contact

Paul Edwards
07968537916
paul.edwards@henryscheinone.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: NA
• System requirements:
  • Windows 10 or macOS 3.15
  • Intel Core i3 or equivalent
  • 8GB RAM
  • High Speed Broadband (min 1MBPS per machine)
  • Google Chrome or Microsoft Edge Browser (Chrome preferred)
  • Monitor resolution 1920x1024 21
  • IOS 13 or higher for iPad App

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Initial response - 5 minutes
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Delivered using Intercom platform (https://www.intercom.com/)
• Onsite support: No
• Support levels: Software Support included in subscription costs
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full engagement is undertaken to understand how the Service operates on daily basis in order to map workflows into Dentally and localise the solution. A training plan is then drawn up for the Users, and a 'Train the Trainer' model implemented to establish local champions that will deliver this plan and provide initial support when going live. This is supplemented by virtual trainer support when going live, access to an online library of support articles, videos and access to support agents via email or chat.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Our Development Team will enable an export of the data into a series of CSV Files. Any documents or files uploaded to Dentally will be returned in the original format. Any correspondence generated from within Dentally will be exported as a PDF file
• End-of-contract process: Included:; Enabling the manual extract of data into CSV.; Export of document/correspondence library; Excluded:; Everything else

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: IPad application to manage Reception or Chairside completion of Medical History and Consent Forms
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Accessed via Token Key & OAuth Authentication. Changes are limited to; - Patient Appointment Add/Edit/Delete; -Patient Record Add/Edit/~Delete
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The solution can be fully personalised to suit existing working process and some elements can be enabled or disabled as required as part of the account e.g.; -SMS Messaging; -iPad integration; -Online Booking; -Patient Portal; -Address Lookup; -E-Referral integration; -Cloud Digital Imaging; - Online Payment integration; -Accounting software integration; ; Personalisation can be undertaken by any user with appropriate security permissions within the solution.; ; Bespoke Feature Functionality or other custom development requests are not supported

Scaling

• Independence of resources: We employ cloud infrastructure auto scaling rules to ensure our product has enough capacity to cope with fluctuating demand throughout a 24hr period

Analytics

• Service usage metrics: Yes
• Metrics types: Limited to service uptime stats via https://status.dentally.co/
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: 1. A Reporting Dashboard allows for the export of reports into CSV format; 2. Our Public API permits the extended extraction of data according to published documentation. We do not provide any bespoke query writing for the extraction data via the API.
• Data export formats:
  • CSV
  • Other
• Other data export formats: API gateway for communication with external parties
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Managed conversion from all main Practice Management Systems
  • Ongoing Patient Correspondence - all standard file types
  • Managed conversion based on structured CSV file (format supplied)

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Dentally provides a high level of availability due to our robust infrastructure. We are very transparent with availability and all incidents are reported and detailed on our publicly available status page. We have a target of minimum 99% uptime
• Approach to resilience: Available on request
• Outage reporting: Public Dashboard with an option to subscribe to email alerts https://status.dentally.co

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Microsoft SSO
• Access restrictions in management interfaces and support channels: Users are applied a security group which controls access to these aspects of the solution
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our Information Security program models our approaches after industry standard frameworks and practices. We strive to implement best practices and regularly assess our controls and their effectiveness. We have plans to gain certification of our Information Security practices using industry standard certification bodies. We can provide Information Security documentation to describe the controls we have in place if required
• Information security policies and processes: We have an Information Security Management System (ISMS) that defines and monitors all information security objectives in alignment with ISO 27001. A Chief Information Security Officer (CISO) is responsible for establishing, maintaining, implementing, administering, and interpreting enterprise-wide information security policies, standards, guidelines, and procedures. The CISO leads the Global Office of Cyber Security (OCS) in the implementation of the information security, compliance, and risk management program. An Information Security Executive Steering Committee exists to oversee the overall operations of the Henry Schein global information security program of which Software of Excellence is part. Information Asset (Data) Owners & Data Custodians are appropriately identified and the Office of Cyber Security periodically reviews all information processing, storage, and communication/transmission channels and controls. Information risks are addressed through mitigation, acceptance, avoidance, or transference. Information systems are both physically protected from security threats and also the risks of malicious software attacks and/or hacking. Password & Multi-Factor Authentication controls are used to limit access to network resources

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our product development team follow modern continuous delivery practices via automated pipelines that scan for security and maintainability issues throughout the software lifecycle delivery process. All production changes are tracked against who made the change and when it was made. Full audit trails are available where required.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We leverage a suite of tools to ensure Dentally is continually protected against threats. We employ an application security management platform to protect against emerging threats in production, while leveraging automated tooling into our software delivery pipeline (such as dependabot) to alert us to threats inside our application code. Annual Penetration also are undertaken to ensure continued protection. Within our business we have a centralised Application Security team to proactively monitor the web for security threats. All vulnerability responses are in line with internal SLA agreements. We get advice on strategic threats from the National Cyber Security Centre (NCSC)
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We ensure that our software and its dependencies are up to date eliminating any potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site. We leverage an Application Security Management solution that enables us to protect our application and APIs from malicious attacks. This service proactively monitors for threats and runs playbooks to remediate the issue in real-time and alerts us for further investigation.
• Incident management type: Supplier-defined controls
• Incident management approach: Plan exists for handling general cyber security events. Augmented with GDPR Data Breach protocols for investigating & reporting such events. Users report via an external mailbox for GDPR incidents or escalate through our support lines. Internal incident reports are generated and summaries are shared externally.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Scottish Wide Area Network (SWAN)

Social Value

• Fighting climate change:

  Fighting climate change

  The solution itself is hosted on AWS, which has committed itself to utilise 100% renewable energy sources by 2025, and we actively seek out 3rd party partnerships who adopt similar approaches where possible. Our operational environment is based around a mix of the following scenarios which significantly reduces our working footprint; • 5% of Full time Staff work in a dedicated office environment; • 29% of Staff work exclusively from home (except on specific corporate occasions as required); • 66% of Staff work on a hybrid basis between office attendance & working from home - typically 2-3 days per week in office.; • Office based staff have access to e-car charging points; Our Service Delivery Implementation is carried remotely, including any training (unless otherwise agreed) to further reduce unnecessary environmental impact
• Covid-19 recovery:

  Covid-19 recovery

  We are able to provide a comprehensive toolkit to help users adhere to the latest government guidelines, keep staff safe, instil confidence in their patients and deliver the highest standards of dentistry to those that need it. It includes direct outbound calling from within the solution (via VOIP) allowing for WFH scenarios, contactless reception features incorporating online medical history completion, online appointment booking, self-check-in and payment links to reduce the need for face to face interaction. It also permits direct messaging between users within the application interface further facilitating remote working.
• Tackling economic inequality:

  Tackling economic inequality

  All our staff have access to the Government’s Apprenticeship Levy scheme for learning new skills, and separately the company will sponsor any courses external to this that a member of staff may wish to pursue. There are nationwide employment opportunities within the company that are not restricted to proximity to any office as there is the opportunity to work from home. We also provide a scholarship scheme to enable access to higher education for children who's families would otherwise not be able to afford it.
• Equal opportunity:

  Equal opportunity

  We champion diversity and inclusion in all areas of business. We have an array of in-house teams and services including voluntary and staff-led groups, serving to empower everyone working at Henry Schein One to share insights and grow together. We strongly believe an integrated approach to diversity and inclusion is the best way to cultivate a culture of acceptance, collaboration and excellence. This means that principles of diversity and inclusion are integral in the way we function internally, with the way we interact with clients and customers and the way each individual undertakes their work. We believe every employee is capable of making a difference and everyone's story and perspective, when combined with those of their colleagues, is key to creative energy in the office, the drive behind our various projects and the relationships we have with our customers
• Wellbeing:

  Wellbeing

  All employees have access to a team of 'Mental Health Champions' comprising of trained colleagues to ensure their mental health is not in any way compromised. They also able to utilise a number of online and app resources to assist with both mental & physical health including access to remote GP appointments. An 'Employee Assistance Programme' is available for 24hr confidential advice & help on Financial, Family and Relationship Issues, Housing Concerns, Alcohol, Drug or Gambling Issues, Stress, Anxiety, Bereavement and more; all delivered by experienced therapists and advisors.; We are proud to sponsor encourage participation in many local charities & schemes such as CRY Screening, Food Bank donations, Homeless Charities (specifically The Medway Street Angels) as well as global initiatives such as 'Henry Schein Cares'

Pricing

• Price: £185 to £390 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Basic system evaluation in a sandbox environment, not to be used in a live clinical setting

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.edwards@henryscheinone.com. Tell them what format you need. It will help if you say what assistive technology you use.