Insight

Insight - Novari ATC

Used by hospitals and across health regions to increase elective surgery throughput by improved OR utilization, enhanced surgical wait list management, and eBooking of cases from the surgeon offices to hospital’s booking offices. Complements and integrates with each hospitals’ surgical information system in real time (Oracle Cerner, Meditech, Picis, etc.).

Features

• Wait List Management - Wait lists for individual surgeons/group
• Improved OR Utilization - Block utilization is calculated and displayed
• Surgical eBooking - manage incoming bookings and volume of wait
• Integrated eBookings - electronically receives booking requests from surgeon offices
• Scalability and Flexibility - deployable at a single hospital/surgical sites

Benefits

• Improved Communication and Coordination - New requests, changes, and cancellations
• Shorter Wait Times - place patients on single list

£68,955 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pstenderteam@insight.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

306690029968423

Contact

Public Sector Tender Team
0344 846 3333
pstenderteam@insight.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Bi-weekly software releases for software upgrades and patches. Transparent to end-user
• System requirements: Running on recent chromium based browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 30-60 minutes during regular business hours Monday to Friday. No weekend coverage. We have incident monitoring in place for key services.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Novari Health offers a structured support framework encompassing various tiers:; Tier 1: Novari Client Administrators deliver Tier 1 support directly to end-users of Novari solutions. They address basic troubleshooting and resolve issues related to desktop, browser, configuration, and networking. This includes tasks such as table maintenance, user access management, and data correction.; Tier 2: Novari Health provides Tier 2 support for advanced troubleshooting and issue resolution. Accessible exclusively by Novari Client Administrators, Tier 2 support involves capturing reported issues and providing tailored troubleshooting steps based on the information provided.; Tier 3: Handled by the Novari professional services team, Tier 3 support focuses on addressing configuration-related issues and optimizing system performance.; Tier 4: Managed by the Novari product engineering team, Tier 4 support addresses complex issues, often related to product functionalities or software bugs. This team leverages their expertise to resolve intricate technical challenges.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We run an implementation project to configure client's system. UAT and role based training is part of the implementation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: Novari extracts the data. Client does not directly access data once interface is gone.
• End-of-contract process: Extensions are available.; Otherwise Novari will return and/or destroy data per client's wish.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Browser based interface.
• Accessibility standards: None or don’t know
• Description of accessibility: Browser based interface can leverage the accessibility functions related to the browser being used.
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Users cannot access the API's ; API's are designed for interoperability using ADT, HL7, or FHIR.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: User Interface and metadata can be adapted to meet clients workflow needs.; Customization during implementation or via change requests post-implementation by Novari implementation services.; Users with elevated privileges can make customizations.; Users can also set profile default settings within predefined options.

Scaling

• Independence of resources: Clients are running on their own instance. The instance can be scaled up or down based on demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Volume and status of referrals
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Novari Health

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Client requests data, we provide formatted to their choice.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Bacpac or as requested by client
• Data import formats: Other
• Other data import formats:
  • Manual upload of case records
  • Import of data through integrated patient data system

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.99% in alignment with Microsoft Azure availability. There is no default refund for failure to meet SLA.
• Approach to resilience: We build and host our services on Microsoft Azure. The resilience of their data centres is the foundation for our products. This includes data replication in secondary geolocation site. Any additional information would be available on request.
• Outage reporting: Email alerts to clients.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Role based access control
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Canada
• ISO/IEC 27001 accreditation date: 25/03/2020
• What the ISO/IEC 27001 doesn’t cover: N/A All standards and Annex A items apply
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: "Novari Health has an Information Security Management System (ISMS) certified to ISO27001 which is governed by our senior executive team via our ISMS Governance Committee (IGC); which includes our Chief Information Security Officer (CISO) & Chief Technical Officer (CTO), Data Protection Officer (DPO), Chief Executive Office (CEO) and Chairman of the Board, President and others. The IGC meets on a quarterly basis and reports directly to the organisation's Board of Directors. Our information security policies are focused on protecting the confidentiality, integrity and availability (CIA) of the data we own and process. Policies and processes have been created to support our risk-based framework, of which governance, risk management, incident management, business continuity and disaster recovery are core elements. Our policies and procedures fall within the following categories:; - Information Security Policy;; - Human Resources (vetting, employment contracts, discipline, employment termination, annual Information Security Staff Awareness training etc);; - Asset Management (including information and physical asset registers);; - Access Control;; - Change Management;; - Cryptography controls;; - Physical Security;; - Operations Security;; - Communications Security;; - Development and Testing Standard Operating Procedures (SOPs);; - Supplier Management;; - Incident Management;; - Business Continuity and Disaster Recovery;; - Compliance."

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All aspect of configuration and change management are managed under our ISO 27001 guidelines, processes and principles. Novari uses various system to track and manage all config and change programme and follows industry best practices and guidelines at all times.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: All aspect of vulnerability management are managed under our ISO 27001 guidelines, processes and principles. Novari uses various system to track and manage all potential threats and can mobilise quickly to address threats and apply patches. Novari follows industry best practices and guidelines at all times and work with industry leading partners to keep ahead of all information relevant to threat management.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Azure sentinel linked to Better Stack
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management process is documented and adheres to ISO27001;2013. Incidents are reported via a range of sources e.g. customer, SIEM, internal reporting, and are investigated, contained and managed by our Incident Response Team, major incidents can be escalated to the ISMS Governance Committee (IGC) and all incidents are reviewed on a quarterly basis and reported on at the IGC meetings.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Reducing wait times for services through better resource allocation and prioritization resulting less use of paper and re-processing of information.

  Covid-19 recovery

  Reducing wait times for services through better resource allocation and prioritization resulting in increased operational efficiency and expiditing backlogs.

  Tackling economic inequality

  Reducing wait times for services through better resource allocation and prioritization resulting in transparent access and monitoring for all patients.

  Equal opportunity

  Centralized management of resources improves accessiblity to services and resources across the healthcare domain.

  Wellbeing

  Reducing wait times for services through better resource allocation and prioritization resulting in improved outcomes for patients.

Pricing

• Price: £68,955 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pstenderteam@insight.com. Tell them what format you need. It will help if you say what assistive technology you use.