eConsult Health

eConsult Video Consultation

eConsult Video Consultation (Q Health), allows secure and safe video consultation between NHS clinicians and patients. It allows telephone AND video consultation, with seamless upgrade/downgrade between the two. It is a nationally approved platform (NHSD-DFOCVC), operational across CCGs and ICSs nationwide, which gives scheduled and unscheduled video consultation flexibility.

Features

• Secure video consultation
• Dynamic Telephony/Video upgrade/downgrade mid-call
• Secure NHS Digital compliant image upload
• Multi-participant video
• Scheduled and ad hoc video calls
• Blur clinician background
• Screen share
• Waiting room capability
• Invite participant by SMS or email

Benefits

• Enable synchronous remote consultation (phone or video)
• Reduce unnecessary patient travel
• Reduce unnecessary clinician travel
• Enable networked working
• Enhance digital access/reduce digital exclusion versus standard video consultation provision
• Support clinicians' assessments through optional upgrade telephone to video consultation

£225 to £2,160 a user

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@econsult.health. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

474314275608471

Contact

Aman Kundraw
020 7062 5737
commercial@econsult.health

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Users require an up to date browsers
• System requirements:
  • NHS Mail
  • Robust internet connection
  • Up to date browser
  • Suitable device (laptop, desktop, tablet, smartphone)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support hours 08:00 – 20:00 Monday – Sunday ; Response times are determined by priority. In addition to email, we provide live chat support via our website (typical response time of 5 minutes) and telephone support.; ; Priority 1: Within 1 hour; Priority 2: Within 2 hours; Priority 3: Same day; Priority 4: Same day - acknowledgement and triaged. ; ; Out of hours support:; Out of hours 20:00 – 08:00 Monday – Sunday and Bank Holidays; ; Priority 1 Within 12 hours; Priority 2 Within 12 hours; Priority 3 Next working day; Priority 4 Next working day
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We have a User Research team dedicated to ensuring a user centric design. ; This team maintain user groups of all end users (patients and clinicians), assistive users are a core component of these groups. Our User Research team regularly host interviews, focus groups and interviews with these groups to understand how our existing functionality and new feature and function (i) meets the needs of the end users, and; (ii) where adaptation is required. ; ; Customer side, we work actively to ensure that the platform is intuitive for users to ensure that the seamless interaction with customer side systems aligns to existing experiences.
• Onsite support: No
• Support levels: Support hours 08:00 – 20:00 Monday – Sunday Response times are determined by priority. In addition to email, we provide live chat support via our website (typical response time of 5 minutes) and telephone support. ; Priority 1: Within 1 hour ; Priority 2: Within 2 hours ; Priority 3: Same day ; Priority 4: Same day - acknowledgement and triaged. ; ; Out of hours support: Out of hours 20:00 – 08:00 Monday – Sunday and Bank Holidays ; Priority 1 Within 12 hours ; Priority 2 Within 12 hours ; Priority 3 Next working day ; Priority 4 Next working day
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full implementation plan and support provided by our implementation and operations teams. Systems and functionality training provided via a mix of channels (online, face-to-face, webinars etc) alongside modular change management programme. User guides, training videos, library of on-demand webinars, scripts, manuals, templates and marketing collateral is provided as part of onboarding and ongoing support.; ; In addition, we hold quarterly webinars to discuss shared learning, share best practice and advise of the product roadmap.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Hosted videos
• End-of-contract data extraction: ISO 27001 compliant process for data extraction, transfer and removal.
• End-of-contract process: Customer are required to provide a 90 day notice period. Upon request, the agreement will not auto renew. Customer will internally agree step down pathways and business continuity approach. We will support this process for smooth transition.; ; If no termination request is received, the agreement will auto-renew for 12 months.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: EConsult Video Consultation is cloud based, accessible via browser and compatible with internet browsers that carry 99% of all internet traffic (inc mobile browsers).; The mobile browsers is fully adaptive to smartphone and tablet settings.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The patient side service interface is web-based and accessed by patients via a clickable link shared with the patient via SMS or Email from the clinical dept. ; ; Clinical departments access the platform via our toolbar. From here ad hoc and scheduled video/telephone calls can be organised with patients.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have a User Research team dedicated to ensuring a user centric design. ; This team maintain user groups of all end users (patients and clinicians), assistive users are a core component of these groups. Our User Research team regularly host interviews, focus groups and interviews with these groups to understand how our existing functionality and new feature and function (i) meets the needs of the end users, and; (ii) where adaptation is required. ; ; Customer side, we work actively to ensure that the platform is intuitive for users to ensure that the seamless interaction with customer side systems aligns to existing experiences.
• API: No
• Customisation available: Yes
• Description of customisation: Clinic setup for video consultations (including ad hoc) is configurable: - ; ; - Clinic name; - Invitation link copy; - Sender ID for SMS; ; Customisations can be undertaken by the user via the department facing eConsult Video Consultation toolbar.

Scaling

• Independence of resources: The majority of processing occurs on our multi-tier, AWS London infrastructure, which is configured for elastic scaling in order to handle peaks and troughs in usage,

Analytics

• Service usage metrics: Yes
• Metrics types: Real time dashboard of video consultation data - durations, clinic activity
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: If a customer, user or patient requests a documented data extract, we provide a structured CSV file detail all data that we hold about them.; ; Requests can be made directly to our first line support team who operate on a 24 hour SLA if requests are received between 9am - 5pm, Monday to Friday.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: N/A - users cannot upload their data into the service

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Bonded fibre optic connections
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Guaranteed availability of 99.9% - this excludes planned downtime for regular product releases and spot fixes, this is communicated to customers well in advance.; ; Planned downtime is mitigated by rigorous user testing prior to launch. All product releases are undertaken at the quietest period of usage and typically are completed within 15 minutes.; ; No refund or credit scheme is currently in place.
• Approach to resilience: Housed in UK-based, multi-region, Tier 3 Data Centres for high availability and resilience.; ; Our range of products are utilised by more than 3200 unique organisations UK wide, and uptime has been stable at 99.9% for last 24 months. ; ; We also practice a fully agile methodology and use a scrum model of development for iterative product enhancement, operating on a fortnightly release cycle. This cycle also includes a full review of the last release to ensure a review the quality of the release against agreed success criteria and opportunities for improvement.
• Outage reporting: We run a multi channel approach to maximise the opportunity of users to review and understand any communication shared on outages. This includes:; - Emails to affected users.; - A "status page" on our corporate website ; - Use of Social media (Facebook and Twitter); - Messaging shared within our WhatsApp user group; - Patient messaging via our patients facing, cloud based interface; - If appropriate, phone calls to users (dependant upon scale); ; In addition, we undertake full business investigation of any outages to fully understand what occurred and what learnings we can take from it.; An abstract of this review and any changes being undertaken are shared with users within our monthly newsletters.

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: NHS Mail Single Sign On (SSO)
• Access restrictions in management interfaces and support channels: All access is via a VPN, using MFA and SSH keys
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 07/12/2021
• What the ISO/IEC 27001 doesn’t cover: All business areas are covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have a broad range of policies to support our ISO27001 certification.; We use a Jira add in to ensure that all polices are read and confirmed by staff.; Monthly internal audits are performed to validate clauses of the standard.; The Information Security and Risk manager reports to the Chief operating Officer, who sits on the Exec board.; As a continous improvement environment, we have a CAPA (Corrective Actions/Preventative Actions) process in place, which we record non-conformace and general security improvements.; Security incidents are reported via Jira Service Desk on a dedicated request offering.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have formal change management in place, recording all changes to production.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use Codacy and Snyk for code quality and library vulnerabiities.; We perform quarterly Vulnerability scans and yearly Penetration testing (or on major release); We are signed up to the NCSC Weekly Threat Report and also get threat reports from NHS digital and our Security partner; ; Critical risk vulnerabilities – 2 Business days; High risk vulnerabilities – 5 Business days; Medium risk vulnerabilities – 15 Business days; Low risk vulnerabilities – 30 Business days
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use Datadog for all security Alerting; Datadog monitors events such as component issues, to service issues to security issues, for example, a server fails to start as a component issue, failure to connect to NHS Login service as a service issue and excessive connection attempts by one address made in quick succession.; All of these alerts are available in the console and via slack alerts
• Incident management type: Supplier-defined controls
• Incident management approach: A Incident Management policy is in place.; Incidents are investigated and resolved. This could lead to a change request. ; Service impacting issues are reported on our status page. https://status.econsult.net ; Major incidents are reported to the NHS Digital helpdesk and a full incident report is generated.; ; Clinical incidents are reported via the website and our Clinical governance team investigate each one thoroughly. Responding back promptly and offering a full explanation of our findings at the end of the investigation.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  eConsult Video Consultation allows for clinical teams to work remotely (where appropriate) and allows for patients to consult with the team/s whilst only attending for a physical consultation if deemed as appropriate by an appropriate clinician. This mitigates unnecessary travel to and from locations for key stakeholder groups. ; ; In addition, enhanced use of digital interfaces reduces the dependancy on printing, stationary and post.

Pricing

• Price: £225 to £2,160 a user
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@econsult.health. Tell them what format you need. It will help if you say what assistive technology you use.