GroupNos Technologies t/a OpenFIT.care

OpenFIT.care

OpenFIT is an eHealth platform for collecting Outcome Measurement data in Health and Social Care services pre, post and during treatment. Designed for both in-person and telehealth settings, it supports quality and reimbursement initiatives that rely on increased patient and provider engagement.

Features

• Capture outcome and engagement feedback before, during and after treatment
• Deploy in person or via email, SMS, QR, or portal
• Automation of survey sending and reminders to complete
• Reports, dashboards and advanced analytics using inbuilt reports and EDW
• Enterprise Data Warehouse (EDW) for advanced and self serve reporting
• Highest level of security, data governance and privacy protections
• Multi-lingual
• Integration with existing Case Management, EHR, eHealth and HIE systems
• Single Sign On support including SAML
• Utilises AI to predict treatment success in real-time

Benefits

• Cost effective enterprise level outcome measurement feedback system
• Obtain valuable feedback on the effectiveness of programs
• Improve service capacity and efficiency with access to realtime feedback
• Increase citizen and provider engagement
• Track record supporting culture of feedback and related incentive programme

£80 to £170 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@openfit.care. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

330292090338093

Contact

Enda Madden
+353868269647
info@openfit.care

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Case Management Software; Electronic Health Record; Telecare and Telehealth platforms ; Telemonitoring adding a Patient and/or Caregiver feedback component
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: We find the most successful implementations of OpenFIT are where the technology is supported by a suitable implementation of a culture of Feedback in organisations . ; ; We can support this directly through our own clinical and change management expertise or tailor OpenFIT to align with your organisations particular programme and initiatives.
• System requirements: Access to suitable electronic devices for sharing surveys

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: OpenFIT has similar Service Level Agreement to many enterprise software tools. B; ; Severity 1 – Critical/Emergency (Serious); 7 days per week; Response: 30 minutes; Resolution: 4 hours; ; Severity 2 – Major (Inconvenient); Response: 60 minutes; Resolution: 8 hours; ; Severity 3 – Minor; Response: 1 working day; Resolution: 30 days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We've done accessibility testing with some Municipalities in Norway. WCAG 2.0 standard is a strong requirement for public organizations in Norway since 2022.
• Onsite support: Yes, at extra cost
• Support levels: We provide a Technical Account Manager and general Account Manager. Check in calls can be scheduled monthly or quarterly depending on the appropriate setup. This is in conjunction to our standard support terms.; ; Stage of OpenFIT Setup, Implementation, Training and Support; Stage 1: Exploration and Agreement; Stage 2: Installation and Initial Setup; Stage 3: Initial Implementation ; Stage 4: Implementation and Training; Stage 5: Support, Sustainability and Development
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The OpenFIT Onboarding and Implementation Program is a 5 step program specifically designed to help agencies implement OpenFIT and support their FIT implementation. It's generally a combination of onsite training, online training, or user documentation. It covers the areas of initial setup, implementation, support and training. It is based on a program developed by our colleagues in the International Center for Clincial Excellence (ICCExcellence.com). ; ; It includes live online trainings and consultations with our expert team as well as access to the videos and ; user guides you need to implement OpenFIT and specific tools to support your FIT implementation.; Stage of OpenFIT Setup, Implementation and Training; Stage 1: Exploration and Agreement; Stage 2: Installation and Initial Setup; Stage 3: Initial Implementation ; Stage 4: Implementation and Training; Stage 5: Support, Sustainability and Development; ; OpenFIT has a number of user roles with different levels of access such as Administrator, Clinical Supervisor, Receptionist/Intake specialist and Clinician. Therefore it's important to identify these roles early on.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: Material for internal intranets and portals
• End-of-contract data extraction: Can be exported directly from the application in flat file format by an Administer; ; Data synch from our EDW if enabled. The EDW does not contain identifying information as one of it's target user groups are executives building report and dashboards on aggregate data.; ; A data extraction script which we can run and place the data in a suitable location for format for downloading.
• End-of-contract process: Support for data extraction; Deletion of data and meta data after agreed designated period; ; Additional support would be required for technical consulting or use of the Web API for mass data synching to another system.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: For the Web Application users will view a responsive design version of the UI that adjusts to the device screen size. ; ; There is also an App version for iOS and Android that can be installed on a device which provides a device native UI with the additional ability to leverage mobile/tablet device features such as face/fingerprint recognition.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Supports integration with existing Case Management, EHR, eHealth and HIE systems; ; Options include RESTFUL Web API, batch files, and HL7/FHIR
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: With a user group in Norway and Sweden for the Web and Mobile App.
• API: Yes
• What users can and can't do using the API: - After an initial scoping exercise it would be determined what are the appropriate APIs of most use. Typical examples would include; ; - Synch citizen and case data from Case Management/EHR to OpenFIT; - Enable Single Sign on between OpenFIT and designated system (software or active directory); ; Users can make changes through the API according to how they prefer to operate with 3rd party software companies they already work with; e.g. Real-time API calls from their software triggered by specific events; Scheduled API calls to synch data managed by scripts such as PowerShell; We support traditional flat file data processing too; ; We generally provided full API access after an initial scoping discussion; API calls are throttled based on over-usage; We provide a sandbox environment to test API calls before access to live environment
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Adding additional outcome measurement surveys; - If validated survey then subject to licensing/copyright review; - If custom survey to your organisation then it's scoped. For standard questionnaires we can add as part of the SLA. If more complex survey then there may a customisation fee associated.; ; OpenFIT Administrators can carry out some customsation. ; Otherwise it's the OpenFIT technical team.

Scaling

• Independence of resources: To ensure users aren't impacted by demand fluctuations, we leverage Azure's auto-scaling capabilities, dynamically adjusting resources based on workload. This ensures consistent performance even during peak usage. Additionally, our multi-tenant architecture enhances scalability by efficiently sharing resources among multiple users while maintaining isolation and security. Organizations also have the flexibility to deploy OpenFIT in their own environment natively, whether through Azure App Service or containerization. This allows for seamless integration with existing infrastructure and ensures optimal performance tailored to specific organizational needs.

Analytics

• Service usage metrics: Yes
• Metrics types: User Response Time: Measures OpenFIT's request processing duration and network latency, aiding in performance optimization.; ; Request Rate: Indicates OpenFIT's workload for capacity planning and scaling.; ; Error Rate: Tracks the percentage of failed requests, crucial for reliability.; ; Availability: Measures OpenFIT's operational uptime versus downtime, ensuring SLA compliance.; ; Dependency Performance: Monitors external services' impact on OpenFIT's performance for optimal user experience.; ; These can be viewed standalone or supplied as data into your own SEIM or equivalent system.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Flat file within the OpenFIT UI when logged in as an administrator; Flat file within the OpenFIT UI from a report drill-through; Using the OpenFIT Web API; Running SQL script on the OpenFIT EDW or as a data source to internal EDW, Data Lake, etc.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • JSON
  • XML
  • XLSX
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Real-time encryption and decryption of the OpenFIT database, associated backups, and transaction log files. Transparent Data Encryption is enabled on all used databases (https://docs.microsoft.com/en-us/azure/sql-database/transparent-data-encryption-azure-sq); PBKDF2 is used to hash any plain text data considered sensitive.

Availability and resilience

• Guaranteed availability: Supplier shall ensure that the Application and/or Service will be fault-free up to 99.95% and that the Service is continuously available and will do its reasonable commercial efforts to correct reported faults and make the Service available as soon as it reasonably can. Availability refers to the time that Customer is guaranteed that Supplier is able to service the Platform. Supplier will provide 99.95% availability on a monthly basis (“Availability KPI”).; ; We have some bespoke contract arrangements with penalty clauses for downtime outside agreed parameters. This is usually done as an addendum to our standard contract.
• Approach to resilience: Available on request.
• Outage reporting: Public dashboard and email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Our App supports Fingerprint and Face Recognition.
• Access restrictions in management interfaces and support channels: OpenFIT restricts access to management interfaces and support channels using access controls and auditing mechanisms:; ; Role-Based Access Control (RBAC): Access to sensitive management interfaces is restricted based on roles. Only authorized personnel are granted access to interact with critical systems.; ; Secure Support Channels: OpenFIT utilizes a dedicated support portal for handling support tickets. This portal requires authentication and logs all activities for auditing purposes, ensuring traceability and accountability.; ; Regular Audits: Access rights and activities within the support portal and management interfaces are regularly audited to ensure compliance with OpenFIT's strict security policies and to prevent unauthorized access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 30/01/2024
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: CSA Star does not cover eHealth specific areas such as specific data protection standards for health data. Software development standards are more comprehensively covered in IEC62304.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: CFC Lloyds Cyber Insurance Evaluation

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: For data security governance standards we follow internal processes documented internally. We have a shareable version of this document called data security overview and FAQs. This is a precursor to full ISO27001 certification.; ; IEC62304 and OWASP for software development processes
• Information security policies and processes: Our information security policies and processes are designed to ensure the utmost protection of data and compliance with applicable regulations such as GDPR. Our framework is grounded in ISO/IEC 27001 and ISO/IEC 27005 for risk management.; ; Reporting Structure:; The CEO oversees the entire information security strategy.; Reporting directly are the Chief Technology Officer (CTO) and the Data Privacy Officer (DPO). The CTO is responsible for the technical implementation of security measures, managing the IT team, and maintaining our security infrastructure. The DPO ensures our processes comply with data protection laws and handles data-related inquiries and complaints.; ; Policy Adherence and Enforcement:; Our policies are documented in the a Data Security Policy document, which outlines standards, processes, and procedures.; ; Regular training and awareness programs are mandatory for all employees, ensuring they understand and can implement our security policies effectively.; ; We conduct periodic audits, both internally and with the help of external consultants, to ensure compliance and policy effectiveness.; ; Any deviations from our policies are addressed promptly, with corrective measures and potential disciplinary actions for non-compliance.; These measures guarantee that our information security practices are not only theoretically robust but are effectively applied across the organization.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Tracking Components:; Throughout their lifecycle, service components are managed within Azure DevOps, which facilitates the creation of work items, including bugs and user stories. This centralized system allows for continuous monitoring and documentation from development to deployment.; ; Assessing Changes:; Changes are rigorously assessed for potential security impacts. The assessment process involves a review in a controlled staging environment, complemented by peer reviews and security scans to identify vulnerabilities.; ; Using Azure DevOps manages testing and automates the build and release process. This ensures that only thoroughly tested and approved changes are deployed, maintaining the security and integrity of the services.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Assessing Threats:; Potential threats are assessed through continuous monitoring using Azure Security Center, complemented by regular vulnerability scans and penetration testing.; ; Deploying Patches:; Patches are prioritized based on threat severity and deployed swiftly; critical patches are deployed within 24 hours of identification.; ; Sources of Information:; Information about potential threats is sourced from a combination of the Microsoft Security Response Center, industry-standard security advisories, and real-time alerts from Azure Security Center. We work with an ethnical hacker who performs pen testing and proactively informs us of trends in OPSEC and SECOPS.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our protective monitoring approach is designed to swiftly identify and respond to potential compromises.; ; Identification of Compromises:; We use Microsoft Azure's built-in monitoring tools to detect unusual activity and potential security breaches. Alerts generated by these tools are analyzed to identify genuine threats.; ; Response to Potential Compromises:; ; Upon detecting a potential compromise, our incident response team is immediately notified. The team assesses the threat and, if verified, executes predefined response protocols to contain and mitigate the impact.; ; Response Time:; We are committed to responding to incidents within one hour of detection, ensuring rapid containment and resolution.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident Detection and Analysis: Utilizing advanced monitoring tools provided by Azure, we detect and analyze incidents to understand their scope and impact.; ; Incident Reporting: Incidents are documented and reported as per guidelines that conform to the government’s requirements. This includes immediate notification to stakeholders and relevant authorities when necessary.; ; Incident Response: We have a predefined incident response plan that includes steps for containment, eradication, and recovery. This plan is regularly tested and updated to ensure effectiveness.; ; Post-Incident Review: After an incident, a thorough review is conducted to identify and implement improvements in our security posture and incident response capabilities.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks:
  • Kanta Services Finland
  • Swedish National Health Network (SweNHN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  OpenFIT contributes to combating climate change by optimizing the utilization of health and social services, thereby reducing unnecessary face-to-face appointments and travel which directly decreases carbon emissions. The application supports a more efficient allocation of resources by identifying when lower-level or remote interventions (e.g., online or phone-based) are appropriate. By moving from frequent to more spaced-out sessions where feasible, OpenFIT ensures that treatments are delivered not just effectively but also in an environmentally conscious manner. This shift helps in significantly reducing the carbon footprint associated with the delivery of health services, aligning with broader environmental sustainability goals.

  Covid-19 recovery

  The Covid-19 pandemic has left many grappling with complex health issues, notably long Covid symptoms affecting both mental and physical health. OpenFIT's use of PROMs and PREMs significantly enhances recovery strategies by enabling healthcare providers to evaluate the effectiveness of current interventions and adapt them in real time. This responsiveness is crucial for addressing the evolving needs of post-Covid patients. Moreover, our research indicates that AI-driven analysis of patient experiences can predict health deteriorations earlier than traditional telemonitoring devices, which often only alert when a patient requires urgent medical intervention or hospitalization. This predictive capability supports proactive healthcare delivery, potentially reducing emergency incidents and guiding public health strategies.

  Tackling economic inequality

  OpenFIT is instrumental in facilitating integrated care settings, where health and social services collaborate to provide comprehensive, wraparound-type support to individuals. This approach ensures that resources are used efficiently and effectively, supporting multidisciplinary teams in delivering personalized care. By leveraging OpenFIT to gather and analyze feedback and outcomes, providers can tailor their interventions to meet the specific needs of underserved populations, thereby addressing economic inequalities in health access and outcomes. This model supports a more equitable healthcare system by ensuring that all individuals, regardless of their economic status, receive the care they need in a coordinated and supportive environment.

  Equal opportunity

  OpenFIT enhances equal opportunities in healthcare by empowering lay care guides and para-professionals with tools to gather and utilize patient experience data effectively. Our involvement in translational research with Trinity College Dublin and University of Chicago; showcased how these non-medical staff, taking over roles traditionally filled by nurses, can significantly impact patient care by using OpenFIT to capture detailed feedback from post-discharge interactions or high-risk patient assessments. Elevating the role of these professionals not only optimizes resource allocation but also ensures that patients receive continuous, personalized care, promoting equity in health service provision.

  Wellbeing

  As the UK Government moves towards integrating health and social care data through initiatives like the Federated Data Platform, OpenFIT's capability to capture comprehensive feedback and patient experience data positions it as a potential key player in this new ecosystem. By providing a system of record for patient-reported data, OpenFIT could offer invaluable insights for both health and social care sectors, enhancing data-driven decision-making and improving patient outcomes across the board. This integration supports not only individual wellbeing but also broader public health objectives by ensuring that interventions are aligned with real-world patient experiences and needs.

Pricing

• Price: £80 to £170 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full access to our Web Application and iOS/Anrdoid App; ; Discussion with the internal implementation team; we review status implementing Feedback project.; ; The following can be enabled subject to discussion and scoping:; Data Warehouse and Power BI reports; Sandbox server for testing data integration ; Sandbox server for testing SAML integration

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@openfit.care. Tell them what format you need. It will help if you say what assistive technology you use.