MY SKIN DOCTOR

MySkinDoctor

MySkinDoctor App is an accredited online dermatology patient management service. Patients take and upload photographs of their skin condition via our App on smartphone/tablet for swift, efficient and safe assessment; receiving a personalised care plan including diagnosis, information about their condition and an effective treatment plan within 3 working days.

Features

• App based GP authorised, fully Patient led service
• No need for GPs to acquire any software or hardware
• No need for GPs to change any processes, uses e-RS
• Consultation, diagnosis, treatment all within 72 hours
• Avoids the need for Circa 50% of all first appointments
• Circa 20% of patients fast tracked immediately to surgery
• Patient condition specific information and videos included directly with diagnosis
• Savings of circa 10.6%+ against PBR tariffs
• Significant, proven history in reducing backlog cases

Benefits

• Fast and convenient enabling a consultation without delay
• Consultation, treatment and diagnosis within 72 hours
• Cloud based on-line reporting
• Access to on-line condition specific knowledge
• Access to leading Consultant Dermatologists
• Regular FREE on-line training (CPD) delivered to GPs
• App based video assessment, treatment for Isotretinoin by Dermatology Nurses
• Highly trained call centre for Patient support using the App
• NHS Friends and Family Test 'Excellent' and recommend the service
• 4.5+ customer score on Google and App stores

£65.00 to £85.00 an instance

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.catlin@myskindoctor.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

525969538768206

Contact

Andrew Catlin
07581178579
andrew.catlin@myskindoctor.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: MySkinDoctor App has no constraints pertaining to its ability to deliver remote online dermatology triage services. Patients can download the MSD App for any smartphone device, either IOS or Android, and is available FREE from Google and Apple. There are no constraints associated with planned maintenance - there are additional features and software developments that will occur, but patients are made aware when these are scheduled with outage limited to short time spans and outside of normal usage times.
• System requirements:
  • Minimum system requirements for Apple: iOS 14.0, macOS 11.0
  • Minimum system requirements for Android OS: 5.1+

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our service desk provides first-time resolution service, first-line analysts and facilitators with service level agreement monitoring. We provide ongoing communication throughout the process until the support request is fully resolved. Our NHS-accredited service desk is a single point of contact solution to more than 200,000 patients to date. Our core hours of service are 8am to 6pm Monday to Friday excluding bank holidays. However, this can be flexible dependent on customer requirements. Core hours are included in our standard price.; Our service desk analysts resolve c.93% of incidents at first contact, using industry-standard secure remote software and access tools.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Customer and user support availability via our Service Desk during our ‘core hours’ of 8am to 6pm Monday to Friday, excluding bank holidays. However, this can be flexible dependent on customer requirements. Core hours support are included in our standard price as is our ticketing support process.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Online training and documentation provided by means of video instructions and help pages available on website. Phone, email and online support is available 24/7 for any users experiencing difficulties using the MSD App.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Upon request, made before or within sixty (60) days after the effective date of termination, MySkinDoctor will make available to Customers a complete and secure (i.e. encrypted and appropriated authenticated) download file of Data in XML format – subject to a satisfactory NHS Data Sharing Protocol being in place. After such sixty (60) day period, MSD and its hosted service provider shall have no obligation to maintain or provide any Contract Data and shall thereafter, unless legally prohibited (patient data), delete in such a manner as prevents recovery through normal/laboratory means, all Customer Data in its systems or otherwise in its possession or under its control.; Because some data processed by MySkinDoctor relates to patients, we follow NHS standards relating to data retention which, legally obligates MSD to continue to ensure the security and management of any patient data well after the contract expires; in accordance with the MSD Data Security Policy.; Under the Medical Reports Act and GDPR patients (Data Subjects) can request their data at any time both during and after the cessation of the contract, which we will supply within 20 working days in a format reasonably requested.
• End-of-contract process: MySkinDoctor’s aim is to provide a high-value approach to service delivery, with an emphasis on meeting or exceeding customer/patient expectations, wherever possible. We are therefore optimistic about our chances of retaining the contract on expiry. However, we will apply the same professional standards were we to lose the contract as we do when winning and operating a new one; this is reflected in MSD’s Lead-out Plan.; As the services are predominantly delivered remotely via the Cloud, with clinical resources based at our Head Offices, the Lead-out Plan is relatively straight-forward. No TUPE obligations will apply at contract cessation because MSD clinicians work on several differing contracts and never more than 50% of their time is dedicated to one contract.; The Intellectual Property of MySkinDoctor’s App remains its property and no rights are conferred to any third party during the life of the contract, or will be passed to a new provider should MSD not retain the contract. ; There is no additional cost involved.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There is no desktop functionality - the service is designed for smartphones and tablets.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: There are two elements to MySkinDoctor's App - technical capability, (infrastructure and interoperability) and our clinicians who treat and signpost. The technology is based on future proofed servers and our business continuity strategy. From a staff perspective, MSD has the highest number of Consultant Dermatologists in the UK - we ensure we retain the best staff through our staff retention and well-being schemes - attracting more clinicians to work for us, thus ensuring we have the capability to deliver the growing number of services. We operate on a resource to demand model of 1.25:1 - future-proofing our capability.

Analytics

• Service usage metrics: Yes
• Metrics types: As a minimum, service metrics will report monthly usage by anonymised user data and NHS England dermatology KPI data. Different CCG/ICS want different data, so we work, within reason, to provide whatever data our customer requires.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Under the Medical Reports Act and GDPR patients (Data Subjects) can request their data at any time both during and after the cessation of the contract, which we will supply within 20 working days in a format reasonably requested. Any data held by MySkinDoctor can be exported on the users behalf upon request - in accordance with the MSD Data Security Policy.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: PDF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: MySkinDoctor guarantees availability of the service 24/7 and that a patient using the MSD App will receive an assessment from a Consultant Dermatologist providing a diagnosis and treatment plan within 3 working days – including any relevant patient information leaflets and embedded video content.; MSD has conducted over 100,000 assessments via the App without breaching KPIs, however, should such an event occur, no matter how unlikely, MSD would reimburse the cost of the failed event.
• Approach to resilience: Information available upon request.
• Outage reporting: Via email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Role-based access control policies employed within MSD. Clinical data only accessible to authorised staff requiring it to perform their daily duties. Higher Standards of Use agreement signed by systems administrators.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY CertifyPoint
• ISO/IEC 27001 accreditation date: 05/11/2019
• What the ISO/IEC 27001 doesn’t cover: MySkinDoctor Data Housing is in-shored within the UK (London Server)
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 17/12/2020
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: None.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: NHS Digital Data Security and Protection Toolkit - Level 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: MySkinDoctor’s Information Governance operating model consists of a comprehensive framework and policies:; • Acceptable Use of ICT and User Obligations Policy ; • Information Security Policy ; • System Level Security Policy ; • Confidentiality Policy ; • Corporate Document and Records Management Policy ; • Information Governance Policy ; • Data Protection Policy ; • Information Sharing Policy ; • Processing of Personal Data Outside of the UK (Offshoring) Policy.; These policies are augmented by procedures, internal processes and guidance from our DPO, SIRO, Caldicott Guardian, Chief Medical Officer and strategic/operational IG steering and governance groups. The following is a list of MySkinDoctor’s IG operating model and framework’s procedures:; • Information Asset Management Procedure ; • Information Security Incident Reporting Procedure ; • New Personal Data Processing Procedure ; • Safe Haven Procedure ; • Risk and Issue Management Procedure ; • DPO Risk Management and Escalation Procedure ; • Procedure for Managing Personal Data Requests ; • Corporate Records Retention and Disposal Schedule ; • Missing Records Procedure.; ; MySkinDoctor’s IG Steering groups form the reporting structure ensuring policies are regularly reviewed and followed to maintain compliance with data protection requirements, managing subject access request responses, reviewing incidents and providing compliance reporting to provide continuous improvement through identification of incident trends and lessons learned.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Hardware assets are security tagged and managed centrally ensuring compliance with configuration and change management requirements. All software licences are registered against each asset and tracked throughout their lifetime, with system security to prevent unauthorised changes. Most changes to the configuration or GUI of our App are delivered automatically without downtime of the service. On the rare occasions when protracted system maintenance is required MySkinDoctor alerts uses and customers in advance (normally out of office hours). MySkinDoctor uses ISO27001 as the de facto recognised data security standard providing assurance to our SIRO that adequate controls are in place.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: MySkinDoctor undertakes regular testing to evaluate the effectiveness of our security measures, including vulnerability scanning and penetration testing as appropriate. Annual penetration testing is completed as part of our Cyber Essentials Plus certification along with our annual Digital Technologies Assessment Criteria submission. Penetration testing reveals any areas in which there are weaknesses in our systems which are then prioritised and patched. ATP vulnerability scanning warns of potential threats to the network along with showing issues which exist and require resolution. Any issues highlighted by vulnerability scanning are prioritised and acted upon immediately.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: MySkinDoctor utilise defence-in-depth to maintain a multi-layered approach to vulnerability, employing numerous methods of protective monitoring including; intrusion detection, advanced threat protection, logs captured by Active Directory Audit+ which is also used to generate alerts for suspicious login attempts. ATP Vulnerability scanning is used showing issues which exist and require resolution. NCSC early warning systems are also utilised to detect vulnerabilities on company IP addresses. When any compromises are discovered, our IT department prioritise incidents and act upon them accordingly, generally immediately. These incidents are reported and escalated as necessary following our incident procedure set out in our BCP.
• Incident management type: Supplier-defined controls
• Incident management approach: MySkinDoctor incident management response and processes are outlined in the Business Continuity Plan Policy. Each incident is categorised into low - extreme level incidents which are defined within the policy. Users can report incidents to their manager who is able to escalate if necessary. An incident manager is assigned at the point of incident discovery who can then use the action card to report the incident to the Assigned Executive Officer on call. Incident reports are then assessed by the Executive Team and escalated to board level if required. Pre-defined processes for common events are included within the BCP.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  The NHS policy ‘Delivering a “Net Zero’ National Health Service” cites their need to remove 6.1 MtCO2e from the NHS Carbon Footprint and 24.9 MtCO2e from the NHS Carbon Footprint Plus, roughly equivalent to the emissions profile of Croatia. ; ; MSD is making a significant contribution to the UK’s commitment of net zero GHG emissions by mid-century. Emissions savings are attained by preventing the need for initial trips to clinic by patients who are instead initially assessed via our App and are then discharged or offered a surgical or open appointment.; ; MySkinDoctor has analysed the precise distances all patients would have travelled by car from their registered address (postcode) to their nearest NHS Dermatology clinic using Google Maps’ route planner. The average patient travel time to and from the clinic is 12 minutes at a distance of four miles. ; ; MySkinDoctor has prevented the need for over 208,060 driven miles and based on emissions calculations using the UK Department for Transport’s average of 221.4 grams of CO2 per car per mile. This makes our total emission savings since 2019 at 46,038kgs CO2 (46 metric tonnes) – the equivalent of flying in a commercial jet aircraft 10.8 times around the equator of the Earth.

Pricing

• Price: £65.00 to £85.00 an instance
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.catlin@myskindoctor.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.