Aptvision Vaccination Management System with Citizens Engagement Features
With Covid-19 vaccinations a way to fight back the virus to get back to normal, Aptvision has created and introduced a Vaccination Management Solution as a complete and comprehensive solution to schedule and manage vaccination appointments with proactive citizens engagement features.
Features
- Vaccination Management System - On-premise or Private cloud
- Secure Citizens Portal for Vaccination Appointments Management
- Centralised Network Scheduling, Local, Regional and multiple organisations
- Citizens Web Booking to choose an appointment which suits them
- In-built Recall Features to Further Grow Bookings Success Rate
- Citizens 2-way Communication, 2-way SMS, email
- Built-in Data Analytics Tools
- Comprehensive module for vaccinations registration
Benefits
- Improved citizens experience reduces DNA’s
- Enabling scheduling across a region and multiple locations
- The citizens have complete choice and control over their appointments
- The citizens can book their appointments when it suits them.
- Smart next eligible dose recall features
- Allows citizens to easily manage, reschedule or cancel their appointments
- Easily and conveniently register vaccination appointments
Pricing
£73,300 a licence
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
5 2 4 9 5 0 2 8 7 8 2 8 6 4 0
Contact
Aptvision Ltd
Paul Wierzbicki
Telephone: +353 (76) 888 8055
Email: info@aptvision.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Service constraints
- No
- System requirements
-
- No software licenses required
- RedHat licenses required if customer opts for RedHat VMs (optional)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
* Critical Priority - response time within 1 hour, 4 hour resolution time.
* High Priority - response within 3 hours, 8 hour resolution time.
For Critical and High Priority continual relief effort applied during normal business hours.
* Medium Priority - response within 10 hours, 5 day resolution time or specific date planned with the Customer. Relief effort applied during normal business hours.
* Low Priority - 2 day response time, future releases, priority may be discussed with the Customer
At Weekends response time for Critical Priority is within 3 hours and 8 hour resolution time - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
We have designed our system in a way that allows the Customer admin group to maintain and resolve most of the user requests on their own. If there is a need however to escalate anything to us we provide several levels of support:
L1 - Basic help desk resolution and service desk delivery
L2 - Technical engineer support
L3 - Development support
We also provide technical account manager for additional escalations and cloud support engineer if needed.
All that is included in the licence cost of our system.
Additional charges may apply for change requests and requests for onsite visits of our personnel at the Customer location. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Aptvision has a well defined onboarding and training process. It starts with introductory system overview, which can be done remotely on on-site. this is followed by analysing master data and any data migration requirements. The training has multiple parts and is usually done on-site in a train-the-trainer format with remote follow up training available remotely. On-site training to individual user groups is also possible. Full system documentation is available in PDF with some aspects associated by videos. There are extensive training checklists to ensure all system elements are covered, explained and signed off by the trainee.
Aptvision can assist the customer with the entire setup and launch of the system (as an additional service) which includes master data import, data migration, user setup, workflow setup, testing, training and go live support. - Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- Other
- Other documentation formats
- Videos
- End-of-contract data extraction
-
There are multiple, standard ways of data extraction.
Users can access relevant information through the standard APIs to extract it, save or transfer to another system.
All documents uploaded to the system as well as reports are stored as files and may be access using file sharing protocols.
The information can also be manually exported to excel compatible formats in certain areas of the system.
Finally an extra, custom data extraction/dump service can be provided where all data is extracted by the support team in the exact form required by the user. - End-of-contract process
-
Aptvision has a defined process of contract termination. Following all required official notices the client is granted a period of time in which the system and all data is available to them for extraction. A custom data extraction service may be requested and provided at that stage too.
After the period elapses, the data is permanently removed using a set of procedures at which point it is no longer accessible to anyone. A data deletion certificate is provided to the client upon completion of the process.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- All citizens facing features and modules have been created using responsive technology and automatically adjust to the device size.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 A
- Description of service interface
- The Vaccination Management System interface is accessed as a normal website via web browser.
- Accessibility standards
- WCAG 2.1 A
- Accessibility testing
- We have not performed any testing with users of assistive technology.
- API
- Yes
- What users can and can't do using the API
-
The solution provides a REST based API with token based authentication. The API may be currently used to retrieve certain information from the system and have limited ability to update data.
The list of endpoints is constantly growing and my be provided on request.
The tokens may be generated by users in the single sign on service and then used to access endpoints.
The data retrieval or changes are made through HTTP calls to endpoints using TLS encrypting for transport. - API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Users with specific administrator access levels can configure following aspects of the system via the Configuration screens available in the service:
add/edit/disable Users
grant/edit/revoke User Permissions
assign/remove users to/from Locations and Workflows
add/edit Location(s) details
add/edit Rooms details
add/edit/remove Rooms availability
add/edit/remove Rooms Blocked Slots
add/edit/remove Staff availability
add/edit/remove Resources availability
add/edit/disable Procedures and Protocols
add/edit/remove Materials and Material Groups used during Procedures
add/edit/remove Procedure Safety Questions
add/edit/remove Procedure Preparations
Other more complex and specific aspects of the service, are usually configured with advice or by the support team. This is to avoid issues resulting from incorrect configuration. There is no technical obstacle for advanced administrators to gain access to additional configuration screens and being able to adjust more complex service parameters.
Scaling
- Independence of resources
-
For the Aptvision Cloud RIS (deployed on cloud servers) we constantly monitor the infrastructure and scale up as required. We also monitor each customers use of resources. This ensures that the demand from other users do not affect all users.
If the client opts for an on-premise deployment then this is not a concern.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
There are extensive, out of the box usage metrics available through directly in the system as well as through a third party tool cloud based tool called datadog.
The local metrics relate mostly to the software and include real time page load times, numbers of active users, log in times, audit logs as well as all standard reports relating to patients and their events, integrations, numbers of outgoing emails/SMS, inbound and outbound HL7 with error rates, etc.
The datadog metrics concentrate mostly on infrastructure and include, CPU, memory, network, IO, processes, replication status and many other. - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Other
- Other data at rest protection approach
-
We only use secure data centres where the operator provides highest level of physical security.
Data is not currently encrypted at rest in all cases but this can be provided on request and in such case an encrypted container will be created on top of the physical media.
In order to mitigate any risks and ensure an acceptable level of security of data at rest, we have taken additional steps such as ensuring multiple layers of firewalls and reducing users allowed access to systems. - Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Users can export data individually in the context of the application (eg. reports for date range, events for date range).
Additionally, a "GDPR pack" functionality allows creating and downloading a package of all information and documents relating to a particular patient.
Data can also be exported in bulk as a custom, additional service on request and in such case any required format can be supplied.
The documents uploaded and stored in the system can be be accessed through an agreed file sharing method on request (additional service). - Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
-
- XLSX
- Data import formats
-
- CSV
- ODF
- Other
- Other data import formats
-
- JSON
- HL7
- XLSX
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
The System shall achieve 99.90% “Uptime” measured quarterly during Service Cover Time.
In the event that 99.90% Uptime is not achieved the following shall apply.
Up to 1% - 2 Service Failure Points
Between 1.01% and 2% - 5 Service Failure Points
Between 2.01% and 5% - 10 Service Failure Points
Between 5.01% and 10% - 25 Service Failure Points
Between 10.01% and 20% - 40 Service Failure Points
Between 25.01% and 50% - 70 Service Failure Points
Over 50.01% - 100 Service Failure points - Approach to resilience
-
The platform is designed to be Highly Available (HA). This means that the key parts of the architecture have hot standbys which can transparently take over from it's counterpart in the event of a failure or planned maintenance.
Uptime is measured strictly and monitored constantly to ensure system availability for all of our clients. - Outage reporting
-
Client facing:
We have a documented process to provide email notifications to all affected customers immediately upon detection, as well as provide continuous feedback and updates during the incident. The exact methods and contacts used for this will be agreed upon onboarding.
Internal (to Aptvision):
Monitoring is extensively built into the platform and we receive automated alerts whenever part of the platform misbehaves, this is immediately investigated by our team and notifications sent to customers if needed.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Other user authentication
-
The solution may also use our own Oath2 compatible Identity federation single sing on service.
We can connect to AD/LDAP compatible services on premise and in the cloud to provide user account verification based on username and password provided at login. - Access restrictions in management interfaces and support channels
-
User permissions are fully configured for the platform, permissions can be given or revoked for certain "management" features of the platform for certain users. This can be done by the customer themselves if desired.
Access to our customer support portal requires an account which is provided to a limited number of users in the customers organization. - Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- ISOQAR
- ISO/IEC 27001 accreditation date
- Last audit and accreditation in March 2024.
- What the ISO/IEC 27001 doesn’t cover
- We are not aware of any aspects not covered or exclusions during the certification process.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- ISO 9001
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- Cyber Essentials Plus
- Information security policies and processes
-
Our SIRO (Senior Information Risk Owner) is board appointed and reports regularly back to the board. They are responsible for ensuring that our Security Policies are enforced. We have two types of security policies, the first is a staff-facing policy which details how staff should approach security in their daily work. The second is a company policy which details the SIROs responsibilities, which include:
- Ensuring that staff are informed about and follow the security policy
- Conducting regular security audits and penetration tests, tracking progress and reporting to the board
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
All of our products are versioned, as such it's possible to track the exact version of any product in use at any given time.
Our development workflow follows a change process which tracks exactly when and why a change was made, and by who.
A typical change would pass through the following process:
- The change is requested by the customer or by our internal Product Owner, this gets approved internally and handed over to the technical team
- The technical team perform the change to the configuration or codebase of a product, this change is tracked and auditable - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
As per our policy, all of our servers are configured to automatically receive and apply security patches nightly. Other threats are assessed periodically during penetration testing and risk assessment exercises.
We subscribe to security mailing lists for individual 3rd party products that are in use within our platform. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Logs are monitored for potential compromises, however this process is not yet automated.
We have policies in place to determine how we react to a potential compromise, steps include notifying customers and the relevant authorities, immediately shutting down affected servers if there exists a threat of further breaches, launching an investigation into the breach and keeping stakeholders up to date, and finally mitigating the risk to prevent further breaches. - Incident management type
- Supplier-defined controls
- Incident management approach
-
We have automated monitoring and alerting that alerts us to most incidents and allows us to react as quickly as possible.
Incident reports are prepared for all major incidents and sent to all affected customers, usually within 2 days of the incident occurring.
Incidents can be reported by the customer through each customers dedicated support portal. Any incidents reported here are measured against response/resolution times under the SLA in force.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- NHS Network (N3)
- Health and Social Care Network (HSCN)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Aptvision pays a lot of attention to Environmental aspects and addresses them in a variety of ways:
Reducing carbon footprint/pollution and improving air quality by the following means:
35% of company fleet cars are fully electric, converting to approximately 30,000 miles every year in a zero-emission vehicles. Company policy is to have an Electric first approach to replacing fleet vehicles.
Electric cars are charged at homes which have extensive solar panel installations aiming at net zero grid electricity usage
All other company vehicles have at least Euro 6 emission levels
Use of energy-efficient equipment where possible such as monitors, etc.
Naturally lit company office space reducing the need of using artificial light located near main city transportation lines: railway, trams, buses encouraging for the use of public transport and decreasing congestion
“Online meeting first” policy significantly reducing trips to sites limiting mileage and number of flights required
The solutions Aptvision provides to clients also assists them with their decarbonisation and waste management programmes in the following ways:
The clinical systems we provide allow clients to implement a completely paperless workflow should they choose to do so. This elements all paper and carbon associated with the creation, logistics, storage and destruction of managing paper though its life cycle and use.
Modern cloud based architecture from providers that are committed to carbon net-zero programmes are used to replace legacy systems that are typically on-premise inefficient legacy systems hosted in local data-centres.Covid-19 recovery
Aptvision played an important role in Covid-19 response and recovery. We supported HSC in Northern Ireland deploying a comprehensive Vaccination Management System allowing citizens as well as health and care staff to book their primary vaccination appointments as well as all relevant boosters. Over time, the functionality extended and allowed HSC to run targeted recall programs reaching out to most vulnerable cohorts offering additional and relevant doses during spring and autumn campaigns.
We have also invested and succeeded in keeping all our staff during the Covid-19 pandemic period with no required redundancies during this time.Tackling economic inequality
Aptvision pays a lot of attention to tackling Economic Inequality in various different areas.
By embracing diversity and inclusion, we aim at creating a welcoming environment for all our employees and customers regardless of their background. We employ staff from around the world, e.g. British, Irish, Polish, French, Lithuanian, Brazilian citizens, and work with subcontractors from areas such as India or Nigeria. Our sole determining factor is the competence level offered by the individuals we work with.
We pay fair wages, always above the minimum regulatory wage rate limit and on most occasions substantially more, providing also extra benefits where possible such as additional health insurance or health / sports membership packages encouraging to maintain a healthy and well balanced lifestyle.
We provide career development paths, training or mentoring programs for our employees.
We work closely with the local university (Technical University of Lodz) running courses for students such as Project Based Learning offering them the opportunity to apply the knowledge they gain to work on solving real life, work-related problems and challenges.
We offer paid, exceeding regulatory minimum wage rate limit, meaningful apprenticeships, internships and work placements for students and other individuals, on average 8+ weeks long, providing full training and real-life work experience. We have offered these programs to 7 individuals in the past 12 months and our aim is to continue doing so with a minimum of 6 - 8 of those individuals accepted in every calendar year.
For contracts and expansion, we first aim at recruiting local FTEs to be retained for the duration of the engagements and with a clear career progression path with the company thereafter.
We try and support local communities where we can and we have sponsored the club jerseys for Whitechurch GAA Club in Cork in IrelandEqual opportunity
Aptvision goes to great lengths to encourage equality of gender across all roles and functions within the company, considering access to opportunities and promotion, pay scale, responsibility and actively promoting the advancement of women in industry and technology.
Staff are assigned mentors and are able to engage with programmes to advance their careers, gain experience and competencies that facilitates their promotion through the company as well as providing transferable skills for their future career.
Measurable actions:
:
Clear defined initiatives to reduce the gender pay gap for staff. We have introduced salary brackets that are based on role & experience & competence matrix and that is completely independent of gender. Each employee is evaluated and assigned a level from 1 to 7 during annual performance review and this automatically defines applicable salary brackets.
Representation at each level of the company: There are women employed at every level of the company structure from company president, board level and at each of the functional/operational levels. This includes the student and graduate placement programmes.
Promoting women to advance in the IT environment. For example, in our office in Lodz, the ratio of women vs men employees is: 9 to 12, so as high as 43%.
Equitable recruitment: To fill certain roles, we use global recruitment platforms such as Upwork where we recruit personnel from around the world based on relevant competence. For example, our ISO compliance manager is a Nigerian citizen.
The company is structured and operates to facilitate equal opportunities, aided by flexible Work-Life balance initiatives such as remote working, flexible hours, job sharing.Wellbeing
Aptvision is a family run business and appreciates the importance of providing a work environment and culture that has staff wellbeing as a core dependency, recognising that staff wellbeing and morale influences staff retention, recruitment and productivity.
To maintain staff wellbeing there are a number of initiatives that Aptvision encourages staff to participate in.
Office location; the office is a modern, airy, naturally lit building that is conveniently located within the city centre and accessible to public transport and local gyms/fitness amenities. Staff are encouraged to incorporate walking or cycling into their daily commute if traveling to and from the office and avail of the facilities nearby. To aid this we provide health / sports membership packages to all our staff, encouraging them to maintain a healthy and well balanced lifestyle.
Staff recruitment,retention, wellbeing is a recurring item for Board Meetings as an agenda item with the chief people officer advising the Board quarterly on KPI’s and initiatives to support staff well being.
Ongoing activities include:
Quarterly staff away days are provided, orientated to achieving team building, improving wellbeing both physical and mental and education and helping staff unwind from the day to day work functions. Away days will typically be facilitated by a professional 3rd party and designed to promote a healthy life balance and introduce staff to new recreation activities that they may not have encountered previously such as Kayaking for example.
Staff in leadership functions or stressful roles are enrolled into personal and managerial improvement programmes run externally by psychologists to help deal with daily challenges and stressful situations within teams they manage. Staff also have an appointment mentor/coach within the company to support them in their roles and development.
Pricing
- Price
- £73,300 a licence
- Discount for educational organisations
- Yes
- Free trial available
- No