LifeBox Health

Recovery

The Recovery module supports patients following discharge and allows Hospitals to create virtual wards to build capacity.

Recovery allows patients to self-report sleep, pain and mood, upload pictures and videos. Hospital teams can remotely monitor progress, avoiding unnecessary follow up outpatient appointments.

Features

• AWS cloud hosted platform built for scalability
• Security built in by design
• Secure patient registration and login protected using industry grade mechanisms
• Comprehensive questionnaires developed from national guidance
• Intelligent clinical notes and task driven actions for patient optimisation
• Post discharge monitoring
• Virtual ward
• User-friendly responsive design supporting multiple devices and browsers
• System integration to EPR, pathology, radiology, supports HL7 and FHIR
• CE, NHS Data Security and Protection Toolkit and ISO9001/27001

Benefits

• Digital one-stop patient assessment, procedure education and outcome scoring
• Empowers patients through education, self-reporting, access to re-hab materials
• Clinically proven enhanced patient knowledge retention of procedure and consent
• Significant reduction in emergency readmissions
• Reduction in unnecessary outpatient follow up appointments
• Unique nurse validation of patient responses based on national guidance
• 24/7 access for anaesthetists, nurses and clinicians for patient review
• Financially proven to reduce costs and drive greater efficiency

£2.00 to £2.50 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at fraser@definitionhealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

469537341198396

Contact

Fraser Coombes
07951406142
fraser@definitionhealth.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Patient management systems and Electronic Patient Record systems
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: Web connected device (laptop, PC, tablet, phone)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support is provided from Monday to Friday 9 a.m. to 5 p.m. (GMT) excluding Bank Holidays.; ; Priority 1 - Operation of the Service is critically affected (not responding to requests or serving content) for a large number of users; no workaround available.; Response time: 2 Hours; ; Priority 2 - Service is responding and functional but performance is degraded, and/or Incident has potentially severe impact on operation of the Service for multiple users.; Response time: 1 Day; ; Priority 3 - Non-critical issue; no significant impact on performance of the Service but user experience may be affected.; Response time: 3 Days
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: N/A
• Onsite support: Onsite support
• Support levels: Support is currently provided from Monday to Friday 9 a.m. to 5 p.m. (GMT) excluding Bank Holidays, through Phone, email, SMS & WebChat. Account & support managers will manage all interactions.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: On-site training is provided as well as 1:1 coaching where required. Training / instructional materials are available to all users.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All relevant data is provided in a printable format as part of the POA process. This represents a full data delivery and negates the requirement for end of contract for additional data extracts.
• End-of-contract process: The product is a cloud hosted Software-as-a-Service and is charged based on usage. At the end of the contract, access to the service will be removed and the customer’s users (including the authentication) will be erased using approved techniques.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: LifeBox Health app is a responsive web app so there is no difference
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: No

Scaling

• Independence of resources: LifeBox is designed and built upon a server-less architecture so has the ability to infinitely scale to the capacity of the cloud providers global scale.

Analytics

• Service usage metrics: Yes
• Metrics types: Monthly usage, other data is available on request.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data is exported as a PDF and then managed via the clients own processes. We can provide custom CSV extracts to support performance metrics.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Integration via HL7 & FHIR
  • Integration via JSON
• Data import formats: Other
• Other data import formats:
  • Integration via HL7 & FHIR
  • Integration via JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Target Availability. Definition Health will use commercially reasonable efforts to make each Service available with an uptime of 99.8% of each calendar month. If there is a verified failure of a Service to meet Target Availability in two consecutive months, then Client may at its discretion provide service credits by sending written notice within thirty days after the end of the second such month. This right is Client's sole and exclusive remedy, and Definition Health's sole and exclusive liability, for Definition Health's failure to meet the Target Availability.
• Approach to resilience: Definition Health resilience is achieve through a distributed infrastructure and services running in three different UK geographic locations.
• Outage reporting: Via email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Only individual, named, users can perform management actions within the LifeBox app. Actions available to users are controlled via role-based access.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Cloud account access is managed via AWS Identity and Access Management (IAM). Multiple AWS Organisation Units where accounts have restricted privileges based on an individuals role and responsibilities

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: 17/05/2019
• What the ISO/IEC 27001 doesn’t cover: Our Statement of Applicability is available upon request
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Cyber essentials
  • DTAC Compliant
  • ISO27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: CyberEssentials & NHS Data Security and Protection Toolkit
• Information security policies and processes: The CEO is accountable for ensuring that appropriate security and compliance controls are identified, implemented and maintained. The CEO ensures that: Risks are managed and mitigated; All applicable legal and regulatory requirements have been understood and complied with; Appropriate resources are provided to implement and maintain the information security management system (ISMS); All staff sign the information security agreement prior to joining and receive awareness training of all relevant policies during induction. Annual ISMS training is given to all staff.; ; Our information security policies and procedures are aligned with ISO27001:2013/Cyber Essentials and the NHS Data Security and Protection Toolkit.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Definition Health's change management process is certified against ISO/IEC 27001:2013 and is regularly audited and managed. All software changes are subject to industry standard controls and processes to ensure there is an audit trail of changes and robust recovery processes.; ; Every change is reviewed by multiple members of the team to include assessment of any potential security impacts. Automated testing is built in to ensure regular and repeatable coverage. Regular penetration testing is undertaken by external security impacts to highlight any potential vulnerabilities.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Infrastructure management, security and patching are undertaken by the Cloud provider, Amazon Web Services. Definition Health libraries are automatically monitored and patched for vulnerabilities as part of the continuous integration pipeline.; ; Information regarding potential threats and security alerts come from a range of sources including NIST's National Vulnerability Database, The National Cyber Security Centre, www.gov.uk/government/policies/cyber-security and ico.org.uk which are actively monitored by LifeBox Health team members
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Definition Health has a defined Information Security policy. Incidents are escalated to CEO as a priority and are investigated in line with information governance policies.; Once an incident has been raised, a thorough investigation is immediately begun to understand its scope and severity. If there is reason to suspect the incident affects Personally Identifiable Information, then appropriate steps are taken in line with best practice and established policies.; Definition Health information governance policies are regularly reviewed and tested to ensure fit and appropriateness.
• Incident management type: Supplier-defined controls
• Incident management approach: Definition Health has defined and educated staff in the security incident policy which details how incidents should be reported, tracked and where appropriate escalated.; All incidents are recorded in an incident log and monitored to ensure the appropriate response is given and any remedial actions are implemented. All affected parties will be informed about the incident and any resolution and/or impacts.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Definition Health is committed to building a sustainable healthcare system. Our solutions reduce patient footfall and unnecessary travel to and from the hospital. Combined with an overall reduction in paper based processes Definition Health directly reduces the environmental impact of each health organisation we work with.
• Covid-19 recovery:

  Covid-19 recovery

  Definition Health solutions assist the NHS to rapidly recover following the Covid-19 pandemic in the following ways:; - triaging waiting lists to better understand pent up demand in the system; - supporting the pre-optimisation of patients prior to surgery through pre-hab advice, greater communication between the clinical team and the patient prior to surgery; - increasing efficiency in pre-assessment departments, allowing healthcare organisations to increase the volume of patients without the need to increase resource or physical capacity

Pricing

• Price: £2.00 to £2.50 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at fraser@definitionhealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.