Upstream Health

Bridgit Digital Carer Support Service

The service supports identification of family carers, provides access to online support, and triage into additional services when needed.

This includes :
Carer Self-Help Support
Email Support
Smart Forms & Assessments
Referrals & Integration
Analytics & Reporting
Administration Portal

Features

• Carer Self-Help Support
• Carer Email Support
• Smart Forms & Assessments
• Referrals & Integration
• Analytics & Reporting
• Administration Portal

Benefits

• Identifying family carers
• Improving family carer lives
• Reducing health & social care demand
• Improving the productivity of social care teams supporting family carers

£0.02 to £0.03 a unit a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@bridgit.care. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

444758639195235

Contact

Darren Crombie
07816 905471
info@bridgit.care

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Mobile applications are limited to Android and IoS support. No Microsoft phone platform support.; ; Internet explorer version 11, firefox or chrome required to use analytics components.
• System requirements:
  • OS : Android 5.0 upwards / iOS 8 upwards
  • Network : 3G/4G/Broadband internet
  • Enterprise owned devices / BYOD with OTP device authorisation
  • Apple app / Google Play Store (Enterprise accounts)
  • Minimum mobile screen size 5.0 inch (Android)
  • Minimum mobile screen size 4.7 inch (Apple iPhone)
  • IE11 / Chrome / Firefox / Safari (Desktop only)
  • 1024 x 768 Resolution (Desktop only)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: No
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Details included in the Service Definition Document.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: End Users : ; ; Our Bridgit Carer online solution applications is simply accessed via browser once a carer clicks on a link from either a referral or a social media advertisement.; ; System Administrators : ; ; We do provide onsite training on the configuration tools used to setup and use our solution. ; ; We supplement our on-site training with electronic user guides and videos which are shared as part of our classes.
• Service documentation: No
• End-of-contract data extraction: We are data controller for the service. ; ; We provide anonomised data extracts to stakeholders in line with our DPIA.
• End-of-contract process: At the end of the contract we cease providing our support service to carers.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Yes solution has been designed and usability tested to work on a mobile browser.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Health checks can be configured based on different care pathways, as well as advice and guidance content.

Scaling

• Independence of resources: Each client has a dedicated architecture hosted on the Azure cloud which can be scaled up in line with demand.; ; Environments are actively managed and scaled up automatically in line with need. Any escalations / issues appear in our Azure service portal for immediate resolution.

Analytics

• Service usage metrics: Yes
• Metrics types: Following stats are broken down by mobile and desktop users:; ; Logged in users, and session durations.; Total transactions. Transactions over time. ; Average response times. Response over time.; SLA mapping/breaches.; ; Other metrics available on request
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Workflow Reporting; We have an analytics solution which supports data extracts.; ; Key features include:; 1. Design custom reports using our Bridgit data model,; 2. Design as various formats including as graphical charts or as tabular reports, maps and predictive analytics.; 3. Export to excel for further analysis or as PDF for document distribution; 4. Simple reporting dashboard with widgets like interface; 5. Automatic reports that can be scheduled to refresh and run at regular intervals; 6. Configure dashboard alerts that are triggered when certain values are breached.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% service availability is guaranteed via Microsoft as part of our Azure hosting solution. ; ; If these SLAs are missed by Microsoft then Upstream will pass through any reduction in that we receive again the infrastructure costs. (Currently, if Microsoft fail to hit SLA they apply a 10% discount).
• Approach to resilience: We include Microsoft Site Recovery as a recommended option for our deployments.; ; This reduces application downtime during IT interruptions, without compromising compliance. Microsoft disaster recovery provides comprehensive coverage across our Linux and Windows servers.
• Outage reporting: Any outages trigger an email alert to our customers and are managed through our robust service management processes. ; ; Based on the outage type our Business Continuity and Disaster Recovery plan would be triggered.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: The primary interface to raise requests into the service is online via Jira. ; ; An agreed list of service users is maintained with the client with the responsibility of raising service requests / issues. This includes a list of specific names and email addresses which we use to create the Jira accounts and ensure that only users authorized by the client raise requests.; ; If a call is received to the service desk then the users credentials are checked to ensure that they are authorised, and the user must provide the Jira details for us to discuss.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Security activities are part of our core organisation’s goals and priorities.; We are a small company and our CEO takes the lead on security decisions ; We track security decisions and ensure accountability.; We emphasise security with our subcontractors / partner including as agenda item on standing meetings.; We are a subscribed member of the Humber Business Resilience Forum to stay up to date on new threats and actions needed (https://www.hbrf.co.uk/)
• Information security policies and processes: We are an SME organisation so have a simple reporting structure. Our policies are shared with all employees, included in our induction process, and enforced through our reporting structure, personal objectives, and checkpoints.; ; We have formed our policies from the NHS Digital data and cybersecurity templates to ensure that our approach aligns to that of our NHS partners.; ; Examples of the policies we adopt include (but are not limited to):; Acceptable use - make all staff aware of the acceptable use of information systems and technology.; Antivirus and malware - protect properly against viruses and malware; Application security - software applications on all IT networks and equipment, including smartphones; Business Continuity - management of contingencies in the event of a business continuity scenario; Contract and supplier security management - We outsource therefore need appropriate controls and safeguards are in place to properly protect data and systems; Data handling - management of data flows and processing; IG Incident management - process for handling information governance incidents.; Patching policy - Approach to ensure that our servers remain up to date and secure (linking to Azure).

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The Upstream Change Management Process provides standardised methods and procedures for the efficient and prompt handling of all changes, including those to the services provided, or the introduction of new clinical and support services. ; ; All changes are logged and then processed through technical and clinical approval. This includes an assessment of the change impact to the technical infrastructure, applications, data model, supported processes, ; ; Changes are then planned and executed with status tracked via the change management tools, with audit held within Azure.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our solutions are hosted in Azure and we utilise the vulnerability assessment in Azure Security Center as a recommended option.; This provides vulnerability and health monitoring data back to Security Center and we can quickly identify vulnerable VMs on the Security Center dashboard.; ; Once a potential threat is identified we review recommendations and take appropriate action, prior to applying updates to the threat within the Security Centre to ensure they are tracked.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We utilize the Azure Security Centre to continuously monitor the security of our servers, networks and Azure services using hundreds of built-in security assessments that are included in the Azure platform. ; ; Security flaws are reviewed on a daily basis and resolved in line with suggestions. For example, critical suggestions will be fixed within the hour, whereas moderate threats may be scheduled into the next patch/policy update.
• Incident management type: Supplier-defined controls
• Incident management approach: We use Jira to manage our issues, development suggestions and changes.; ; We share our process with users as part of deployment. ; ; Users can log issues directly within Jira. These are the triaged within our support function for resolution within our SLAs.; ; Users can view live status of raised issues within Jira and review updates / planned fix sprint.; ; Users can produce extracts from Jira of all issues raised by their organisation for the purpose of reporting.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  Our remote carer support approach enabled care teams to deliver support to carers from any location. ; ; This enables carers to receive support in their own homes and significantly reduces the level of travel required by both patients and clinicians. This lowers the travel footprint of the NHS, In addition, by moving to full electronic records there is also a significant reduction in paper waste, storage and transit.
• Covid-19 recovery:

  Covid-19 recovery

  During COVID-19 we saw the number of family carers in the UK grow from 6.5M to 13.6M at the peak of the pandemic (Carers UK). ; ; This community represents by far our largest workforce in healthcare delivery, and therefore supporting this community also represents our biggest opportunity to positively impact health outcomes. ; ; Family carers are the ones closest to our patients / clients, delivering the day-to-day support and care to help their loved ones stay well and in their own homes. ; ; We need new ways to support and engage this workforce and that's what our digital platform does.
• Tackling economic inequality:

  Tackling economic inequality

  Tackling access to healthcare remains one of the biggest challenges in supporting improvements to health and the associated economic benefits. ; ; Supporting carers to be able to connect to support from wherever they choose, enables access to health services to be more equitable. ; ; Carers no longer need to rely on public transport to see a local carer support service, and can connect to support and online peer groups to get the help they deserve.; ; Within our assessment process we also provide support to carers to gain employment or receive financial assistance.
• Equal opportunity:

  Equal opportunity

  Currently we have printed PDF copies of support and advice available for :; 1. General carer support; 2. Caring for someone in the hospital system; 3. Caring for someone with mental health challenges; 4. Young adult carers; ; Within our support plan we have also developed the solution to work in over 50 languages. ; ; The user can just select their preferred language and all content within their report is automatically translated.; ; Embedded videos include subtitles in English, but can be easily translated based on the demand of the local area.
• Wellbeing:

  Wellbeing

  Our carers service has been developed to support carers self manage and improve their own wellbeing. From enabling them to self manage against a set of suggested tasks and content, to providing ideas and tasks for them to do in the community.

Pricing

• Price: £0.02 to £0.03 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@bridgit.care. Tell them what format you need. It will help if you say what assistive technology you use.