Health Fabric

UNITY - Digital Health Platform

Digital Health software, to enable self care and health and wellness monitoring.

Features

• Multiple Language support
• Multiple long term condition support
• Real Time patient analytics
• Remote patient monitoring
• NHS Integration services
• NHS Login
• Chronic Condition Management
• Self Care and Self Management
• Digital Health Device Integration
• AI based supportand health Navigation

Benefits

• Remote Patient Management
• Multiple Languages Support
• Equality and Inclusivity of healthcare
• Healthcare Management across different conditions
• Self Care for multiple conditions

£0 to £5,000 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ben@healthfabric.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

438380340192291

Contact

Ben Taylor
0121 262 4125
ben@healthfabric.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Any system via REST based API's
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • IOS applications
  • Android Applications
  • Modern Browser Support

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24hrs From Monday to Friday between 9am - 5.30pm
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Prices for different levels can be found in Service Specification; ; Priority 1 The entire Service is "down" and inaccessible. ; Priority 1 incidents shall be reported by email. Response within two Normal Business Hours. ; ; Priority 2 Operation of the Services is severely degraded, or major components of the Service are not operational and work cannot reasonably continue. Priority 2 incidents shall be reported by email only. Response within four Normal Business Hours. ; ; Priority 3 Certain non- essential features of the Service are effected. Response Within 12 Normal Business Hours. ; ; Priority 4 Errors that are, non disabling or cosmetic and clearly have little or no impact on the normal operation of the Services. Response Within 24 Normal Business Hours.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide virtual training, onsite training and user documentation.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: This can be done via a request to us as defined in Service Provision Agreement.
• End-of-contract process: There is no additonal cost at the end of the contract. Service users of the app can continue using the Unity app, however healthcare organisations will not be able to access the analytics and add self care content to the system.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile devices are used by patients / service users only. Healthcare organisations use internet browser to access system and analytics.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: Functionality of API's described in service specification. API's used to access data and functionality of the system and can be used for interoperability purposes with external health systems and devices.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can add self care content and information to the platform.

Scaling

• Independence of resources: The AWS cloud infrastructure is load balanced and has elasticity built in to cater for varying demands.

Analytics

• Service usage metrics: Yes
• Metrics types: Health Organisations will be able to access a range of analytics that describe :; Number of users using the system; Metrics associated with Logins; User self management activity
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: A written request for the delivery to the Customer of the then most recent back-up of the Customer Data.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: We shall shall provide at least a [99.5%] uptime service availability level (Uptime Service Level); ; All measurements are performed at [five-minute] intervals and measure the availability of an availability test page within the Software within 30 seconds. ; ; If availability falls below the Uptime Service Level (as defined in paragraph 1 of Schedule 7 of Service Provision Agreement) in a given calendar month (Service Delivery Failure), the Supplier shall credit the Customer's account by an amount calculated as the product of the total cumulative downtime (expressed as a percentage of the total possible uptime minutes in the month concerned) and the total Monthly - Software Licence Fee owed for that month (Service Credit).
• Approach to resilience: We use availability zones inbuilt into AWS infrastructure to enable resiliance more information on this can be found https://aws.amazon.com/blogs/architecture/it-resilience-within-aws-cloud-part-ii-architecture-and-patterns/
• Outage reporting: We employ monitoring agents on the infrastructure which generate SMS and email alerts. We access the data via a API and public dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: When users are created, everytime they login they are asignned token whenever they login.; We also use OpenID mechanisms for logins including NHS Login.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: This is via AWS https://aws.amazon.com/compliance/iso-27001-faqs/
• ISO/IEC 27001 accreditation date: November 10 2018 https://d1.awsstatic.com/certifications/iso_27001_global_certification.pdf
• What the ISO/IEC 27001 doesn’t cover: Not Applicable
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: CSA CCM version 3.0
• Information security policies and processes: Information Security polics are maintained by the Director of IT, and we adhere to polices that are defined and followed as per our cyber essentials certification.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We use a Azure DevOps to manage and track all changes to the system and force version control, and also log all testing and signoff.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We adopt a full penetration testing approach to vulnerability management - this includes OWASP 10 testing https://owasp.org/www-project-top-ten/
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We look to respond within 2 hrs of any potential comprimises.We use AWS CloudWatch to enable monitoring. AWS Cloudwatch can meet most logging and monitoring requirements, and provides a reliable, scalable, and flexible solution. Many AWS services automatically provide CloudWatch metrics, in addition to CloudWatch logging integration for monitoring and analysis. CloudWatch also provides agents and log drivers to support a variety of compute options such as servers (both in the cloud and on premises), containers, and serverless computing. This guide also covers the following AWS services that are used with logging and monitoring.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Users can report events via the web or via the app. All issues are ranked based on severity and looked to be resolved based upon the severity of the incident. Customers get montly reports that highlight any incidents that were detected and dealt with,

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  We support reducing health inequaities by providing our services to marginalised groups and in different languages. We also support the recruitment and development of a ethnically diverse work force enabling equal opportunities for all.

  Wellbeing

  We enable health and wellness services through our digital health platform in a equitable manner.

Pricing

• Price: £0 to £5,000 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: It is possible to sign up for a trail service online to create a health and wellness plan. This is limited to 1 plan for trial purposes.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ben@healthfabric.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.