UFONIA LIMITED

Autonomous telemedicine

Automated delivery of clinical conversations with patients.

Features

• Registered Medical Device, UKCA marked
• Voice-based interactions
• Automated clinical calls
• Natural language conversations

Benefits

• Increase clinical capacity
• Increase access to healthcare
• Scalable to meet activity levels
• Consistent and standardised patient interactions
• Saves clinical time

£5,000 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ndep@ufonia.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

494988084565802

Contact

Nick de Pennington
01295788698
ndep@ufonia.co

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None known
• System requirements:
  • Electronic patient lists must be made accessible
  • Modern web-browsers with internet access
  • Patients to have access to a mobile or landline device

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: The time depends on the SLA agreed in the contract signed between both the parties. It usually varies from 4 business hours to 40 business hours.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Onboarding support is provided by the Commercial and Operational teams. Ongoing support levels and costs are defined by Standard Operating Procedures agreed between the parties and are provided by technical account managers.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Project managers will work with the client to agree onboarding / implementation plans. Onboarding typically involves onsite and online engagement, including providing training sessions to relevant client teams. Process mapping is conducted of existing pathways and new standard operating procedures are prepared and agreed. During offboarding, the dedicated project manager will work with the client to transfer services back to the client and to comply with outstanding data transfer and retention agreements.
• Service documentation: No
• End-of-contract data extraction: This is determined on a buyer-by-buyer basis according to the agreed data protection impact assessment and data processing agreement put in place. Typically data is securely transferred back to the buyer at the end of the contract.
• End-of-contract process: Off-boarding is included within the price of the contract. Processes for data management at the end of the contract are agreed within data protection impact assessments and data processing agreements at the start of the contract.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: All conversations are customised to the client site, clinical service and individual patient. This is established as part of the client on-boarding process.

Scaling

• Independence of resources: Workloads are managed to ensure servers are not affected by performance issues. Services are automatically scaled based on demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of completed patient/user interactions ; Number of scheduled patient/user interactions ; Outputs from patient/user interactions (agreed and provided within standard operating procedure) ; Quantitative metrics of patient/user experience ; Other metrics may be provided based on standard operating procedure
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Key management services with public/private key encryption
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data export approaches are agreed as part of the onboarding process. This typically includes export of data into CSV or PDF files which are transferred via secure methods into locations agreed by the buyer.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: An SLA / standard operating procedure / service specification is agreed with every buyer and for every use-case which includes levels of availability.
• Approach to resilience: Use of third-party data centres with disaster recovery, high availability and fallback capabilities.
• Outage reporting: Email alerts are sent to clients.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: Internal role-based access control limits access to management interfaces. Support is provided via email.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus and NHS Digital Protection and Security Toolkit
• Information security policies and processes: Contractual requirement of all staff to follow policies.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and change management process are defined in Ufonia's Control of Software Design Changes Standard Operating Procedure (SOP).
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Automated monitoring is in place to identify vulnerabilities and the required remediation implemented to a defined plan. Code deployment pipeline includes automated vulnerability assessment. Required patches are deployed as hot fixes to all environments.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Internal monitoring is in place to identify compromises, if unauthorised changes occur the compromised system is isolated and restored.
• Incident management type: Supplier-defined controls
• Incident management approach: Ufonia's has a pre-defined incident management process adapted from “BS EN ISO 14971:2012 – Medical Devices: Application of Risk Management to Medical Devices”, the UK health and social care standard “DCB0129:2018 – Risk Management: it’s Application in the Manufacture of Health IT Systems”, “IEC 62304:2006 – Medical Device Software: Software Lifecycle Procedures” and best practice system safety engineering academia and principles.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Supporting the delivery of a Net-Zero NHS by reducing carbon footprint of patient and staff travel and building infrastructure.

  Covid-19 recovery

  By increasing clinical capacity, we are helping to manage the post COVID-19 backlog.

  Tackling economic inequality

  Providing access via any telephone removes digital exclusion from lack of technology

  Equal opportunity

  Automation removes conscious and unconscious bias in delivery of services.

  Wellbeing

  Reduces healthcare staff burnout from conducting repetitive, high-volume clinical tasks.

Pricing

• Price: £5,000 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ndep@ufonia.co. Tell them what format you need. It will help if you say what assistive technology you use.