COHESION Digital Respiratory Solution
COHESION Care Wallet enables patients to securely share data with flexibly configured cloud-based Digital Respiratory Services allowing improved care planning, remote monitoring and service feedback to deliver better outcomes and patient experiences. COHESION has a proven track record with the NHS across the UK.
Features
- Digital solution helps patients manage and own their health record.
- Configurable cloud-based services platform with integrated patient mobile/cloud application.
- Identity verified by NHS-Login with Multi-Factor Authentication (MFA).
- Integrates multiple PROMs, images and test results.
- Integrates multiple remote monitoring smart devices.
- Connects multiple services with case management and circles of care.
- Supports care planning, communication and self-management tools.
- Open-data-architecture with interoperability standards, APIs and GDPR-compliant consent model.
- NHS login integration
Benefits
- Builds care pathways moving burden from acute setting to community.
- Supported Self-Management with patient access to own health data.
- Integrate remote monitoring from home with smart devices.
- Design more flexible MDT workflows.
- Service triaging to reduce need for face-to-face consultations.
- Increase patient-centred care with co-produced care planning.
- More appropriate interventions with better medicines management and clinical outcomes.
- Open Data Architecture with interoperability and APIs standards.
- GDPR compliant consent model with privacy by design.
Pricing
£1.00 to £100.00 a user a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
3 4 6 1 3 5 6 7 1 9 1 6 8 5 5
Contact
COHESION MEDICAL LTD.
Euan Cameron
Telephone: 01416119686
Email: euan.cameron@cohesionmedical.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
-
Electronic Patient Records (EPR) systems.
Patient Administration Systems (PAS).
Picture Archive Communications (PAC) systems.
Electronic Document Transfer (EDT) systems.
Patient Management Systems (PMS)
Electronic Medical Record Systems (EMRs) - Cloud deployment model
-
- Public cloud
- Private cloud
- Service constraints
- COHESION provides a UK-cloud based solution (Microsoft Azure) with a Software as a Service (SaaS) model so the software will be updated automatically and performed out of hours to minimise impact to services and users.
- System requirements
-
- Desktop Computer (WinPC/MacOS)
- Tablet Computer (Android, iOS)
- Mobile SmartPhone (Android, iOS)
- Web browsers
- Internet connectivity
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
- Time to Response (TTR) - Critical Response: 4 Business Hours. Non-Critical: 24 Business Hours. Availability: Mon-Fri, 9am-5pm, GMT. Response Times at weekends and public holidays is treated as Non-Critical.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
-
Web chat accessibility testing
Tested with Lived Experience users. - Onsite support
- Yes, at extra cost
- Support levels
-
COHESION provides a support desk as first line response to users. Customers have access to an account manager as their main point of contact. COHESION solutions are backed by Microsoft Azure services 24x7, 99.99% availability.
The standard Time to Response (TTR) - Critical Response: 4 Business Hours. Non-Critical: 24 Business Hours. Availability: Mon-Fri, 9am-5pm, GMT. Response Times at weekends and public holidays is treated as Non-Critical.
Customers have options to increase Time To Response (TTR) times levels categorised by service request Priority: P1: Urgent: 1 hour; Service complete loss for all users or severe degradation resulting in inability to function; P2: High: 4 hours; Service some loss of service/system failure removing service from a number of users resulting in improper functioning; P3: Medium: 8 hours; Service working but functioning at less than optimal system performance resolved by fixing minor bugs/site errors; P4: Low: 24 hours; change requests. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- COHESION offers On-Boarding Installation service for new customers including: Setup and Configure, Testing and Validation, Self-Learning (User Guides and videos) and Train-the-Trainer courses which can be delivered remotely or on premise.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- COHESION provides a user admin managed Data Export Manager (DEM) for data export of CSV and XML files. Where personal data is stored locally on citizen devices this can be exported by the individual and ported to another provider of their choice.
- End-of-contract process
- At contract end, data export is concluded and 30 days provided to complete hand-off before software is closed and any data is formally destroyed unless formally requested to archive data and make system inactive. No other additional costs included. COHESION will work with the customer to ensure a smooth transition to a new provider. Once this has been completed COHESION will delete the data from its platform.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- For clinical staff, smartphones and tablet devices can be used as well as desktops. For patients, citizen-owned smartphone devices (iOS/Android), tablets, desktops can be used with no significant difference between services other than responsive layouts.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- Secure service interface is provided via a web browser with secure login access which allows local administration teams to manage their user base and organisation setup. The interface allows for the configuration of services within their specific organisation including service dashboards and patient/clinicial dashboards for healthcare professionals to administer.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- COHESION has tested solutions with a wide range of Lived Experience users including people with restricted mobility, learning needs, visual impairments and elderly. In addition, manual and automated interface accessibility testing has been conducted.
- API
- Yes
- What users can and can't do using the API
- COHESION provides service APIs using RESTful and SOAP based web service interfaces over HTTPS to enable application to application communications allowing authorised clients to read and write data using a range of data models and messaging standards such as OpenEHR and HL7 FHIR. The services support a number of different authentication and authorisation options including BasicAuth, OAuth2 and mutual SSL certificate based authentication.
- API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- COHESION solutions are designed to be configurable, flexible and scalable to meet customer localised needs during service and user setup. Organisation, service and user setup and configuration of dashboards, records and data components can all be done by the customer or by COHESION on behalf of the customer through configuration tools within the solution management area by permissioned system administrators.
Scaling
- Independence of resources
- COHESION uses virtualisation to ensure applications and users sharing the same infrastructure are kept apart. Microsoft Azure performance monitoring and alarms are in place to ensure sufficient capacity and resources are available for on-demand business-critical services for many millions of users. COHESION provides a Service Level Agreement (SLA) to guarantee up-time availability.
Analytics
- Service usage metrics
- Yes
- Metrics types
- COHESION provides the ability for services to configure their own Key Performance Indicators (KPIs) which can be displayed and reported on real-time Service Dashboards, Service Reporting and System Logs. These KPIs and tools allow services to monitor key metrics such as service outcomes, performance analysis and identify areas for service improvement. Data can be tabulated or visualised as time series, graphs, and other charts for user needs. Example service metrics include usage levels, intervention outcomes, activity levels etc.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- COHESION provides a user admin managed Data Export Manager (DEM) for data export with anonymised data option. Extraction of data is available to authenticated users and/or systems that have the correct RBAC access and data permissions. The DEM can be configured to suit individual service and customer requirements. Most data contained within the CMS is exportable as CSV, XML, Excel ready for import into a 3rd party system at no additional cost.
- Data export formats
-
- CSV
- Other
- Other data export formats
- MS Excel
- Data import formats
-
- CSV
- Other
- Other data import formats
- MS Excel
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- COHESION provides by a Service Level Agreement (SLA) supported by the Microsoft Azure stack to guarantee availability of 99.99%. Refer Microsoft Azure SLAs:https://azure.microsoft.com/en-gb/support/legal/sla/. Unavailability is identified by proactive fault detection by the service management team or through a customer reported fault. COHESION will refund service credits agreed to customers where the solution is less than the agreed availability.
- Approach to resilience
- COHESION solutions are supported by the Microsoft Azure stack to guarantee availability of 99.99% as well as Azure storage redundancy, database cross-region replication with two Azure UK regions all data will still stay within the UK with routine maintenance provided by Microsoft. Each deployment package is archived to enable roll back where necessary. Further information on request.
- Outage reporting
- COHESION is ISO 27001:2022 and ISO 9001:2015 compliant with business continuity plans and major incident policies. COHESION provides a customer account manager as the central point of contact with the customer. Outages are reported to customer technical contacts via email alerts, API and live service dashboards for all system statuses.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
- Access restrictions in management interfaces and support channels
- COHESION utilises Role Based Access Controls (RBAC) and Attribute Based Access Controls (ABAC) to ensure that users only have access to the systems that they require including support channels.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 15/12/2017
- What the ISO/IEC 27001 doesn’t cover
- There are no permissible exclusions which apply.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- Working towards Class 2a Medical Device under EU Medical-Device-Regulations (MDR)
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- COHESION is ISO 27001:2022 and Cyber Essentials Plus compliant and has an established Information Security Management System with Information Security Policies and Procedures as part of a "secure by design" approach. All staff are trained in information security and incident reporting and are fully aware of their roles and responsibilities. Senior Management review policies and procedures as part of ISO compliance and continual improvement. All staff must alert senior management if they observe a policy breach or see an opportunity for policy improvement. COHESION has passed Digital Security and Protection Toolkit (DSPT).
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- COHESION is ISO 27001:2022 and ISO 9001: 2015 compliant and maintains a systematic approach to Change Management to effectively deal with requests for change, addressing risks and to capitalise on opportunities involving adapting to the change, controlling the change and effecting the change. Changes proposed are reviewed, authorised, tested, implemented and released in a controlled manner and the status of each proposed change is monitored. COHESION performs updates to its SaaS solutions on a monthly basis and performs all changes out of hours so that there is minimal impact on users.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- COHESION complies with ISO 27001:2022 and Cyber Essentials Plus vulnerability management process including identifying, evaluating, treating and reporting on security vulnerabilities. Regular risk analysis, threat modelling and vulnerability scanning to identify security weaknesses and ensure mitigation in place to protect from breaches. COHESION keeps an awareness of potential threats from trusted and reliable key sources through email notification alerts. COHESION regularly performs patches to its services based on the recommendations of software manufacturers. COHESION runs frequent training sessions on emerging internet security threats.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- COHESION maintains an ISO 27001:2022 and Cyber Essentials Plus certification with compliant protective monitoring process, available on request. This includes deployment of a number of proactive measures to continually monitor and review in order to reduce the risk of compromises including scanning, firewalls and anti-virus software as well as Azure Insights, Azure Analytics, Performance Reports, Support Tickets, Customer Feedback. Where issues are detected, corrective action procedures is followed in accordance with the Time To Response (TTR) defined within the COHESION Service Level Agreement (SLA).
- Incident management type
- Supplier-defined controls
- Incident management approach
- COHESION maintains ISO 27001:2022 and ISO 9001:2015 compliant Security Incident Management process which outlines staff roles and responsibilities in reporting an information security event. Staff and users can raise a support request via the support desk where Incidents would be recorded and categorised using our ISO compliant incident reporting form outlining action taken, escalation steps and notifications required, and any recommendation for improvements. All staff are trained in incident reporting procedures.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Other
- Other public sector networks
- Scottish Care Information (SCI)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
COHESION provides software tools for reducing CO2 emissions through the reduction of unnecessary travel for citizens, patients and informal carers as well as professional staff. COHESION has a Green Champion in its organisation and developed the Green Value Chain for Life Sciences Scotland.Covid-19 recovery
COHESION provides software tools for on-going monitoring of long covid symptoms.Tackling economic inequality
COHESION provides software tools to reach remote, rural and marginalised communities in areas of economic deprivation. COHESION supports young people at college from disadvantaged backgrounds with work opportunities, internships and graduate programs.Equal opportunity
COHESION has a diverse team with differing ages, backgrounds, cultures and genders. Almost 50% of staff are female and 25% of the Board is female.Wellbeing
COHESION has a Wellbeing Champion and was awarded FSB Scotland Employer of the Year for its positive approach to support staff health and wellbeing at work.
Pricing
- Price
- £1.00 to £100.00 a user a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- An evaluation version is available for up to 30 days with two user accounts and test records available. An extended evaluation period can be arranged on request.
- Link to free trial
- Enquiries@cohesionmedical.com