Skip to main content

Help us improve the Digital Marketplace - send your feedback

COHESION MEDICAL LTD.

COHESION Digital Respiratory Solution

COHESION Care Wallet enables patients to securely share data with flexibly configured cloud-based Digital Respiratory Services allowing improved care planning, remote monitoring and service feedback to deliver better outcomes and patient experiences. COHESION has a proven track record with the NHS across the UK.

Features

  • Digital solution helps patients manage and own their health record.
  • Configurable cloud-based services platform with integrated patient mobile/cloud application.
  • Identity verified by NHS-Login with Multi-Factor Authentication (MFA).
  • Integrates multiple PROMs, images and test results.
  • Integrates multiple remote monitoring smart devices.
  • Connects multiple services with case management and circles of care.
  • Supports care planning, communication and self-management tools.
  • Open-data-architecture with interoperability standards, APIs and GDPR-compliant consent model.
  • NHS login integration

Benefits

  • Builds care pathways moving burden from acute setting to community.
  • Supported Self-Management with patient access to own health data.
  • Integrate remote monitoring from home with smart devices.
  • Design more flexible MDT workflows.
  • Service triaging to reduce need for face-to-face consultations.
  • Increase patient-centred care with co-produced care planning.
  • More appropriate interventions with better medicines management and clinical outcomes.
  • Open Data Architecture with interoperability and APIs standards.
  • GDPR compliant consent model with privacy by design.

Pricing

£1.00 to £100.00 a user a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at euan.cameron@cohesionmedical.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 4 6 1 3 5 6 7 1 9 1 6 8 5 5

Contact

COHESION MEDICAL LTD. Euan Cameron
Telephone: 01416119686
Email: euan.cameron@cohesionmedical.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Electronic Patient Records (EPR) systems.
Patient Administration Systems (PAS).
Picture Archive Communications (PAC) systems.
Electronic Document Transfer (EDT) systems.
Patient Management Systems (PMS)
Electronic Medical Record Systems (EMRs)
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
COHESION provides a UK-cloud based solution (Microsoft Azure) with a Software as a Service (SaaS) model so the software will be updated automatically and performed out of hours to minimise impact to services and users.
System requirements
  • Desktop Computer (WinPC/MacOS)
  • Tablet Computer (Android, iOS)
  • Mobile SmartPhone (Android, iOS)
  • Web browsers
  • Internet connectivity

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Time to Response (TTR) - Critical Response: 4 Business Hours. Non-Critical: 24 Business Hours. Availability: Mon-Fri, 9am-5pm, GMT. Response Times at weekends and public holidays is treated as Non-Critical.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Web chat accessibility testing
Tested with Lived Experience users.
Onsite support
Yes, at extra cost
Support levels
COHESION provides a support desk as first line response to users. Customers have access to an account manager as their main point of contact. COHESION solutions are backed by Microsoft Azure services 24x7, 99.99% availability.
The standard Time to Response (TTR) - Critical Response: 4 Business Hours. Non-Critical: 24 Business Hours. Availability: Mon-Fri, 9am-5pm, GMT. Response Times at weekends and public holidays is treated as Non-Critical.
Customers have options to increase Time To Response (TTR) times levels categorised by service request Priority: P1: Urgent: 1 hour; Service complete loss for all users or severe degradation resulting in inability to function; P2: High: 4 hours; Service some loss of service/system failure removing service from a number of users resulting in improper functioning; P3: Medium: 8 hours; Service working but functioning at less than optimal system performance resolved by fixing minor bugs/site errors; P4: Low: 24 hours; change requests.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
COHESION offers On-Boarding Installation service for new customers including: Setup and Configure, Testing and Validation, Self-Learning (User Guides and videos) and Train-the-Trainer courses which can be delivered remotely or on premise.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
COHESION provides a user admin managed Data Export Manager (DEM) for data export of CSV and XML files. Where personal data is stored locally on citizen devices this can be exported by the individual and ported to another provider of their choice.
End-of-contract process
At contract end, data export is concluded and 30 days provided to complete hand-off before software is closed and any data is formally destroyed unless formally requested to archive data and make system inactive. No other additional costs included. COHESION will work with the customer to ensure a smooth transition to a new provider. Once this has been completed COHESION will delete the data from its platform.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
For clinical staff, smartphones and tablet devices can be used as well as desktops. For patients, citizen-owned smartphone devices (iOS/Android), tablets, desktops can be used with no significant difference between services other than responsive layouts.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Secure service interface is provided via a web browser with secure login access which allows local administration teams to manage their user base and organisation setup. The interface allows for the configuration of services within their specific organisation including service dashboards and patient/clinicial dashboards for healthcare professionals to administer.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
COHESION has tested solutions with a wide range of Lived Experience users including people with restricted mobility, learning needs, visual impairments and elderly. In addition, manual and automated interface accessibility testing has been conducted.
API
Yes
What users can and can't do using the API
COHESION provides service APIs using RESTful and SOAP based web service interfaces over HTTPS to enable application to application communications allowing authorised clients to read and write data using a range of data models and messaging standards such as OpenEHR and HL7 FHIR. The services support a number of different authentication and authorisation options including BasicAuth, OAuth2 and mutual SSL certificate based authentication.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
COHESION solutions are designed to be configurable, flexible and scalable to meet customer localised needs during service and user setup. Organisation, service and user setup and configuration of dashboards, records and data components can all be done by the customer or by COHESION on behalf of the customer through configuration tools within the solution management area by permissioned system administrators.

Scaling

Independence of resources
COHESION uses virtualisation to ensure applications and users sharing the same infrastructure are kept apart. Microsoft Azure performance monitoring and alarms are in place to ensure sufficient capacity and resources are available for on-demand business-critical services for many millions of users. COHESION provides a Service Level Agreement (SLA) to guarantee up-time availability.

Analytics

Service usage metrics
Yes
Metrics types
COHESION provides the ability for services to configure their own Key Performance Indicators (KPIs) which can be displayed and reported on real-time Service Dashboards, Service Reporting and System Logs. These KPIs and tools allow services to monitor key metrics such as service outcomes, performance analysis and identify areas for service improvement. Data can be tabulated or visualised as time series, graphs, and other charts for user needs. Example service metrics include usage levels, intervention outcomes, activity levels etc.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
COHESION provides a user admin managed Data Export Manager (DEM) for data export with anonymised data option. Extraction of data is available to authenticated users and/or systems that have the correct RBAC access and data permissions. The DEM can be configured to suit individual service and customer requirements. Most data contained within the CMS is exportable as CSV, XML, Excel ready for import into a 3rd party system at no additional cost.
Data export formats
  • CSV
  • Other
Other data export formats
MS Excel
Data import formats
  • CSV
  • Other
Other data import formats
MS Excel

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
COHESION provides by a Service Level Agreement (SLA) supported by the Microsoft Azure stack to guarantee availability of 99.99%. Refer Microsoft Azure SLAs:https://azure.microsoft.com/en-gb/support/legal/sla/. Unavailability is identified by proactive fault detection by the service management team or through a customer reported fault. COHESION will refund service credits agreed to customers where the solution is less than the agreed availability.
Approach to resilience
COHESION solutions are supported by the Microsoft Azure stack to guarantee availability of 99.99% as well as Azure storage redundancy, database cross-region replication with two Azure UK regions all data will still stay within the UK with routine maintenance provided by Microsoft. Each deployment package is archived to enable roll back where necessary. Further information on request.
Outage reporting
COHESION is ISO 27001:2022 and ISO 9001:2015 compliant with business continuity plans and major incident policies. COHESION provides a customer account manager as the central point of contact with the customer. Outages are reported to customer technical contacts via email alerts, API and live service dashboards for all system statuses.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
COHESION utilises Role Based Access Controls (RBAC) and Attribute Based Access Controls (ABAC) to ensure that users only have access to the systems that they require including support channels.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
15/12/2017
What the ISO/IEC 27001 doesn’t cover
There are no permissible exclusions which apply.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
Working towards Class 2a Medical Device under EU Medical-Device-Regulations (MDR)

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
COHESION is ISO 27001:2022 and Cyber Essentials Plus compliant and has an established Information Security Management System with Information Security Policies and Procedures as part of a "secure by design" approach. All staff are trained in information security and incident reporting and are fully aware of their roles and responsibilities. Senior Management review policies and procedures as part of ISO compliance and continual improvement. All staff must alert senior management if they observe a policy breach or see an opportunity for policy improvement. COHESION has passed Digital Security and Protection Toolkit (DSPT).

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
COHESION is ISO 27001:2022 and ISO 9001: 2015 compliant and maintains a systematic approach to Change Management to effectively deal with requests for change, addressing risks and to capitalise on opportunities involving adapting to the change, controlling the change and effecting the change. Changes proposed are reviewed, authorised, tested, implemented and released in a controlled manner and the status of each proposed change is monitored. COHESION performs updates to its SaaS solutions on a monthly basis and performs all changes out of hours so that there is minimal impact on users.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
COHESION complies with ISO 27001:2022 and Cyber Essentials Plus vulnerability management process including identifying, evaluating, treating and reporting on security vulnerabilities. Regular risk analysis, threat modelling and vulnerability scanning to identify security weaknesses and ensure mitigation in place to protect from breaches. COHESION keeps an awareness of potential threats from trusted and reliable key sources through email notification alerts. COHESION regularly performs patches to its services based on the recommendations of software manufacturers. COHESION runs frequent training sessions on emerging internet security threats.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
COHESION maintains an ISO 27001:2022 and Cyber Essentials Plus certification with compliant protective monitoring process, available on request. This includes deployment of a number of proactive measures to continually monitor and review in order to reduce the risk of compromises including scanning, firewalls and anti-virus software as well as Azure Insights, Azure Analytics, Performance Reports, Support Tickets, Customer Feedback. Where issues are detected, corrective action procedures is followed in accordance with the Time To Response (TTR) defined within the COHESION Service Level Agreement (SLA).
Incident management type
Supplier-defined controls
Incident management approach
COHESION maintains ISO 27001:2022 and ISO 9001:2015 compliant Security Incident Management process which outlines staff roles and responsibilities in reporting an information security event. Staff and users can raise a support request via the support desk where Incidents would be recorded and categorised using our ISO compliant incident reporting form outlining action taken, escalation steps and notifications required, and any recommendation for improvements. All staff are trained in incident reporting procedures.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
Other
Other public sector networks
Scottish Care Information (SCI)

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

COHESION provides software tools for reducing CO2 emissions through the reduction of unnecessary travel for citizens, patients and informal carers as well as professional staff. COHESION has a Green Champion in its organisation and developed the Green Value Chain for Life Sciences Scotland.

Covid-19 recovery

COHESION provides software tools for on-going monitoring of long covid symptoms.

Tackling economic inequality

COHESION provides software tools to reach remote, rural and marginalised communities in areas of economic deprivation. COHESION supports young people at college from disadvantaged backgrounds with work opportunities, internships and graduate programs.

Equal opportunity

COHESION has a diverse team with differing ages, backgrounds, cultures and genders. Almost 50% of staff are female and 25% of the Board is female.

Wellbeing

COHESION has a Wellbeing Champion and was awarded FSB Scotland Employer of the Year for its positive approach to support staff health and wellbeing at work.

Pricing

Price
£1.00 to £100.00 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
An evaluation version is available for up to 30 days with two user accounts and test records available. An extended evaluation period can be arranged on request.
Link to free trial
Enquiries@cohesionmedical.com

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at euan.cameron@cohesionmedical.com. Tell them what format you need. It will help if you say what assistive technology you use.