Patient Pass

Patient Pass

Patient Pass is a secure platform for secondary to tertiary consultation and referral management that improves communication between clinical staff based in different locations. It allows specialist services to remotely provide documented clinical advice and coordinate transfers of care supported by speciality-specific rule-based workflows and configurable decision support tools.

Features

• Pre-defined workflows for over 20 specialties
• Single department or trust-wide implementation
• Backend integration (including PAS and EPR)
• Rule-based, speciality-specific workflows
• Escalation alert/notification
• N3/HSCN hosted and GDPR compliant

Benefits

• Fully audited trail of advice given
• Transfer waiting list/ Repatriation management
• Live patient flow dashboard
• Easy and quick. Referrals submitted in 3 minutes
• Outcome reporting
• Workload management
• Follow up planning
• Visibility of patient’s previous referrals

£5,000 to £15,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ac@patientpass.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

383627400838406

Contact

Al Campbell
0161 8172921
ac@patientpass.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Web access requires a modern, web-standards compliant browser
  • N3/HSCN access required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: This is part of our standard SLA please see attached contract
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Guaranteed response times depend on priority of the item(s) affected and severity of issues.; ; All support enquiries in connection with the Services must be referred to the Customer’s internal support team in the first instance.; ; It is expected that such internal team will have the capability to fully resolve all First Line Requests. ; ; The Customer’s internal support team may refer any Second Line Requests to the Supplier using the contact details notified for this purpose from time to time, provided always that the support team has completed the Second Line Request referral form.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The system is very intuative and needs little training. We have a getting started guide and can offer onsite and online training if required.; ; Our service delivery team help specifically with implementation. This includes assessing the needs for the speciality/trust including current processes, integration and training.The implementation is then customised to suit the trusts requirements.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We will provide the data back to the customer in a pre-determined format once the contract ends.
• End-of-contract process: The initial contract term specifies the number of specialities and the associated configuration costs. Additional specialites can be purchased in the future at additional costs

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Responsive web application, which naturally scales based on screen size/resolution.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: The pathway for each speciality is fully customisable as are automated management plans. Customisation takes place as part of the onboarding and is done by the Patient Pass service delivery team.

Scaling

• Independence of resources: Each trust has its own virtual instance for both security and scalability. These are monitored and should additional resource be required the instance can be easily scaled.

Analytics

• Service usage metrics: Yes
• Metrics types: The software has a customisable real-time dashboard that can show any number of metrics and reports that the end user requires including usage metrics such as referring hospitals, referral types, outcomes etc. We can also report on performance metrics and audit data.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The reporting functionality in the system allows the export of data locally in a number of formats including excel and CSV.; ; Alternatively our service delivery team will work with Trusts on data export to help define the requirements and provide the data to them securely and in accordance with information governance policies.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The supplier shall make the Services available 98% of the time in each calendar month during the Subscription Term, based on a 24 hour a day, seven day a week time period, less any time during which the Services are unavailable due to Planned Maintenance and/or Emergency Maintenance (Uptime Commitment). ; ; If the Supplier fails to meet or exceed the Uptime Commitment in any month, the Customer shall notify the Supplier within 14 days of the end of such month. Provided such failure is not disputed by the Supplier (acting reasonably), the following service credits, being the Downtime Service Credits, shall be applied by way of a deduction from the next invoice then due to be issued under this Agreement, or (where no further invoices are due to be issued) by way of a credit note against a previous invoice and the amount of the Downtime Service Credits shall be repayable by the Supplier as a debt within 30 days of the date of such credit note:; Percentage Uptime* Percentage Credit ; 97% - 97.9% 5%; 95% - 96.9% 10%; 88% - 94.9% 20%; <88% 40%
• Approach to resilience: Our data center provider has multiple data centres with server mirroring. Further details available on request.
• Outage reporting: We have a private status dashboard and email alerts are used to notify customer of any service outages; ; Our support desk (email and phone) is also available to take queries relating to service status.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: The service is only available on the N3/ HSCN network. Users on this network can access the system to prescribed levels with usernames/ passwords. The level of access is pre-determined based on the access control model defined by the trust.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • CyberEssentials Plus
  • Data Security & Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: NHS Data Security & Protection Toolkit
• Information security policies and processes: We are committed to ensuring that information security is given the highest possible degree of importance. As part of this we are working towards ISO 27001 and have many of the policies and procedures in place to support this including virus control, passwords and business continuity.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Patient Pass uses a Agile project delivery methodology. ; ; All requests for changes and/or bug fixes are logged in our change management system and prioritised.; ; We use a version control system to track all software changes. Any new releases are scanned for potential security issues before being released for testing.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: CyberEssentials Plus helps us to guard against the most common cyber threats and demonstrate our commitment to cyber security.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The service creates audit events and alerts to support effective identification of suspicious activity. Any threat or compromise is immediately escalated and dealt with. We aim to respond within 2 hrs.
• Incident management type: Supplier-defined controls
• Incident management approach: Any incidents reported are reviewed and prioritised. and if necessary escalated for rectification work to be completed. Once reviewed and any rectification work completed, stakeholders are contacted with resolution outcomes.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  All our infrastructure is within Amazon Web Services (AWS) which is working towards powering all operations with 100% renewable energy by 2025.; ; The building our offices are in was verified as Net Zero Carbon in Sept 2021 and is reviewed annually.; ; Every year we have a "Green Jumper Day" were we turn down the heating in the office by a few degrees to reduce our energy consumption and raise awareness of climate change.; ; All staff work remotely for most of the time and when they need to travel to work we encourage sustainable travel such as electric vehicles and public transport were possible

Pricing

• Price: £5,000 to £15,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Fully functional trial available for a period of up to 6 months

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ac@patientpass.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.