my mhealth

Healthcare

Our service is the development and deployment of healthcare applications to improve the self management of patients suffering from Long Term Conditions, cancer and preparation for surgery.

Features

• Remote Access to service
• Medical advice in line with National Guidelines
• Real Time Reporting
• Clinical Oversight

Benefits

• Improve Self Management of patients
• Reduces hospital admissions
• Improve medication techniques
• Health management on the move
• Rehabilitation at scale
• Educational Content
• Exercise Interventions

£0.65 a user

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian.thompson@mymhealth.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

445909071070082

Contact

Ian Thompson
07872 419346
ian.thompson@mymhealth.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: The software supports certain browsers and versions for example Chrome.
• System requirements: Not Applicable

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We will respond to emails within 48 hours and according to our service level agreement.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: The web chat function is an add on, an outsourced off the shelf software, compliant with the required regulations, and is in addition to the main routes, such as telephone or email.
• Onsite support: Yes, at extra cost
• Support levels: System training is delivered via our eLearning platform, providing courses, allowing users to fully understand its benefits. This is available 24/7 and is able to be revisited as and when it is required. Users are also able to attend our monthly engagement sessions, hosted by the company's Digital Health Advisers. For additional technical support, users also have access to our customer support team, available Mon-Fri between the hours of 8am and 5pm.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Users are prescribed the service by their healthcare professional. They are provided with an activation link which will allow them to set up their user account. There are a number of instruction elements within the service and we have a tech support line for any complications or struggles. Healthcare professionals are provided with full training and support sessions either on site or remotely prior to the delivery of the service and are supported through e-learning modules.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The contract does not end for patients as the licence is available to users for life. For any data extractions, we have a manual extraction process that allows us to provide this is an accessible format, in line with regulations. Termination of contracts would be dealt with on a case by case basis.
• End-of-contract process: At the end of any contract access to the platform from the healthcare provider side is discontinued. Any healthcare provider data stored is archived. However, the patients continue to have access to manage their condition(s) dependant on diagnosis .

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences in functionality between the 2 services. It is a web based view.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: There is a user interface for users of the service and a separate clinician dashboard interface, for healthcare professionals delivering care.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: There has been no formal assisted technology testing however, we have an accessibility statement. We do sign post people through the accessibility guidelines and also support My Computer My Way website.
• API: Yes
• What users can and can't do using the API: Open API through contractual obligation.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Clinicians are able to customise the self management plans at an individual or population level. ; ; Patients are able to customise the platform by adding their own specific medication and disease metrics. The patient can also record when they have taken their treatment in the medication diary. This is real time user contributed data that can be viewed in the clinical portal.; ; Medication Management (Medication Diary and My medications) View, add and delete functions. With prescription assessment according to national guidelines. Medications can only be added if condition specific; ; Upload information / photos to support shared decision making e.g., diabetes eyes,kidney and foot care; ; Activity Diary-Tracking physical and rehab activity. Additional functionality to connect to selected integrated fitness devices via Bluetooth to allow seamless automated data; capture; ; Smoking data is only resented to smokers based on user input; ; Weather and pollution forecasting custom to geo locations

Scaling

• Independence of resources: My mhealth is a web-based service hosted in Amazon Web Services (AWS), using multiple instances across a Kubernetes cluster based in London to provide high availability. Instance and data backups are run daily across the system, with the backups stored in separate locations so that, in the very unlikely event that all three data centres are unavailable in London, the system can be restored in any other AWS region.; ; Grafana and Prometheus Kubernetes Cluster Monitoring is in place to report any potential performance bottlenecks, surges in activity, the cluster health and performance metrics.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide service metrics via our operations division at a high level and can be agreed based on distribution, activation, education views, and exercise course completions.; ; We have the facility to report via an api, this would need to be discussed on a case by case basis and may be at additional cost.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Currently, as it stands, within the platform there is not the functionality to export any other data. If users wish to export data then we provide that service manually. This may not be the case in the future.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Json
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Pdf
  • Jpeg
  • .png
  • Images from digital devices

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: AES 256 Encryption
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: End to end encryption at rest and in transit using AES 256 encryption

Availability and resilience

• Guaranteed availability: Extracts from our SLA-Reasonable commercial efforts will be used to provide network service availability with a monthly uptime percentage of at least 99.9%.Upon incident notification by the customer or automated monitoring tool, the Recovery Time Objective will be:; a) 2 hours during office hours and ; b) 8 hours during out-of-office hours relative to the deployment location.The IT team will actively monitor the service and apply corrective measures to it during business days. A team of IT professionals will monitor the system from 08:00 until 17:00 (UK time), from Monday to Friday, except Bank Holidays.
• Approach to resilience: The service is hosted by AWS, and data is stored within their infrastructure. They hold a number of certifications for security, such as the ISO 27001. my mhealth further apply measures for resilience such as password policy, (forming part of their quality management system), MFA on privilege user accounts and regular penetration testing.
• Outage reporting: Known outage would result in prior notification to all users. We are contracted, in line with our SLA, to operate at a 99.9% network availability. We will communicate progress of any unknown outages to users.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: NHS login enabled
• Access restrictions in management interfaces and support channels: There are separate environments and interfaces for separate user access. All user access is via secure login and is user restricted. More details can be found in our DPIA
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Penetration testing; NHS Login

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • NHS DSPT
  • DCB 0129
  • Digital Technology Assessment Criteria (DTAC)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials and Cyber Essential Plus
• Information security policies and processes: We run a number of policies and procedures to satisfy our commitment to quality and safety. We run the our security to our certified cyber essential and are aligned to ISO 27001. We have designated individuals for each area to the business including, clinical, governance and risk management. There is a clear and define line management hierarchy imbedded to ensure all processes are followed. Our policies are implemented via our quality management system which is aligned to the ISO 13485 recognised standard. A list of policies can be requested.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: As we are the manufacturer and distributor we use a number of internal processes to ensure the compliance of the product. There are multiple stages of review and sign off through its design, development, testing and implementation stages. Design incorporates user testing, where applicable is then signed off by clinical lead, in line with national guidelines. Rigorous testing is completed in a QA environment. Feedback and evaluation is reviewed on a weekly basis. The same process is implemented for new products or iterations, it is treated the same.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We do not own or control client devices (NHS workstations, patient phones etc.), At data level, the system utilises OWASP components to filter all traffic against malicious code. At deployment level, software build artefacts are virus- scanned using Cisco’s ClamAV. System level, operating systems are either security- patched from official repositories or replaced altogether (immutable infrastructure) by utilising official AWS system images. Security advisory feeds (NIST / NVD / CVE) are run against a list of software components in use, reviewed and documented. Additional security notifications from vendors are reviewed and applied. Other external and internal security assessments are annual.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: New or significant iterations to the service follow a design process, to include a project FMEA (risk register) to record and to identify both potential and identified risks. This is a living document updated throughout the design and implementation process. There are a number of internal testing stages to also identify and mitigate risk/incidents. Incidents are recorded and added to an issue log, escalated to a hazard log, rag rated and allocated appropriately, in order to mitigate risk to an acceptable level or to resolve the reported issue. The logs are reviewed weekly to identify reoccurring incidents.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management processes have been implemented. This applies to all stages of the product lifecycle. We have a tech support team who record all incoming feedback and issues, whether via phone, email, internal or externally provided. They are recorded and escalated by the compliance team to a hazard log and are subsequently RAG rated, in terms of severity and allocated to the relevant individual to mitigate, as much as reasonably possible. These can be provided or exported.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Wellbeing

  Tackling economic inequality

  The platform can provide access to healthcare services. This allows populations that might otherwise face barriers due to economic constraints. By offering remote health monitoring tools, individuals in underserved or remote areas can receive timely care without the need for expensive travel or time off work. Our platforms offer services at a lower cost compared to traditional healthcare settings. This affordability can make essential healthcare services more accessible to low-income individuals and families, reducing the economic burden associated with seeking medical care.

  Wellbeing

  By reducing barriers to access, such as cost and distance. This can lead to earlier detection and treatment of health conditions, ultimately improving health outcomes and overall well-being.; When individuals have access to health information and resources through digital platforms, they are empowered to take an active role in managing their own health. This sense of empowerment can lead to increased engagement in healthy behavior and proactive healthcare decision-making, which can contribute to better overall well-being.

Pricing

• Price: £0.65 a user
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian.thompson@mymhealth.com. Tell them what format you need. It will help if you say what assistive technology you use.