mypatientspace

Digital Health & Virtual Ward Platform for Remote Patient Monitoring & Engagement

An end-to-end configurable Digital Health platform for scalable remote care. From virtual wards to chronic disease management, streamlining patient pathways across multiple conditions - cancer, respiratory, renal, cardiology, stroke, others. Our platform includes apps, clinical portals, device integrations, PROMS, alerts, self-management education, pathway automation, collaboration, empowering advanced remote care models

Features

• Highly configurable platform supporting virtual wards and remote patient management/monitoring
• Patient App native on Android/IOS and Web, email/SMS
• Clinical portal/dashboard on Web, Staff App IOS, Admin portal
• Personalized Content and Rich automated Engagement across the patient journey
• Collaboration: messaging, channel publishing, telehealth, sms/email
• Remote monitoring: PROMS/Assessments/device integrations - Alerts
• Complete Task Management to scale remote management
• Configurable Careplan and Rules Engine automates pathway
• Sophisticated scheduling,appointment and medication modules
• Integrations with systems, EHRs, devices and APIs,

Benefits

• Remotely manage patients at scale - fine-tuned to clinical settings
• Reduction hospital admissions, readmissions, outpatients
• Deliver operational efficiencies by reducing need for face-to-face contact
• Highly adaptable software allows clinicians to design pathway
• Facilitates multi-disciplinary working across clinical teams and different care settings
• Quality Improvement - Improve patient outcomes and experience
• Enhance patient self-management and understanding of their condition
• Safely manage/improve waitlists, support wait-well recovery, early-support-discharge
• Enhances patient communication and informs consultations
• Early identification and reporting of symptoms/disease progression reduces complications

£13,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@mypatientspace.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

392925523660885

Contact

Una Kearns
+353860441538
info@mypatientspace.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Stable internet access
  • Modern, updated web browser (Chrome, Edge, Safari, Firefox)
  • Mobile app requires Android 8/iOS14 or above
  • Recommend running Windows 10, MacOSX or newer
  • A processor of at least 1 gigahertz (GHz)
  • 4GB of RAM or more
  • At least 4GB free of storage space
  • A display capable of at least 1280 x 1080

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: For all items logged, we aim for 24-hour response time, and for urgent issues within one hour.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Outside testing.
• Onsite support: Onsite support
• Support levels: The majority of support is provided via email, but a phone number is also provided where customers can leave a message 24 hours a day. Services users can receive a callback to talk to a representative during office hours or as agreed. A support portal interface exists where customers can manage and track their tickets. Responses are actioned as soon as the support team has seen the email/ticket and logged items will see a response within 24 hours. For urgent support and increased severity issues, response times will generally be within the hour, and our direct phone numbers are made available to our business customers to contact us at any time. Services Users generally submit their requests through in-app mechanisms for clinical/health-related questions.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: MyPatientSpace offers end-to-end support, ensuring seamless implementation and ongoing success for our clients. From initial setup to continuous support, we can provide comprehensive assistance, including technical management, onboarding, training, patient engagement, help-desk services, pathway customisation and setup, integrations and compliance with DCB 0160 standards. Additionally, we can offer other services such as MDM, device distribution and testing, design and arrange for print and delivery of collateral material for marketing/training.; Each client benefits from a dedicated implementation manager who; oversees the entire process, ensuring personalised support and successful; outcomes. We provide both onsite and online training, supplemented by thorough documentation, pre-launch testing, and best practice guidance.; Our team will work closely with our customers to configure the platform for your pathway using our no-code environment. Furthermore, we offer branding and content asset creation services to enhance the patients experience and support client pathways. ; ; Using our experience, best practices, templates and assets clients can be up and running very quickly with minimal interruption on a service. We; also work with customers on an ongoing basis to streamline their deployments in an agile manner. ; ; myPatientSpace will be your trusted partner dedicated to your success, providing comprehensive support every step of the way.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Videos
  • In the platform portal
• End-of-contract data extraction: When a contract has ended myPatientSpace will work with the client to in a structured fashion to determine: ; 1. When data is to be deleted; 2. How users are informed and deactived ; 3. How data can be extracted/returned.; ; myPatientSpace provides out of the box tools to export patient data from the interface in CSV format. Reports can also be exported in pdf format. ; If the out of the box mechanisms are not sufficient we can work with the customer to determine an approach that is best for the customer and provide a proposal. We can export the data in a number of formats and to locations that best meet the clients needs.
• End-of-contract process: We will work with the customer to remove access, delete patient information, and a plan to notify users. ; Export of patient data from the system in included in the price in CSV or FHIR format.; Custom migration support would be based on rate card.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Patient App is full featured on native mobile apps (Android and iOS). ; A web patient app is also available as fallback.; The HCP Portal and Admin Portal are available on the web - and responsive on mobile, although for such tasks the desktop experience is better. ; There is also a native iOS staff app for staff on the go, with essential functionality (not as full-featured as the web interface).
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: MyPatientSpace service interface encompasses a web-based admin and clinician interface, API access, and mobile apps, offering comprehensive management capabilities. The web interface provides an intuitive graphical interface for user monitoring & management. Our RESTful API enables automated and programmable interactions for seamless system integration and management. And our mobile apps for IOS and Android allow service users to manage their condition, receive information & education, and receive alerts on the go. Designed for simplicity and ease-of-use, our service interfaces ensure easy and intuitive self-management and are accessible across various devices and platforms.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Our validation procedures include collaboration with accessibility experts to identify gaps, and we undertake real-world testing with users who rely on screen readers, speech recognition software, and other assistive tools. We will test for compliance with WCAG (Web Content Accessibility Guidelines) to guarantee our interfaces are usable and navigable. Feedback from these sessions directly influences our design decisions, ensuring that changes in layout, navigation, and interactive elements accommodate all users. Our commitment to accessibility is ongoing, with regular updates based on user input and evolving standards
• API: Yes
• What users can and can't do using the API: MyPatientSpace platform supports various options to integrate (REST API, CSV Import/export, JSON import/export) with our system for both inbound and outbound data flows.; Our REST API supports all the main features for interacting with our system, our internal models are built with FHIR and we also support standard schema for FHIR and HL7 interoperability.; Users can perform such things as create electronic records, interact with health systems, create accounts, import lab results, schedules and appointments, import/export survey responses, export report data, and much more.; Our API is documented and access can be requested by interested authorised developers/partners.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our platform is highly configurable and it supports a robust no-code configuration capability. Everything can be easily configured - branding, messaging, tasks, workflows, careplans, content, rules, surveys, schedules to provide a complete bespoke service for your clinical settings and can be easily change and expanded as service grows.; ; There are several layers of customisation possible. At the high level, most of the configuration changes to customise are performed by myPatientSpace (branding, overall workflow and care plan). Further customisation can be done by a business admin user at the customer site (custom schedules, careplan content, messaging). Beyond this, it is also possible to personalise the user interface to some extent. (order of screens, order of menu options, and so on). ; Careplan/treatment plan, appearance and frequency of surveys and information, and some other aspects can also be personalised by the HCP to individual patients/service users.

Scaling

• Independence of resources: Our software architecture is designed for high availability and scalability, utilising service design and containerisation to ensure robust performance. By deploying our applications on AWS, Atlas and Azure, we leverage their auto-scaling and load balancing capabilities, which dynamically adjust computing resources based on user demand. This ensures that each service can scale independently without affecting others. Our architecture includes resource isolation mechanisms, such as using separate containers and threads and job scheduling, to prevent any user’s load from impacting others. These architectural decisions are fundamental in maintaining service efficiency and reliability, even during peak loads

Analytics

• Service usage metrics: Yes
• Metrics types: We provide many metrics out of the box and we can also provide custom dashboards for the service. ; 1. Patient activity - onboarded, logins (daily, weekly, monthly), content read, tasks performed.; 2. Virtual ward metrics such LOS, no admitted, discharged, occupancy.; 3. Staff activity logins, tasks/services logged; 4. Uptime; 5. Feedback and results of other surveys/assessments; 6. Device usage; 7. Other
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Staff, based on role, can be provided access to export data in CSV format. ; FHIR models can also be provided. ; We can also work with the client on alternative approaches.
• Data export formats:
  • CSV
  • Other
• Other data export formats: FHIR
• Data import formats:
  • CSV
  • Other
• Other data import formats: FHIR

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: MyPatientSpace guarantees 99.5% uptime/availability outside of any potential planned outage.; myPatientSpace is hosted in the EU on (azure; or AWS) and also backed up in the region - it can also be hosted in the UK.; • myPatientSpace strives for 24/7/365; availability. Historically we have service availability of above 99.9%. We historically have not require any planned; downtime for upgrades, and we have many; redundancy measures in place.; • In general, we do not require any downtime for; upgrades. We have had excellent uptime in; our 5 years running our service.
• Approach to resilience: MyPatientSpace uses top tier data centers on Azure/AWS - and has built in backup, regional redundancy, failover and DDOS.
• Outage reporting: MyPatientSpace currently uses email alerts. A customer dashboard portal is also available.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We ensure secure access to management interfaces and support channels through strict controls. Access is restricted via Role-Based Access Control (RBAC), allowing only specifically authorized personnel. We enforce Multi-Factor Authentication (MFA) to enhance security, and connections require secure HTTPS and SSL to ensure encrypted data transfer. Additionally, comprehensive user training and periodic security reviews are conducted to maintain awareness & compliance with security policies. ; Fine-grained control on all assets and access levels (read, write). ; All access is audited.; Complete separation of environments between production and test/dev. Production systems and support channel access is restricted to two individuals in management board.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BQAI
• ISO/IEC 27001 accreditation date: 20/12/2023
• What the ISO/IEC 27001 doesn’t cover: None.; Our scope is "Accredited scope of goods or services in respect of which the business is registered:; Development and provision of medical device software applications for digital therapeutics, disease management, patient engagement and allied fields."
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • DTAC
  • All our cloud plaform vendors we use have CSTAR/etc.
  • Cyberessentials Plus planned

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: As a leading digital health company, we prioritize the highest standards of information security to safeguard patient data and ensure trust and confidence in our services. Adherence to Risk Management, ISO 27001 and ISO 13485 underscores our commitment to maintaining robust information security policies and practices, as well as quality management in medical devices.; ; We have established comprehensive information security policies aligned with ISO 27001 guidelines, covering access control, data encryption, risk management, and incident response. Regular reviews address emerging threats and ensure compliance with evolving regulations. Our policies include secure development processes to ensure the integrity of our software solutions and mitigate potential vulnerabilities from inception to deployment.; ; Under the leadership of our CTO and CEO, a rigorous governance framework oversees security at all levels. Board management provides strategic direction and oversight, and regular audits assess security controls and identify improvements.; ; Transparent reporting mechanisms keep our board informed, including key performance indicators and compliance assessments. Our Cyber Essentials certification further validates our commitment to best practices.; ; Through these measures, we demonstrate our commitment to protecting patient confidentiality, maintaining the integrity of our digital health platform, ensuring the quality of our medical devices, and mitigating risks through secure development processes.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We follow our ISO13485 and ISO27001 policies to track our development, configuration and release processes
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We have configured and enabled all security and compliance controls available on AWS, Azure and Atlas and regularly monitor the security posture to maintain a 100% score. We run continuous vulnerability scans on our infrastructure, perform periodic pen-tests, and run automatic scans on GitLab and independent scans on our released app. ; ; Patches are automatically applied by our cloud service provider per SLA and monitor the threat landscape - with information about potential threats obtained through threat intelligence feeds which we also subscribe to.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We implement protective monitoring using Azure and AWS’s built-in security controls to identify potential compromises. These platforms continuously monitor our systems for unusual activity. When potential threats are detected, our provider swiftly alerts us, and we activate our incident response protocol. We aim to respond to incidents within 60 minutes, ensuring a rapid and effective resolution to maintain security integrity. ; We:; use vulnerability scanning tools to identify potential vulnerabilities,; restrict and control access to sensitive information and systems,; update software and security patches regularly,; have configured firewalls, intrusion detection systems, and other security measures to protect against attacks.
• Incident management type: Supplier-defined controls
• Incident management approach: We have predefined processes for common security events, ensuring a systematic response to incidents. Users can report incidents via our dedicated support email or through a customer portal,. Upon receiving a report, we log the incident and initiate triage and communication, and troubleshooting and remediation in parallel. Incident reports are provided to users through detailed email communications or directly in the customer portal, outlining the nature of the incident, the impact, and the corrective actions taken. This activity is conducted in accordance to our ISMS and ISO14385 policies and procedures.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our social value policy outlines how we as a company are focusing on fighting climate change. It includes the activities that:; Deliver additional environmental benefits in the performance of the contract, including working towards net-zero greenhouse gas emissions.; Influence staff, suppliers, customers and communities through the delivery of the contract to support environmental protection and improvement.

  Covid-19 recovery

  Our platform allows organisations to implement necessary COVID-19 recovery by enabling remote consultations and remote patient monitoring. It also ensures organisations can tackle the waiting lists that built up during the COVID-19 pandemic by optimising pathways and creating operational efficiencies within the healthcare organisation.

  Tackling economic inequality

  Our social value policy outlines how we as a company are focusing on tackling economic inequality. It includes the following:; Creating opportunities for entrepreneurship and helping new, small organisations to grow, supporting economic growth and business creation. ; Create employment opportunities, particularly for those who face barriers to employment and/or who are located in deprived areas.; Create employment and training opportunities, particularly for people in industries with known skills shortages or in high-growth sectors.; Support education attainment relevant to the contract, including training schemes that address skills gaps and result in recognised qualifications.; Influence staff, suppliers, customers and communities through the delivery of the contract to support employment and skills opportunities in high-growth sectors.

  Equal opportunity

  Our social value and recruitment policies outline how we as a company offer equal opportunity. This includes activities that:; Demonstrate action to identify and tackle inequality in employment, skills and pay in the contract workforce.; Support in-work progression to help people, including those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant to the contract.; Demonstrate action to identify and manage the risks of modern slavery in the delivery of the contract, including in the supply chain.

  Wellbeing

  Our social value policy outlines how we as a company are focused on enabling wellbeing for our staff and customers. This includes activities that improve health and wellbeing and activities that improve integration with the community.

Pricing

• Price: £13,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@mypatientspace.com. Tell them what format you need. It will help if you say what assistive technology you use.