Clarity Informatics Limited

Agilio Link

Agilio Link is the Inbox for healthcare – initially linking practices with patient requests, but ultimately to expand to inbound demand from partners and other systems. Link enables a modern digital workflow for collecting and processing requests from outside the organising in a rationalised, simplified and common-sense way.

Features

• Patient led data capture
• Configurable rules engine for triage and allocation
• Bespoke clinical and administrative consultation templates packages
• Inbuilt self-help and sign-posting
• Structured patient history collected asynchronously
• Ad hoc and planned demand management
• Integrated patient messaging and engagement
• Share/pool demand across primary care networks
• Clinical forms authored by same team as NICE CKS

Benefits

• Improved reporting and oversight of patient requests
• Increased patient satisfaction
• Simplify QOF attainment
• Better/more efficient utilisations of ARRS roles
• Time saving workflow

£600 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.stephenson@agiliosoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

530398332964018

Contact

James Stephenson
01912875800
james.stephenson@agiliosoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: There are no constraints with Link - the platform functions on all internet-connected devices, and has limited/no planned maintenance arrangements.
• System requirements:
  • Internet connectivity
  • Modern, supported browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Customer service desk is available Monday to Friday 9am-5pm excluding bank holidays. Response times to emails are typically within 1 working hour but will depend on the nature of the query.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided via phone, email. We provide support from 9am-5pm, Monday-Friday. No additional charges for accessing phone and email support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The solution can be configured and deployed for a customer in a matter of hours upon the receipt of initial users and organisational information. The support team will coordinate setting up of portals with the appropriate managers. A centralised training session will be arranged (Setup assistance is built into the platform). A data import service is available. Data is often held on shared drives. Support can work with the customer and practice managers to import information in its native file format to the solution wherever possible. With the package, we also include implementation project support. This includes: ● Use of our established project approach ● Launch and awareness meetings ● Awareness presentations to Governing Body and locality groups ● Analytics and usage statistics ● Monthly review sessions by phone or, by mutual agreement, on client premises.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Within two weeks notice of the request, we can provide a full export of application content in a zip file
• End-of-contract process: Agilio shall, on the Customer’s request and at Agilio standard daily rates, provide reasonable assistance with the migration of any Customer data to the Customer’s IT systems. Information held in Link is at all times owned by, and the sole responsibility of the customer.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our platform are mobile optimised to suit the dimensions of mobile and desktop devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Our Link forms fulfil all modern accessibility criteria. We typically build forms that follow the NHS Nightingale branding scheme to ensure consistency with other NHS Websites. Our Link platform also includes a dashboard to enable user to workflow forms received
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: We work with a recognised accessibility organisation to facilitate in person accessibility testing sessions.
• API: Yes
• What users can and can't do using the API: Link provides a modern standards based API to for atomic access to all objects.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Customisable forms, both in the clinical and non clinical settings can be created by the team on a consultancy basis

Scaling

• Independence of resources: Our cloud infrastructure includes data management to ensure partitioning between customer organisational databases, so that traffic on one website doesn't affect others significantly.

Analytics

• Service usage metrics: Yes
• Metrics types: Link uses a privacy preserving first party analytics solution to provide detailed insight into patient behaviour. This includes compleation rates and drop off questions.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Many areas of the platform provide downloads in PDF or Excel (CSV) formats.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our target availability is that the services are available on a 99.5% basis, measured each calendar month.; ; The SLA's are set out within our terms and conditions.
• Approach to resilience: Available on request
• Outage reporting: Email alerts are provided if there are issues affecting the website, as well as public dashboard to view status

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access is protected through accounts with password protection. When we receive contact via phone or email, we validate the customer details against those hold in our database.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: 29/10/2022
• What the ISO/IEC 27001 doesn’t cover: No exclusions
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Security policies and procedures are documented in our ISMS, which is independently audited and certificated to ISO27001. This includes board level responsibility and formal paths for asset ownership and risk management.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and change management is operated within the ISO27001 framework. Asset registers are maintained by the information asset owner to ensure component assets and access to them are monitored and controlled on a constant basis. Changes are identified and planned with authorisation at the project, director or board levels dependant on the nature of the change to the service. Changes are planned and tested based on risk assessment, scope of change and criticality to the service. Fallback procedures, including procedures and responsibilities for aborting and recovering from unsuccessful changes and unforeseen events, are maintained to provide a "means of escape".omers.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats and vulnerabilities are reviewed prioritised action. Fixes can be deployed by the product team with as little delay as practicable and in a manner that reduces the need to take the service offline. Likely potential threats include both technological and regulatory sources. These are identified via a monitoring software, user feedback, security blogs, regulator advice, partner organisations etc. In addition we utilise antivirus software and firewalls to mitigate the risk.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Detailed domain and activity logs are retained. Logs are in place against each asset/component and alerts are generated for the relevant team dependent on the issue/asset to be analysed and assessed. Potential compromises are assessed immediately and escalated as required. Fixes can be deployed by the product team with as little delay as practicable and in a manner that reduces the need to take the service offline. We also utilise anti virus software and firewalls.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are managed following a pre defined process including -Monitoring, detecting, analysing and reporting of security incidents and events -Incident response planning and preparation -Handling of evidence -Assessment and decision on security incidents and security weaknesses -Escalation, controlled recovery from an incident and communication to both internal and external people and organisations -Security incidents of relevance to you will be reported in acceptable timescales and formats Users report incidents via the helpdesk or telephone. Incidents are recorded in the incident log including details of the incident, actions taken.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  The platform contains a number of features to ensure those sufferings from economic inequality are not further disadvantaged by the move to online services, this includes automated size reduction on PAYG network connections and unmetered access to .nhs domains.

  Equal opportunity

  The platform meets and exceeds the Public Sector Accessibility regulations and in doing so ensures all patients can access health services digitally - this includes automatic language translations and full support for assistive technologies.

  Wellbeing

  The platform makes it easier for patients to find and access relevant healthcare services, 24/7 and without increasing demand on the practice.

Pricing

• Price: £600 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.stephenson@agiliosoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.