Solcom Limited

Whzan Digital Health

Health and activity monitoring using standardised national tools - supporting care professionals and families by highlighting vulnerability and deterioration with evidence-based data.

Whzan includes automated early warning triggers, NEWS2, health and activity pattern recognition, and simple user interface - continually enhanced, developed and updated by our in-house team of developers.

Features

• Real-time patient/resident data on the Whzan dashboard
• Collects, records, and displays health and activity data
• Used to remotely monitor patients in virtual wards
• Used for monitoring patients post hospital discharge
• Suitable for care, nursing, and learning disability homes
• Used for domiciliary care (NEWS2 of patients, etc)
• Enables remote Annual Physical Health Checks for SMI patients
• Supported self-management for individuals with single or multiple conditions
• Supports frail people living on their own
• Conducts comprehensive clinical assessments, communicating results to healthcare professionals

Benefits

• Triage patients on surgical waiting lists
• Reduce demand on NHS services
• Defer care home admission
• Empower patients to feel reassured and involved with their health
• Detect signs of change in health and behaviour
• No technical knowledge required
• Portable, wireless, Bluetooth enabled devices
• Authorised professionals access patient results and analysis in real-time
• Improve patient health
• Support patients to self-manage their condition(s)

£72 to £400 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at keith.chessell@solcom.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

440391772878857

Contact

Keith Chessell
01983817000
keith.chessell@solcom.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None.
• System requirements: Whzan subscription

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Questions are responded to within one hour of receipt Monday to Friday between 9am and 5pm, excluding Bank Holidays. Questions received outside of these hours are responded to within one hour the next working day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: All customers are provided with an Account Manager as their first point of contact for all queries. For technical support queries, Users are directed to our dedicated full-time help, training and technical support desk. They are available during office hours by phone, email, and video call. Issues are often resolved on the first call. They send replacement equipment and consumables, provide unlimited refresher training, technical advice and support.; ; If escalation is required, our support staff will pass on the query to our in-house team of developers. If necessary, issues will be escalated to our Directors.; ; Unlimited support is provided at no additional cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide face-to-face and online training for all Users. ; ; We provide as many training sessions as needed with our in-house NHS colleagues, who collectively have over 50-years’ healthcare experience and have been instrumental in development of technology-enabled care used in virtual wards, care homes and managing long-term conditions.; ; Our training program for clinicians, administrators, and care teams is in two-parts – an admin session and a hardware session. Sessions can be delivered separately or together.; ; The 30-minute admin session consists of setting up a training caseload for carers and clinicians to practice with. We demonstrate how to add patients, new Users, create caseloads, and upload Whzan data into integrated patient record systems.; ; The hardware session is attended by the care team who will be using the equipment, or a single champion, and consists of how to use each part of the system, for example taking observations and NEWS2 scores, and setting up activity monitoring sensors. ; ; All training materials are available upon request and via the Whzan dashboard under “HELP”.; ; Our in-house team of developers provide support for software-related matters by MS Teams, telephone and email.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users extract their data via a secured Excel or CSV document.
• End-of-contract process: At the end of a contract when there is no longer a legal basis for retaining data, or removal has been requested, it will be securely deleted from our servers. We can extract data and securely transfer it to the customer.; ; This is at no additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences between using Whzan on mobile or desktop.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Cloud-based web dashboard groups patients into “caseloads” which are often condition or location specific. Each caseload shows overview information of each patient, including name, DOB, NHS number and verification status, time and value of latest readings, device battery level, and red, amber, green (RAG) status. By default, the caseload dashboard lists patients using the RAG status column with high priority patients at the top.; ; Once a patient is selected from a caseload, their most recent readings are displayed in real-time alongside historical entries as charts, graphs, and numerically. Whzan facilitates messaging, video consultations, clinical thresholds, and condition specific information sharing.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Whzan is reviewed annually with manual audits by our Accessibility Consultants, by scans with an automated testing tool, and has been reviewed by users with visual impairments.
• API: Yes
• What users can and can't do using the API: Users can import and export data through the API.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users with the appropriate Role Based Access Controls, such as Healthcare Practitioner, Manager, or Administrator, can customise the dashboard layout, reports, and data content.; ; The dashboard layout is customised by selecting the caseload type, such as healthcare (default), annual physical health check, or heart health, to customise what data is shown. The list of patients can be sorted by any column by selecting the column title.; ; Reports are customised by selecting the date range, patient cohort or individual patient, and observations to be included. Reports can be further customised by contacting our support desk and our in-house team of developers will provide a bespoke report.; ; Data content is customised by selecting a patient from a caseload and assigning them any combination of vital signs, assessments and questionnaires.

Scaling

• Independence of resources: The system has been successfully load tested to 10x the current user volume to ensure it remained stable for large numbers of patients, readings and users. Specific cases examined were individual patients with large numbers of readings and multiple concurrent users logged in at the same time.; ; The server is configured to scale automatically, allocating additional resources as required, and we continuously monitor load levels to ensure this is working as planned.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide full usage statistics reports including type and quantity of data recorded for a patient cohort or individual patients. Our audit trail report details User logins and all actions taken with timestamps.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Azure Key Vault & Azure Active Director see https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest?msclkid=b2f26c8ea91a11ecac8f8d24fb4e36fc
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users export their data by downloading reports from the dashboard and via specific requests to our support team.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our Service Level Agreement guarantees 99.98% uptime. Whzan operates from dual locations on Microsoft Azure with an average uptime greater than 99.98%.; ; Any downtime is credited to the subscriptions
• Approach to resilience: Whzan operates from two independent UK Microsoft datacentres for maximum availability. Our data is stored in an encrypted form on the Microsoft Azure Cloud platform, one of the most secure server platforms available, and used by more than 7 million companies. Microsoft Azure is a tier 4 provider.
• Outage reporting: We notify our Users of any outages via email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Fully defined in our Quality and Information Security Management System, available on request.; ; Our developers and users, that have access to client data, use two factor authentication to access the data. Access at developer level is locked to our IP address. Different accounts have different levels of authority, meaning person identifiable data is only available to those who need access to it. Everyone has their own user login, which requires a secure password. ; ; Direct access to the azure back-end always requires MFA and is also restricted to specified IP addresses.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Amtivo Group Limited, trading as British Assessment Bureau
• ISO/IEC 27001 accreditation date: 03/07/2023
• What the ISO/IEC 27001 doesn’t cover: Nothing. Our whole service is covered by our ISO 27001 certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: We are ISO9001, ISO27001, and Cyber Essentials Plus certified, DTAC compliant, and hold NHS DSPT standards exceeded 2023/24.; ; All staff undergo annual information governance training and abide by our GDPR policies in our Quality and Information Security Management System. Our contracts with NHS and Councils include DPIAs. Our data protection policy ensures the lawful and correct processing of personal and sensitive data. Our website contains our privacy policy.; ; Our System Security Policy outlines measures in place to control the safety and security of data, including consent, hosting, business continuity, account termination/data destruction, and physical and software security. ; ; Whzan is hosted by Microsoft Azure in the UK, providing data encryption at rest, frequent testing of system security, IP locked access and backup. We conduct annual penetration testing by a CREST certified third party.; ; Our developers and users with access to client data use two factor authentication to access the data. Access at developer level is locked to our IP address. Different accounts have different levels of authority, meaning person identifiable data is only available to those who need access to it. Everyone has their own user login requiring a secure password. ; ; We conduct annual internal audits to ensure policies are followed.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Fully defined in our Quality and Information Security Management System, available on request.; ; We track and document all changes to Whzan including source code, documents, client requirements, and software versions.; ; Our Senior Management Team identify any potential changes, and delegate to a responsible team member to conduct a “research background” to determine the feasibility of the changes. Once completed, this forms part of the Management Review and is included in the internal audit schedule.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our approach to vulnerability management is fully defined in our Quality and Information Security Management System, available on request.; ; In accordance with our 'Context, Risk, Opportunities and Objectives' matrix we have assessed all Information Security threats based on their potential effects on Confidentiality, Integrity and Availability (CIA) attributes. Following this analysis, appropriate controls have been identified, which feed into our Statement of Applicability identifying controls to mitigate risks following the process of identification, analysis and evaluation.; ; Security patches are released as soon as practicable after a vulnerability is identified (subject to time required for development, testing, and standard release processes).
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Fully defined in our Quality and Information Security Management System, available on request.; ; Our Data Protection Policy defines our approach to the management of information security incidents, communication on security events, and weaknesses. Employees raise potential security vulnerabilities with the Executive Director Team immediately so the threat can be assessed and counter measures put in place.; ; Our Infrastructure Procedure contains our recovery targets and priorities to bring the system back online with minimal delay.; ; Security patches are released as soon as practicable after a vulnerability is identified (subject to time required for development, testing, and standard release processes).
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Fully defined in our Quality and Information Security Management System, available on request.; ; Solcom’s Cyber Incident Response Plan and the procedures to be followed in the event of an incident are detailed in our Data Protection and Security Policies. Management responsibilities and procedures are in place to ensure a quick, effective and orderly response to information security incidents.; ; Our privacy policy instructs Users to report incidents, such as a data breach, to our Data Protection Officer at privacy@solcom.com.; ; Our Data Protection Officer provides regular incident reports to those affected via email.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are committed to achieving net zero greenhouse gas emissions by 2040.; The Solcom Environmental Policy is regularly referred to in decision-making and during the induction of new staff, board members and volunteers. All Solcom staff are trained in understanding factors driving sound environmental practice and management. Solcom employees benefit from the Cycle to Work Scheme, promoting low-carbon transportation options. Environmental criteria are incorporated into our supplier selection and evaluation processes, preference is given to suppliers with strong environmental credentials and sustainable practices. Sea freight is chosen in preference to air wherever possible when importing goods. ; ; We continually reduce our carbon footprint and practice the principles of the 3Rs (reduce, reuse, recycle):; Reduce - non-essential documents and emails are not printed. We annually review which internal documents and external publications are essential, if they are not, they are cancelled thus reducing waste. We avoid disposable cups and food packaging bought by the office and for events. ; Re-use – one side pre-used paper is used in printers, for taking messages and for writing notes or draft copies of documents. We re-use envelopes and packaging. ; Recycle – all paper waste, toner cartridges and inkjets are recycled. If office furniture or IT equipment is being replaced, then we have those items reused or recycled. We use and support social economy organisations to recycle materials as appropriate. We endeavour to switch all publications and general office papers to 100% post-consumer waste recycled papers. When purchasing other items of office equipment, recycled options are chosen where available. ; ; We comply with all relevant environmental legislation, including the Waste Electrical and Electronic Equipment (WEEE) Regulations. We minimise the use of energy in our activities. For example, lights and equipment are switched on only when needed and not out of routine. Low energy bulbs are used where possible.

  Covid-19 recovery

  Whzan supports the physical and mental health of people affected by COVID-19 by enabling patients, residents, and staff to record their vital signs, symptoms, and complete assessments on Whzan. Data is automatically uploaded to the dashboard in real-time, monitored by clinicians. Signs of deterioration are detected earlier, reducing the demand on health and care services. ; ; Whzan supports the COVID-19 recovery effort by enabling patients to be monitored remotely including virtual consultations, so there is no need to travel for appointments. ; ; Mid and South Essex ICB used Whzan to increase care capacity during the COVID-19 pandemic, enabling patients to submit vital signs and assessments into Whzan from their own home.

  Tackling economic inequality

  We prioritise the recruitment of skilled local people. For example, our North East support office is based in Sunderland to support our health and social care work with Sunderland City Council and South Tyneside and Sunderland NHS. Employees working in this office have a Sunderland address. Our Isle of Wight office employs apprentices from the local College to support our work with the Isle of Wight NHS. Our Isle of Wight Office employs multiple local skilled people, including software developers, project coordinators, system builders, accountants and more.; ; Where installation services are required, we subcontract installation companies local to the contracting area, including new businesses and entrepreneurs, start-ups, SMEs, VCSEs and mutuals. We collaborate with our supply chain partners fairly and responsibly to deliver contracts.; ; Whzan is brand and device agnostic, enabling us to support innovation and disruptive technologies to deliver lower cost and higher quality services.; ; We identify and manage cyber security risks in the delivery of contracts, including in the supply chain, by maintaining ISO9001, ISO27001, and Cyber Essentials Plus accreditation.

  Equal opportunity

  To tackle workforce inequality, we support in-work progression to help people, including those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant to the contract. Training and development opportunities include training courses, conferences, seminars, work shadowing, formal study, coaching and mentoring.; ; We take action to identify and manage the risks of modern slavery in the delivery of the contract, including in the supply chain. Our Anti-Slavery Policy Statement reflects our commitment to acting ethically and with integrity in all our business relationships. We do not support or deal with any business knowingly involved in slavery or human trafficking. Staff are trained to ensure that slavery and human trafficking does not occur within our organisation or our supply chain. All new and existing employees are subjected to right-to-work checks to ensure that we do not employ illegal workers, thereby ensuring compliance with the Immigration, Asylum and Nationality Act 2006.

  Wellbeing

  We support the health and wellbeing, including physical and mental health, in the contract workforce by providing additional Whzan systems for teams to complete physical health checks, NEWS2, and any assessment such as those for Generalised Anxiety Disorder and Depression. Contract workforces have access to our App containing a library of condition specific self-management information including COPD, asthma, heart failure, diabetes, hypertension, musculoskeletal physiotherapy, pregnancy, and long COVID. We have multiple evaluations from the NHS using Whzan in care homes and community settings, such as North Central London ICB and Sussex NHS, where carers and clinicians use Whzan to monitor themselves and identified high blood pressure and signs of illness. For example, a cook in a North Central London care home often reported he felt unwell. They used the Blue Box to check his vital signs and he reported a NEWS2 score of 9. An immediate call was made to 999 and within 20 minutes was transferred to hospital via ambulance.; ; We support the welfare of the Whzan team and ensure our working environment is safe and delivers a positive supportive environment. We remain mindful of our duty of care, and legal obligations under the following: Health and Safety at Work Act 1974, Data Protection Act 2018, Safeguarding Vulnerable Groups Act 2006, Equality Act 2010, and Protection of Freedoms Act 2012.; ; Brian Martin, our Technology Enabled Care Consultant, is a registered paramedic with over 43-years’ NHS healthcare experience, providing our team with comfort a qualified professional is always on hand in case of emergencies.; ; We collaborate with users and communities in the codesign and delivery of contracts to support strong integrated communities. We continuously work in partnership with end Users in the design of Whzan and customise the system to meet the requirement of different clinical pathways and patient cohorts.

Pricing

• Price: £72 to £400 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We provide free trials of up to 6 months with all software, hardware, training, and support provided. No features are excluded.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at keith.chessell@solcom.com. Tell them what format you need. It will help if you say what assistive technology you use.