Orion Health Ltd

Orion Health Care Coordination

Orion Health Care Coordination provides the clinical, administration and patient-focused tools required to manage and optimise the care of patients. Manage patients as part of basic clinical workflows through to chronic condition patients with complex care requirements.

Features

• Simple creation of care plans and forms (EOL, TEP, CGA)
• Standardised configuration of common plans and forms (ReSPECT, About Me)
• Shared worklists, tools, and notifications across care settings
• Predefine care pathways based on clinical best practices
• Enable virtual wards
• Complex discharge and transfers of care
• Cohort Management
• Single Sign-on and Multi-Factor Authentication
• Leverage the shared care record
• Flexible and adaptable solution

Benefits

• Organise complete care models
• Standardise processes and care for those with complex needs
• Enhanced management of chronic patients using technology in their home
• Rapid, smooth transfers of care
• Reduce hospital admissions and associated costs
• Allow multidisciplinary teams to work more effectively
• Treat patients at the right place and time
• Improve coordination or care in the community
• Reduce the need for face-to-face appointments
• Integrate with the wider health and care system

£6.00 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial_uki@orionhealth.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

428241735823007

Contact

Craig MacGillivray
08003686290
commercial_uki@orionhealth.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Orion Health Amadeus Platform - Shared Care Record
• Cloud deployment model: Private cloud
• Service constraints: The service is based on an open, modular software stack and constraints of the service vary dependant on the modules taken. ; The service is browser-based, dependencies detailed below.
• System requirements:
  • Desktop Operating Systems: Windows 7 or above, macOS
  • Database servers: Oracle, SQL Server
  • Secure browser-based via HTTPS
  • Browsers: Latest Version Chrome, Microsoft Edge, IE11, Mozilla Firefox, Safari
  • Mobile browsers: Mobile Mozilla Firefox, Mobile Safari, Mobile Chrome

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support services are typically submitted via a client portal directly into our IT Service Management tools, where they are triaged by Support Analysts as part of our regional Service Delivery team. ; ; Our Support Tracker tool has several levels of prioritising requests. Queries are assigned a Level depending on how critical the problem is. ; ; Standard Initial Response Times per Ticket (incident) are: ; Level 1 (Critical business impact) - 30 minutes; Level 2 (Business impact - Urgent) - 1 hour; Level 3 (Minor operational impact) - Next Working Day; Level 4 (No production impact - Planned) - Next Working Day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Orion Health offers the following support and maintenance services tailored to client requirements:; ; Service Delivery Management:; - Central point of coordination for incident tracking, feedback, escalation and reporting; - Planning, execution, management of SLA reports, Service Improvement Plans, Major Incident Management process and Root Cause Analysis reports; ; Tier 2 Support Helpdesk:; - 24x7 phone, email, portal and remote connected support services for Priority 1 incidents; - Business hours phone, email, portal and remote connected support services for Priority 2+ incidents; - Diagnosis and implementation of incident solutions (workarounds, emergency fixes, data fixes, recoveries, re compiles, bug fixes); ; Application Monitoring & Maintenance ; - Proactive monitoring and maintenance of the application stack; - Deployment of product upgrades, changes, fixes and enhancements; - Change management - change and version release documentation; - Database optimisation and data archiving services; - Monthly application performance reporting and software advisory; ; Infrastructure Monitoring & Maintenance ; - Proactive monitoring and maintenance of infrastructure stack; - Network management and maintenance; - Patching and upgrades of operating systems and infrastructure; - Monthly infrastructure performance reporting and advisory; - Backup and disaster recovery planning and execution; ; SOC & SIEM ; - 24/7 monitoring to detect and address cybersecurity events in real time
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Orion Health offers a wide range of training courses and materials to facilitate rapid adoption of the solution. Training is offered through:; ; - Online Academy; online self-paced modules with quizzes and file submissions graded by an experienced Orion Health trainer.; ; - Instructor-led; face to face training with an experienced Orion Health trainer, often at the customer site.; ; - Webinar; instructor-led training with the convenience of a virtual learning environment. ; ; A 'Train the Trainer' approach is often recommended, whereby Orion Health provide the local team with the knowledge and skills necessary to establish an ongoing end user program independent of Orion Health resources.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: At the end of a contract, users can export their configuration and data before the server is cleared by Orion Health. Orion Health retains all intellectual property in the software, and grants a perpetual license to the customer, subject to payment of the license fee. The customer owns the configuration of the Orion Health solution at the customer site. The customer does not receive the source code of the software, but Orion Health offers an escrow service at an additional cost.
• End-of-contract process: An agreed exit plan will be included in any contract with a customer. The exit plan will contain all the detail necessary to affect a smooth and orderly termination of the services and hand-over to the customer or a new service provider. As such the deliverables and activities that would typically form part of an exit and handover include the obligations of each party, applicable schedule and timescales and the approach to data migration.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The user experience is designed to remain consistent across devices. Our mobile capability utilises progressive web app technology, enabling native app-like experiences for iOS and Android. The solution is fully mobile responsive irrespective of device or browser, rendering the display to the device in use. The layout reflects the device in use, e.g., on tablets, navigation around the screen and selection of screen elements is done with finger swipes and taps vs mouse navigation on a desktop.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Clinical Portal is a secure web-based solution that provides users with tools to support patient care through a single point of entry to the consolidated patient record. Data is arranged into a unified and consistent view, making it relevant to the role of the user. The interface is easy to use; it has an efficient, modern and intuitive graphical interface that will be familiar to anyone who has browsed the internet and used common clinical systems.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: We actively test assistive technologies such as VoiceOver and JAWS and have implemented the necessary code as per the standards to enable other types of assistive technologies.
• API: Yes
• What users can and can't do using the API: Third party developers can access the rich data and services held in the platform through our Open APIs, which are built using industry standards such as REST and HL7 FHIR. Our APIs provide access to structured data resources held within the service, such as demographics, encounters, medications, etc. They currently provide read only capability.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The solution is highly customisable by both system administrators and end users to meet the needs of individual users and departments and/or specialities.; ; Administrators can, for example, create and modify forms, design simple pathways, schedule tasks, and configure users and user groups for access.; ; Users can customise the way data is presented to present information that is most relevant to the individual users' workflow.

Scaling

• Independence of resources: Each customer has their own instance of the service with dedicated application and database servers. The service uses elastic scaling load balances to handle peaks in demand and service monitoring allows proactive scaling of hosting infrastructure.

Analytics

• Service usage metrics: Yes
• Metrics types: Orion Health provides a range of system metrics and reports, depending on the client need. Examples include: ; - Total monthly logins; - Account status; - Total licences used; - Monthly users created; - Total support tickets logged/open/closed for a month; - Any high priority issues; - Any problem tickets; - Any outages; - Open incidents ; - Server space report / Disk space used; - Total messages processed; - Number of patient records viewed; - Number of patient records available; - Monthly usage figures (total logins).
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: At the end of a contract, users can export their configuration and data before the server is cleared by Orion Health. Orion Health retains all intellectual property in the software, and grants a perpetual license to the customer, subject to payment of the license fee. The customer owns the configuration of the Orion Health solution at the customer site. The customer does not receive the source code of the software, but Orion Health offers an escrow service at an additional cost.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • Other
• Other data import formats: Data can be uploaded in any documented format

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Orion Health offer high availability solutions that are operational 24/7, 365 days per year. Typically, the only downtime is for scheduled maintenance (i.e. upgrades) which are usually scheduled for off-peak hours when there are minimal users online. Most Orion Health customers experience availability of at least 99.9%, with some operating at 99.99%.
• Approach to resilience: High availability is achieved using elastic scaling infrastructure, connection load balancers with service health monitoring, multiple redundant nodes geographically distributed over two or more availability zones, and block level data replication.
• Outage reporting: Outages are handled as part of our Incident Management process and reported through real-time customer communications and monthly reports.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: The service supports Role Based Access Control (RBAC) whereby access is controlled based on the user's role and their membership in one or more user groups (e.g. administrator level access). Management access (e.g. for engineers) can be requested explicitly by individuals requiring access. Requests are reviewed and approved in accordance with our documented security policy and, if appropriate, granted with time bound, least privileged, constraints.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRQA
• ISO/IEC 27001 accreditation date: 02/12/2022
• What the ISO/IEC 27001 doesn’t cover: The ISO/IEC 27001:2013 certification is applicable to the provision of Interoperable Health Software from the Orion Health UK and Ireland business, including our London, Glasgow and Belfast offices, and third party hosting services. This includes sales, implementation and support functions being delivered to the public and private sector.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27001:2013
  • Cyber Essentials Plus
  • Data Security and Protection Toolkit (DSPT)
  • Information Commissioners Office registration
  • General Data Protection Regulation (GDPR) & Data Protection Act 2018
  • Caldicott Principles
  • The services utilises Amazon Web Services (AWS) cloud hosting
  • AWS is compliant with a series of global security standards
  • Such as ISO 27001, 27017, 27018, 9001,
  • CSA STAR 1 and 2, NCSC, DSPT, Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: - Cyber Essentials Plus; - Data Security and Protection Toolkit (DSPT); - Information Commissioners Office registration ; - General Data Protection Regulation (GDPR); - Data Protection Act 2018; - Caldicott Principles
• Information security policies and processes: Orion Health has adopted an internationally recognised information security management standard, ISO 27001:2013, in order to provide a systematic approach to managing confidential and sensitive information so that it remains secure. Using this standard as a baseline, Orion Health implements an Information Security Policy to control the governance and protection of our customers’ information assets under our care, as well as our own information. Our Information Security Policy is supported by a collection of administrative, technical, and physical policies and processes aligned with best practice advised by ISO 27002:2013 and expected by Article 32 GDPR. These policies and procedures ensure the integrity and confidentiality of personal data (including health data) and protect against anticipated threats or hazards to the security or integrity of such information. ; ; The Information Security policy is approved by senior management and subject to continuous, systematic review and improvement. Orion Health has established a “secure by design” program that considers security as integral to the service lifecycle and regularly engages employees in Information Security, Privacy, and Code of Conduct training.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The Change Management process is managed as part of our industry standard ITIL aligned customer support service. We operate a structured change control process so that where additions and changes are required they go through a thorough process of requirements gathering and joint agreement.; Our Change Management process ensures all changes to the architecture and its components (Configuration Items) are authorised and documented and appropriately managed to ensure that impact on the system is kept to a minimum.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Orion Health subscribes to various agencies for information and alerts related to emerging threats and vulnerabilities. Additionally, Orion Health conducts internal and external security scans of all Orion Health managed production environments, on at least a monthly basis. All findings are managed using Orion Health's Patch and Vulnerability process. The risk associated with each finding is assessed, and remediation is prioritised and managed in accordance with the Orion Health Risk Management Process.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The Orion Health solution is monitored 24x7x365 by the Security Operations Center provided by the Managed Security Services Provider. This includes real time log monitoring, via a SIEM, from various log sources including Firewalls, Intrusion Prevention/Detection Systems, File Integrity Management, Anti-Malware, as well as infrastructure and administrator log events. Access to the environment is controlled via business requirements, strict minimum necessary permissions, and MFA. Access audits are conducted twice a year.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The Incident Management process is managed as part of our industry standard ITIL aligned customer support service through the provision of the Orion Health Customer Support Service Desk. The Support Desk is responsible for receiving and processing service requests, for assisting users, and for coordinating incident resolution. Customer incidents are logged via a toll-free support telephone number and through an online support system, Support Tracker. ; The incident management function is extended to deliver a problem management function to ensure analysis of root causes and to prevent incidents from recurring in the future.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Orion Health will contribute to fighting climate change through the measurement, disclosure and reduction of carbon emissions as defined by the GHG protocol Scope 1, 2 and 3. ; ; Orion Health is committed to the delivery of innovation to our customers while mitigating the environmental impact and promoting sustainable practices. This commitment is outlined in the Orion Health UK & I Environmental Policy which aims to ensure that all business-related activities comply with relevant environmental legislation, including the ISO 14001 standard. The aims and objectives of the Orion Health Environmental Policy are communicated to our staff and contractors periodically.; ; Orion Heath is aligned with the NHS Net Zero ambition, and we are taking steps to reduce Greenhouse Gas emissions. ; ; We have published a Carbon Reduction Plan which outlines our baseline emissions footprint, targets for reduction, and a strategy for achieving them. The Carbon Reduction plan is updated annually to track and measure our ongoing commitment.

Pricing

• Price: £6.00 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial_uki@orionhealth.com. Tell them what format you need. It will help if you say what assistive technology you use.