Beamtree UK

Ainsoff Deterioration Index

The Ainsoff Deterioration Index™ (ADI) is an application that uses a simple, numeric score as a representation of patient acuity. ADI uses data already captured in clinical systems to automatically analyse vital signs and basic pathology information to assess result trends and calculate the risk of individual patient deterioration.

Features

• Hospital, ward, and patient level Acuity summary dashboard views
• Numeric score of each patient’s risk of major adverse event
• Early detection and alerts for patients at risk of deterioration
• A useful clinical summary in the alerts and dashboard views
• Proven implementation, support and monitoring

Benefits

• Reduction in adverse events including Unplanned ICU Admissions and Death
• Reduction in Length of Stay across the hospital
• Reduction in red alerts, reducing clinical response load
• Improved Clinician experience providing a safety net for clinical teams
• Improved ability to measure capacity against demand assisting with prioritisation

£20,833 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.nobbs@beamtree.com.au. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

422414417226091

Contact

Jennifer Nobbs
07400836269
jennifer.nobbs@beamtree.com.au

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: ADI receives data from clinical systems and can send data back to clinical systems through simple integration, with results viewed inside the EMR vs using the stand alone dashboard. Note that installation / project costs may be impacted by the decision to re-integrate into clinical systems
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: None
• System requirements:
  • Encrypted data transfer over HTTPs (TLS 1.2)
  • Access via a supported web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Automated response within 15 minutes.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Level 1 customer service. Cost built in; Level 2 customer service. Cost built in; Level 2 technical support. Cost built in; Level 2 customer service on-site. Extra cost; Level 3 programmatic support. Extra cost
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Beamtree provide detailed specifications for the data feed and remote testing support. We provide remote training as standard, on site training as an optional extra. All technical and training documentation is available via a dedicated client portal.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Open API
• End-of-contract data extraction: Access to data post contract is by written request prior to subscription end date.
• End-of-contract process: Data management and access beyond the life of the contract is an additional cost and would be dependent on the level of access required and the length of time a site wishes to be able to access the data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: 1. Users can view acuity of a single patient and patients in aggregate at a ward and site level view.; ; 2. Users can view alert information, which includes:; ; a. Demographic information such as first name, last name, date of birth, bed number and patient identifier. This is configurable.; ; b. Clinical summary, which includes information such as observations and pathology results.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None, but it is planned.
• API: Yes
• What users can and can't do using the API: Users can be grouped into two user types:; 1. Human users; 2. Machine users; ; Human users have read-only access to the API indirectly via the Acuity Dashboard.; ; The Acuity Dashboard is a web client running in the human user's web browser that interacts with the API directly on the human user's behalf.; ; Human users can not make changes through the API.; ; Machine users can supply changes in patient clinical events as a data feed via the ADI's service's RESTful API.; ; Changes to patient demographic information such as first name, last name, date of birth and sex can also be made via the RESTful API.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: ADI customisation options are captured in the configuration manual. ; Beamtree works with the client to ensure the configuration options are agreed. Beamtree manages the technical aspects of maintaining configuration settings. There are no current end user customisations. Should end user customisation be introduced then it would be described in the training documentation supplied.

Scaling

• Independence of resources: Application resources are auto-scaled based on demand

Analytics

• Service usage metrics: Yes
• Metrics types: Usage metrics; Status metrics
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: Our solution is hosted on AWS, which handles physical security. AWS's infrastructure is complying with CSA STAR CCM v4.0.; Additionally, we implement encryption for all physical media to enhance security further.
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users cannot export their data.; ; The application is not designed for the intended users, clinicians, to import or export their data.; ; Data is imported from and exported to upstream clinical systems and not by clinicians.
• Data export formats: Other
• Other data export formats: Users cannot import their data
• Data import formats: Other
• Other data import formats: Users cannot import their data

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The ADI solution has a high availability feature (estimated at 99% and above.); ; Service levels are agreed with the customer based on the selected cloud deployment model (i.e. public or private.)
• Approach to resilience: Resiliency achieved through redundancy and fault tolerant design. Details available on request
• Outage reporting: Dashboard and email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Role based access with specific permission groups that allow access to the analytics interface, used by privileged users.
• Access restriction testing frequency: At least once a year
• Management access authentication: Other
• Description of management access authentication: N/A

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: We are Cyber Essentials certified in UK. Our governance practices are aligned with the ISO/IEC 27001 standard and incorporate elements of the NIST Cybersecurity Framework where relevant. Our objective is to achieve certification by the end of 2024, enhancing our compliance with these benchmarks.
• Information security policies and processes: Our information security framework is governed by a core Information Security Policy, supplemented by a Risk Management Framework & Policy, and operationalized through specific standards:; Data Classification and Handling Standard; Cloud Security Standard; Threat and Vulnerability Management Standard; Security Event Logging and Monitoring Standard; IT Acceptable Use Standard; Third-Party Risk Management Standard; Incident Response Standard; Physical Security Standard; User Access Management Standard; Cryptography Standard; End-Point Protection Standard; Human Resource Security Standard; Secure Development Standard; Network Security Standard; Business Continuity Plan Standard; Asset Management Standard; Change Management Standard; Compliance Management Standard; ; To ensure adherence to our policies, we've instituted comprehensive documentation, including procedures, checklists, and guidelines, to support the implementation of our security controls.; ; Our reporting structure includes monthly risk governance meetings with stakeholders, monthly security reports to the CTO, frequent updates to the executive team on risks and mitigations, and a quarterly risk report to the Audit and Risk Committee (ARC).; ; Regular audits, training, and policy reviews underpin compliance, with a Change Management Standard to keep our practices current against the evolving security landscape.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Configuration Management Process:; Baseline configuration entered into CMS; Updates by Architectural Review Board and integration with Change Management Process; Yealy audit of CMS; ; Change Management Process:; Change proposals triaged into Emergency, Standard or Normal Change types; RFC artifacts developed by implementation team as appropriate for Change type. ; CAB review as appropriate to Change type, including security review; Resourcing and scheduling deconfligration performed; Approval appropriate to Change type recorded on RFC artifacts; Implementation of Change; Verification of Change; Update to CMS; ; Operational Governance Process:; Technology Governance Committee reviews Architectural Review Board and CMS audit.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management process is designed to identify, analyze, prioritize, and remediate cybersecurity threats efficiently. We assess potential threats through a combination of vulnerability scanning tools (Rapid7, AWS inspector, Snyk and more), threat intelligence feeds, and external reports, ensuring a comprehensive understanding of potential risks. Patches are deployed rapidly, adhering to our SOP which mandates specific time frames for remediation based on the severity of the vulnerability, ensuring critical patches are deployed within 14 days.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our protective monitoring processes are integral to identifying potential compromises through real-time SIEM, intrusion detection systems and EDR. Upon detecting a potential compromise, our Cyber Security Incident Response Team categorizes the incident based on its severity and impact, and immediately initiates containment, eradication, and recovery procedures as per our detailed Incident Response Plan. Response times are determined by the severity of the incident, with critical incidents addressed within 1 hour. This structured response framework, supported by our comprehensive incident definition and categorization matrix, enables us to manage and respond to security incidents effectively and efficiently.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management processes are well-defined and structured to address common events effectively. We have pre-defined processes for various types of incidents, ensuring swift and organized responses. Users can report incidents through multiple channels, including direct communication to our security team and automated alerts from our security systems like EDR and SIEM. For incident reporting, we utilize a centralized incident register where all incidents are logged, analyzed, and categorized based on their severity and impact. Incident reports are provided through a structured process, ensuring all relevant stakeholders are informed according to the severity of the incident.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: NHS Network (N3)

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  The proven operational savings costs with ADI, in particular through reduction in length of stay, offers greater equity of access to services for all healthcare consumers regardless of economic means and health literacy

  Equal opportunity

  ADI has been tested across various patient populations and ethnicities around the world and has maintained its efficacy regardless of ethnicity and geographic location. As ADI is applied across the population, it can help to draw attention to any patient in decline, regardless of their health literacy or confidence to advocate for themselves.

  Wellbeing

  ADI provides acuity scoring across the patient population, identifying those at risk of deteriorating wellness, as well as those following or exceeding recovery expectations. The use of the scoring system to flag patient acuity to clinicians provides the opportuntiy to prevent adverse outcomes which directly impact both short and long term wellness.

Pricing

• Price: £20,833 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.nobbs@beamtree.com.au. Tell them what format you need. It will help if you say what assistive technology you use.