TEERCO UK LIMITED

Patienteer

Patienteer coordinates care, to make patients journey simpler, safer & synchronised.

Founded on the principle that every patient’s care within a health service should be managed as simply and effectively as possible, Patienteer links information from multiple services to coordinate care delivery and provide accessibility and transparency to care delivery.

Features

• Visualisations for at-a-glance understanding of patient journey
• Real-time integration with clinical applications
• Real-time reporting of patient journey
• Healthcare focused task management features
• Triage and referral management features
• Configurable patient identification algorithms

Benefits

• Coordinate care across healthcare providers
• Understand the root cause of delays at-a-glance and prioritise actions
• Automatically create and send documents to clinical systems
• Manage patient care delivery across providers without a phone call
• Track and evaluate service outcomes
• Identify/refer at risk patients early in a care journey

£26,000 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at craig.burke@patienteer.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

322392681370528

Contact

Craig Burke
07954703633
craig.burke@patienteer.co

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No service constraints
• System requirements:
  • Access to internet
  • Supported Browser (Chrome, Safari, Edge, Firefox)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our Standard Support Model Response Times are:; Monday to Friday 24hrs: Response within 60 minutes.; Weekends: Response within 120 minutes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Three levels of support are provided within our software as a service cost. There is no extra cost for support. We have a standard support model which includes 24hr support, ticketing system and week-day phone service. Each customer has an assigned technical account manager who actively reviews and engages with customers.; ; Tier 0 - Self-Help / User Retrieved Information: Users access information and training via our in-application tutorials or support page. The support page includes How-To documentation and blogs.; ; Tier 1 - Basic help desk resolution, service desk delivery and In-depth technical support: Basic customer issues such as solving usage problems and fulfilling service desk requests that need IT involvement.; ; Tier 2 - Expert Product Support: Technical resources available for problem resolution or new feature creation. Skilled personnel duplicate problems and define root causes, using product designs, code, or specifications. Cloud engineers are actively engaged at this level of support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: To maximise benefit of the service, Patienteer provides support in four key areas:; ; 1. Delivery of an agreed training plan. An Account Manager works with individual customers to develop a training plan specific to their healthcare organisation. This includes on-site delivery of training (or virtual if required), and on-line discussion sessions. The training plan is approved by a project implementation body (e.g. steering group).; ; 2. A representative on required project governance committees; ; 3. Online user documentation and videos accessible from within the application.; ; 4. In-application tutorials explaining the key features and flow of each interface, accessible at any point by any user.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: As part of the offboarding process a customer representative is verified as the data custodian of the data. The representative determines whether an API or sFTP service is used for data extraction.; ; If using sFTP, our customer support team provides keys and validates the customer server sFTP details. Customers confirms connection using a test file before full extract is delivered.; ; If using the API service, customer authentication details are added allowing the customer to extract data in JSON format.
• End-of-contract process: At the end of the contract data can be migrated to customer operated servers at no extra cost.; ; If customer requires data to be stored Patienteer uses consumption based pricing.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Functionality is the same between mobile and desktop. Differences relate to a landscape (desktop) vs portrait (mobile) view orientation.; Visual Level Layouts: desktop version holds more information in a view and layout is designed in horizontal dimensions. Mobile view requires vertical scrolling for same information. Desktop view uses horizontal navigation while mobile view uses vertical navigation.; ; Desktop view enables pop-ups to complete actions whilst in mobile design the interface jumps (or moves) to a new screen to complete an action.; ; Desktop enables filters to be exposed in a single view (larger screen size). In mobile view scrolling function is used.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service interface provides visualisations enabling users to undertake task management within any healthcare setting. This includes the ability to understand delays at a glance, prioritise and manage tasks, update action notes related to service delivery and create new tasks or workflows. Visualisations include patient task summary views, graphical displays of sequenced tasks and list views with filters.; ; The functions, information and layout of each interface is tailored to the specific role a user is performing.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We undertake in-house testing supported by online accessibility developer tools to align with standards. This is supported by peer review of outcomes which is overseen by a director level executive. We are committed to continually improving accessibility and is a review gateway within our software development lifecycle.
• API: Yes
• What users can and can't do using the API: APIs are used to connect to existing customer solutions and databases to automate information exchange required for decision making and to manage user authentication. To add or change the configurations of an API the customer will raise a support ticket. A dedicated account manager will then support the process which includes a review against security and GDPR requirements and updating of all customer specific documentation. This activity is part of the standard support model with no extra charge.; ; The APIs:; 1. Enable you to authenticate and authorize users from directories that are capable of presenting SAML tokens or using the OAuth 2.0 protocol.; ; 2. Enable you to integrate data from clinical systems using FHIR or HL7.; ; 3. Enable you to extract data at end of contract in JSON format.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Within each interface, the information displayed in lists or cards can be customised to the job role or current operating environments, as can the displayed filters. Users with an administrator job role can customise views directly within each interface for their organisation.; ; Individual users configure list views to display specific information.; ; Tasks and workflows (sequencing of tasks) can be customised to match the customer processes. Tags and task parameters including expected durations, default owners and task interdependencies can also be customised to user requirements. This is managed via service desk requests.; ; Logo's, icons, labels on buttons, column headers, list names can all be tailored to a Customer's requirements via a service desk request.; ; Business logic within functions can be updated to specific customer requirements via a service desk request.

Scaling

• Independence of resources: Our web applications are built on Microsoft Azure with autoscaling and elastic behaviour providing a consistent performance. This is support by a rule based engine that defines the acceptable performance for each customer and is documented in the Service Level Agreement (SLA). When those defined thresholds are met, autoscale rules take action to adjust the capacity of your scale set. Additionally, scheduled events automatically increase capacity at known times of high demand. Again, this is documented in the SLA with each customer.

Analytics

• Service usage metrics: Yes
• Metrics types: 1. Total number of patients actively using the application segmented by role type.; 2. Dashboards and analytical reports showing workflow utilisation including how well source data systems are utilised.; 3. Dashboard of service status and uptime of application; 4. Bespoke reports as requested by customers
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be exported by authorised users using features within the application.; ; Where set-up data can be sent directly to other systems using APIs.; ; Where a full database export is required, authorised users can request this via a service desk request. Standard controls including verification of requester / requestor, security of transfer and logging of requests are completed in addition to any specific customer process.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • EXCEL
  • PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our standard service level agreement provides at least 99.5% uptime. This excludes Force Majeure or Maintenance Events.; ; No standarised refund scheme is currently in place.
• Approach to resilience: Available on request
• Outage reporting: The following outage reporting methods are employed:; 1. Customer specific Service Status Dashboard; 2. Email alerts to nominated Customer Contacts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Role-Based Access Controls (RBAC) are used to determine which interfaces and support channels each user can access. With RBAC, each user has the permissions that are attached to any role that is assigned to that user. There are five core roles which users can be given covering read-only access, performing activities and administering the solution.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Board level Directors are responsible for delivering an integrated governance and risk management approach across the business. A Board Director has ownership and accountability for ensuring compliance, providing assurance, and maintaining a continuous feedback loop that cascades throughout the organisation. In an iterative and continuous process risks are assessed, raised to executives, and aligned to strategic direction. Mitigating activities are prioritised, developed and and implemented then reviewed against risk outcomes. Compliance to an ongoing feedback loop is the core principle underpinning our approach.; ; The SDLC includes security review gateways imbedded within our risk management processes.
• Information security policies and processes: All our information security policies and processes conform with requirements of GDPR, Cyber Essentials, Digital Technology Assessment Criteria (DTAC), Data Security and Protection Toolkit (DSPT), National Data Guardian’s 10 data security standards, and NSW Health Privacy, Security and Assurance Framework. Our information security management system aligns with ISO/IEC 27001 standard, of which we are currently working towards formal certification.; ; All policies and processes are integrated within our business support service with defined workflows ensuring all controls and verification steps are adhered to across all information assets. The same service includes scheduled audits and review tasks to ensure best practice is maintained. The assigned director must review and confirm all activities have been completed in line with policies. A register of activity is maintained and presented to the company board quarterly.; ; Our information security management system is imbedded within our risk management framework. Directors have ownership and accountability for ensuring compliance, providing assurance, and maintaining a continuous feedback loop that cascades throughout the organisation. In an iterative and continuous process risks are assessed, raised to executives, and aligned to strategic direction. Policies, standards, and processes are developed and implemented then reviewed against risk outcomes.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our software development lifecycle (SDLC) is mature and follows industry standard agile methodology. Continuous Integration and Test automation is in place to ensure repeatable, reliability and robust deployment. Segregation of duty is employed across all SDLC decision gateways and review points.; ; Quality assurance, technical and security gateways are fully integrated within our overall organisational risk and quality frameworks with director level oversight and board level reporting.; ; All changes are supported by test plans covering both pre and post release and are available to customers as requested.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability assessments are embedded into our SDLC, overseen by the CTO and carried out by Senior development team. Information is sourced using subscription to vulnerability scanning tools, on-going review of security documentation and regular training. Additionally, results from scheduled audits via our information security management system are fed directly into our vulnerability management process.; ; Any identified vulnerabilities are managed through the organisational risk management framework with director level oversight and board level reporting.; ; Patches can be released in-live, on an ad-hoc basis or as part of our monthly release schedule.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We employ a comprehensive logging and event monitoring system to identify potential compromises. This is supported by an on-host security and scanning system. Automated alerts to engineers and security teams trigger defined processes and protocols for the investigation and resolution of any potential comprise. Our processes cover assessment, resolution, customer notification, government body notification, review and mitigation.; ; Any potential compromise is treated as critical with an initial response time of 15 minutes.
• Incident management type: Supplier-defined controls
• Incident management approach: Patienteer utilises an integrated service desk supported by automated monitoring and event management.; ; Customer may report incidents via email, in-application support request or via a phone call.; ; We have defined processes aligned to the ITIL standard for the reporting, triaging, diagnosing, prioritising and resolving of any incident. Process flows and documentation for common events is incorporated into our support management system.; ; All incidents are documented and integrated into our quality and risk frameworks in a continuous feedback loop. Incidents are reported via email to designated customer contacts and are documented in our service management dashboard.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Covid-19 recovery

  Patienteer supports management of patients in the community by aligning service delivery around the patient and providing automated oversight of care delivery on a task basis. This approach is used in proactive anticipatory care models to free up hospital beds by reducing avoidable admissions, improving hospital capacity for management of COVID-19 related elective backlogs.; ; Within hospitals Patienteer is able to identify COVID-19 patients in the hospital and via the task management solution, manage inter-ward transfers to mitigate the risk of cross infection as well as actively monitor and prioritise care delivery as patient conditions change. In recognition of this service Patienteer is a prior HTN Health Tech Awards winner.

  Tackling economic inequality

  Patienteer is a micro- business with a highly innovative approach to managing healthcare delivery. We have a commitment to invest in increasing the number of UK staff in line with our customer base. Our approach is to form collaborative engagements with our customers and provide opportunities for staff to build their skillsets through engagement with healthcare practitioners.

  Equal opportunity

  We have a commitment to providing equal opportunities and we have policies and processes integrated through our business ensuring access to all business facilities at every stage of employment, including the pre-employment phase. This includes an equal chance to apply and be selected for posts and an equal chance to be trained and promoted while employed with our business.

  Wellbeing

  Effective adoption of technology within healthcare settings is critical to improving patient outcomes. Our implementation approach is create a culture of inclusiveness an ensure governance that enables co-design for all configurable items. The aim is to create ownership in the programme of work and foster strong relationships built on trust.; ; We follow a customer-focused innovation approach when designing new functionality. Focus is given to understanding priorities of our customers and co-design features through continuous feedback loops across our software development lifecycle. The aim is to create a culture of innovation aimed at maximising patient outcomes.

Pricing

• Price: £26,000 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at craig.burke@patienteer.co. Tell them what format you need. It will help if you say what assistive technology you use.