CAREOLOGY HEALTH LIMITED

Digital Cancer Care Platform

Careology is a digital cancer care platform that is clinically-validated, connecting patients to their healthcare teams and caregivers. Patients feel empowered and in control, healthcare teams have ‘always on’ access to comprehensive insights and caregivers are equipped to help navigate a cancer diagnosis better together.

Features

• Record and monitor symptoms, side effects and SACT toxicities
• Bluetooth wearable device integrations to capture vital signs e.g. temperature
• Medication schedule reminders, alerts and app notifications
• Personalised content and self-management support through articles and recipes
• Record treatment journal and notes
• Calendar view for health trend analysis
• Real-time remote patient monitoring and health insights
• Virtual ward with patient prioritisation and triage view
• Send, schedule and receive digital questionnaires e.g. ePROMs, eHNAs
• Share and connect to caregivers and healthcare professionals

Benefits

• Early identification and reporting of side effects reduces complications
• Increased medication adherence, contributes to better outcomes, reduces drug wastage
• Reduction in acute admissions and increased patient initiated follow ups
• Visibility for healthcare professionals enables patient prioritisation, outreach and triage
• Safe remote monitoring creates operating efficiencies and clinical capacity
• Enhances patient communication and informs consultations
• Effective signposting and personalised care through collected ePROMs
• Patient self-management through digital support improves cost of outpatient care
• Improved patient experience by connecting them to their care network
• Reduction in unnecessary treatment deferrals

£24,000 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@careology.health. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

422212281451915

Contact

Paul Landau
07368 631633
sales@careology.health

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Our technology is fully interoperable, however it can be implemented as a standalone tool. Current integrations and supported software services available upon request.
• Cloud deployment model: Private cloud
• Service constraints: Careology is a SaaS solution that cannot be installed on premise. ; ; User support via email is available Monday to Friday 9am - 5pm (UK time). This excludes weekends and public holidays. First response times are within 24 hours. ; ; Careology is not an emergency service platform or a healthcare provider. Our technology will not diagnose, treat, cure or prevent any health issues or make any recommendations concerning the Patient's healthcare or treatment. It is the Patient's sole responsibility to seek the advice of a healthcare provider if they have any concerns, or at any time the Patient feels unwell.
• System requirements:
  • Available on latest versions of Chrome, Edge and Safari
  • Available on iOS (iOS 13 and later)
  • Available on Android (OS9 and later)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: User support via email is available Monday to Friday 9am - 5pm (UK time). This excludes weekends and public holidays. First response times are within 24 hours.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Onsite support is available upon request and will include account management, user training, process mapping and service design refinement. Any scoping, product specification or troubleshooting will be conducted by our product team. This support will be included in the software licence fees and not charged separately.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We are committed to heavily investing in our clients and work in close collaboration with their team to ensure the programme is run efficiently and effectively. During the concierge onboarding phase, clients work with an experienced Careology Client Success Manager who will lead the project plan and timelines. This will include the scoping, deployment and after care plans. During the first 90 days we will:- gather scoping and configuration requirement, share best practice guidelines, define the recommended service design, agree deployment timelines, schedule UAT (user acceptance testing), agree success criteria and frequency of reporting, conduct comprehensive training for Professional users. The Client Success Manager will work alongside the broader Careology Team including Product and Marketing to ensure the effectiveness of the onboarding experience. Careology will provide online and on-demand training, with in person training available upon request. We will provide easy to use documentation including troubleshooting FAQs, support and best practice guides. We will also provide marketing materials (leaflets, PDFs, videos) and emails to ensure buy-in and understanding by your patients, their caregivers and the broader clinical team. The offboarding process will be run by the Client Success Manager, with documentation available in PDF format.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: MP4
• End-of-contract data extraction: As part of the offboarding process we will provide an extract of data if required
• End-of-contract process: During our offboarding process we will work in close collaboration with our clients to schedule removal of access to our Product suite. User accounts will be closed to ensure no access is available and the master client account will be closed. If required we will provide an extract of data. We would require 90 days notice of termination to enable us to schedule this work. There is no additional cost to this service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences between the mobile and desktop functionality
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: We have numerous interfaces to our service using our interoperability engine. We support API's like graphQL and also support HL7 and FHIR interfaces.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: We have not done assistive technology testing with any users.
• API: Yes
• What users can and can't do using the API: Users can use our graphQL API to interact with the service. They need to be a registered active user in our Professional or App applications. They would then be able to use their authenticated JWT tokens to make the API calls to the platform.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can add their organisation structure as well as any logos to ensure that users have the correct visibility and access. Users can work with Careology to add their own digital questionnaires e.g. eHNA and ePROMS. Users can add their own content to the content library via API.

Scaling

• Independence of resources: We deploy cutting edge architecture, ensuring our Careology technology is built and hosted on Amazon Web Services (AWS) cloud based infrastructure. This ensures flexibility, security and reliability. Our platform is built to scale - it is able to manage significant volumes of users and achieve a global footprint.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide the following metrics as a standard part of our client reporting. For patient users this includes: user registration, user adoption, conversion rate, demographic (gender and age range), engagement range, feature usage, Caregiver users and professional users include user registration, user adoption, conversion rate.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can be exported as a csv file. Requirements will be discussed and mutually agreed with the client.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We will undertake commercially reasonable measures to ensure a 99.9% uptime of our service and infrastructure. We use commercially reasonable efforts to make the Services available 24 hours a day, 7 days a week, excluding Scheduled Downtime. We expect Scheduled Downtime to be infrequent but will try to provide the Customer with at least 24 hour advance notice if we foresee any necessary downtime should occur.; ; In the event Unscheduled Downtime occurs, clients will be entitled to credits against its subsequent payment obligations (“Service Credits”) according to the following table:; ; Service Availability Credit as a Percentage of Monthly Billing:; 90.0-99.9% - 2%;; 95.0-99.0% - 3%;; 90.0-95.0% - 4%;; <90% - 5%.; ; To receive a service credit, the client will need to contact their Customer Success; Manager within thirty (30) days from the last day of the calendar month in which expectation of; uptime was not met. The maximum amount of Service Credits issued to clients for Unscheduled; Downtime in a single calendar month will not exceed five percent (5%) of the monthly billing; for such month.
• Approach to resilience: We use AWS hosting providing a fully load balanced environment with multiple instances running across multiple availability zones within each region. We utilise serverless technology to ensure that we can service the demand required through peaks and troughs of service usage. We have developed against the AWS well architected framework. More information available upon request.
• Outage reporting: Outages are incredibly rare given our well architected platform however we recognize the need to have outage reporting processes in place, we align to ITIL v4 and can support the service desk to service desk requirements specified by the buyer.

Identity and authentication

• User authentication needed: Yes
• User authentication: Public key authentication (including by TLS client certificate)
• Access restrictions in management interfaces and support channels: This is covered in a number of places in our ISMS. e.g. principle of least privilege access rights is covered in our Information Security policy, role-based access requirements are covered in our products RBAC model, and across our organisation through the tools we use. User access registration and de-registration and user access provisioning and removal process is covered by our Onboarding / Offboarding procedure and within further polices. Requirement of segregation of duties and any other controls deemed appropriate are covered at a policy level through our Information Security Policy and supported by several Standard Operating Procedures.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Public key authentication (including by TLS client certificate)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Data Security and Protection Toolkit (DSPT) assessed to Standards Met.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We are DSPT assessed and have a fully embedded Information Security Management System aligned to ISO 27001, will be going through ISO 27001 certification shortly.
• Information security policies and processes: We have a fully embedded Information Security Management System (ISMS) aligned to ISO 27001, will be going through ISO 27001 certification shortly. Policies include but are not limited to an Information Security Policy, Acceptable Use Policy, Data Protection Policy and others that support our 27001 alignment. We have an active Internal Audit program to assess both the continued suitability of our Policies, Procedures and Key Records along with organizational compliance. Regular Management Review Boards (MRBs) are held to review our ISMS and provide top management direction and guidance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We operate full Change Control as per our Change Management Procedure (SOP) maintained in our ISMS which includes Configuration Management within its scope. This covers the full lifecycle of a Change and aligns to the Information Technology Infrastructure Library (ITIL) v4.0 change management workflow.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We undertake (at least) annual Penetration Testing and renew our Cyber Essentials certification annually. Vulnerability scanning is executed on a regular cadence and in particular ahead to major platform or product upgrades. Note we have a Secure Engineering Principles Policy that also aims to reduce security risk in our SDLC.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Yes, we have active monitoring on the AWS platform provided by CloudWatch. General documentation here: https://docs.aws.amazon.com/cloudwatch/index.html. We also have GaurdDuty deployed, information here: https://aws.amazon.com/guardduty/. Note that we use Serverless technology in key areas of our platform that allows us to manage peaks in demand without impacting the security or availability of the platform. We have a Security Incident Response plan held withing our ISMS this is regularly reviewed and where appropriate tested. Our service level response times will be defined in contract with the buyer however our Security Incident Response Team (SIRT) works on a Rota basis covering 24/7/365.
• Incident management type: Supplier-defined controls
• Incident management approach: We have an Incident Response Plan supported by an Incident Management Procedure within our ISMS which is invoked if an incident or suspected incident occurs. This plan covers all the key stages of identification, response, recovery and post-incident review. We are aligned to ITILv4.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are constantly working towards net zero - and would support all of our customers to achieve the same. We feel as though through the use of digital technology we can reduce a number of carbon emitting processes within the healthcare system e.g. patient travel, leaflet printing. We will also work with our staff to make sure that they are doing all they can to protect the environment and reduce their carbon impact e.g. less frequent travel in to the office, use of public transport.

  Tackling economic inequality

  Careology recognises the competitive landscape facing both the technical and healthcare sectors. We are committed to engaging with other SMEs in the ongoing development cycle of our products, having already engaged with VSCO's in order to build a deeper understanding of the needs and use cases within the industry. We plan on doing some further work with the cancer specific charity sector to better understand our market and deliver better features, more functionality and meet the bespoke needs of our target audiences.; We invest in our workforce, never shying away from continually developing skills, experience and expertise, including industry recognised qualifications across our workforce that can help deliver a better service and product for our end-users.; We strongly advocate prompt payment code within our supply chain, especially for those who are smaller organisations, and aim to pay all invoices within the agreed payment terms. Suppliers within our supply chain are onboarded and typically must conform to a selection of our policies and procedures covering equalities and diversity, cyber security, data management, health and safety and conduct rules, as part of their contract. We welcome smaller businesses within our supply chain providing they meet these requirements as this actively promotes competition and drives value for money for our customers.

  Equal opportunity

  Careology celebrates diversity and prides itself on creating an inclusive working environment in which we welcome a variety of opinions, beliefs and backgrounds to help drive innovation.; We are an equal opportunity employer, recruiting on merit and ensuring candidates are not subjected to any prejudice or discrimination against any protected characteristic. We have a governing “Equality, Diversion and Inclusion” policy, with a lead officer responsible for raising awareness across our organisation and keeping us compliant with both legislative requirements and industry best practice. All staff must comply with this policy as it forms part of their employment contracts. We provide staff with dedicated external training and mentoring, reinforced through the provision of our employee Handbook which reiterates fair recruitment practices as well as conduct rules to make our workplace inclusive and free from discrimination.; In terms of recruitment, candidates are scored against predefined criteria, typically with a panel of interviewers involved and scoring independently before agreeing on a single, moderated score. This helps to minimise the risk of unconscious bias.; We capture equal opportunity data as part of our recruitment process to monitor our compliance with our policies.

  Wellbeing

  We strongly advocate for the wellbeing of our team. We have invested in solutions to help promote staff wellbeing including providing all Careology employees with access to free counselling, via a 24/7 phone number through which they are also able to book face to face sessions. They also have complimentary access to a health and wellbeing app which provides an enhanced set of proactive wellbeing tools. The features are designed to improve the user's mental and physical health by using personal metrics to set goals and measure achievements. Careology also has processes in place to support staff with mental health issues.; ; We have a “Health, Safety, Welfare and Hygiene Policy” and a “Hybrid Working” policy (which includes a section on “Health and Safety for Working at Home”) available to all employees in our handbook. This reflects our investment in dynamic working arrangements to help offer flexibility to staff with caring or other life commitments and fosters a culture which values work life balance.; The Careology app contains lots of articles around both mental and physical health, and also a journal function which can be shared with healthcare teams. Patients can also set their mood with just one click on the homescreen which can be monitored by healthcare professionals.

Pricing

• Price: £24,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@careology.health. Tell them what format you need. It will help if you say what assistive technology you use.