Synanetics

Patient Engagement Platform/Person Held Record Solution

Synanetics' Patient Engagement Platform facilitates active involvement and communication between patients and healthcare providers. Using FHIR standards and a micro-services architecture it offers features such as appointment scheduling, secure messaging, telehealth consultations, health record access, and educational resources. It is NHS App certified and accredited for the Wayfinder programme.

Features

• Facilitates active involvement and communication between patients and healthcare providers
• Approved for the Wayfinder programme
• Allows patients to manage appointments, receive reminders, access medical records,
• Allows proxy access to Health Records
• Delivers approved targeted messaging to help patients manage conditions
• Patients/carers can access consolidated data from multiple providers
• Patients/carers can access the same data used by care teams

Benefits

• Improves Patient outcomes
• Improves efficiency of Health & Social Care services
• Preventing unplanned hospital admissions through better condition management
• Reduction in unnecessary appointments, phone calls and DNAs
• Cost savings on admin functions by enabling digital comms
• More effective clinic appointments through activated/prepared patients

£0.40 to £1.20 a user a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.cook@synanetics.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

538230396595689

Contact

Paul Cook
07570576534
paul.cook@synanetics.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Native clincial/social care systems
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times depend on the priority of the request: Emergency: 1 hr anytime High: 1hr 9am-6pm weekdays Normal: 1 working day Low: 1 working day. Support is offered as a 24x7x365 service
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer a fully managed service desk and ITIL service management package. All customers are assigned a technical account manager who is accountable for the delivery of the service. We offer a single standard level of support. This provides access to 24x7 using a variety of contact mechanisms. The priority of support issues is determined by our customers and we measure our response and resolution times of requests and incidents. Performance indicators are reported back to our customers through monthly service review meetings. Our standard service package can be tailored to individual requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As part of our deployment services, Synanetics will undertake a discovery phase and will engage with the user community. In addition, we are able to utilise knowledge from previous deployments of the platform. This enables us to apply a a rigorous methodology to onboarding and supporting our customers. Development will be carried out under an agile approach, with a consistent project team. The re-use (allowing for localisation) of training and publicity material will be offered.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data is controlled by the patient and patient authorization is required as a pre-requisite for end of contract data extraction, however, all data is available via an open FHIR API which may be used by the authority to extract data subject to patient permissions at any time
• End-of-contract process: The portal solution is offered as a subscription service and options to renew will be offered. 3 months prior to contract end we will engage in dialogue; we will facilitate the authority to be able to communicate to users including email correspondence where an email address is known. We will provide facilities for the user to consent for data to be extracted and transfered to the new service operator. These services may be chargeable.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Synanetics utilises reactive design for mobile use, which prioritises responsiveness and adaptability to varying screen sizes and device capabilities. Utilizing flexible layouts, dynamic content scaling, and touch-friendly interfaces, it ensures optimal user experiences across smartphones and tablets. This approach enhances usability, accessibility, and engagement, catering to diverse mobile audiences effectively.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Test
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We ensure that our interface is AA compliant following Web Content Accessibility Guidelines (WCAG) 2.1
• API: Yes
• What users can and can't do using the API: The Platform uses the FHIR STU3 API for all interactions with patient managed data. The API is secured using OAuth2 and is available for 3rd parties to use as required
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The portal can be branded and its innovative canvass and panel design allows considerable scope for customisation

Scaling

• Independence of resources: We typically deploy our solutions in Google Cloud Platform (GCP). As a tier 1 public cloud provider, capacity and performance (and security) are key focus areas for Google. The services are built to provide capacity to absorb any and all resource spikes.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of active users/ frequency of access/ functionality used
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data at rest protection is a Google Cloud Platform core service offering
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: For the Patient Engagement Platform, users are generally not expected to wish to export their data, but the FHIR based API will allow this whenever required.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • HL7 FHIR
  • JSON
• Data import formats: Other
• Other data import formats: JSON FHIR

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Services are typically hosted in Google Cloud Platform (GCP) - 99.5% availability is guaranteed. Solutions can then be architected to support higher levels of resilience which allows for higher levels of service availability; service credits can then be negotiated into the support agreement.
• Approach to resilience: Synanetics takes full advantage of Google Cloud Platform's (GCP) value added features to ensure that solutions can be deployed in fully fault-tolerant and resilient manner.
• Outage reporting: Outages are reported via email alerts and are subsequently reviewed at the (usually monthly) service management meeting

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Role Based Access Control
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We follow and apply GDPR, ISO, CIS & NIST standards
• Information security policies and processes: ISO, NIST, GDPR

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes are subject to board approval and tracked using robust change management and audit process
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Active scanning on all infrastructure and application components; findings are prioritised according to levels of severity. Patches can be deployed within hours.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Active monitoring on the infrastructure, alerts are dealt with upon receipt. Response is according to documented security governance processes. Response will be handled within published severity guidelines.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Users can report and classify severity of incidents, either via the web-based ticketing system, by email or by phone. Incident reports are provided to meet customer requirements (both in format and cadence).

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality

  Fighting climate change

  Synanetics is committed to achieving Net Zero emissions by end of financial year 2040. Synanetics is a knowledge business; it has no manufacturing, distribution or retail operations. All staff are home-based and we have no vehicle fleet. We have no staff catering services and no International operations. Our sole office location is in Leeds city-centre, 5 minutes’ walk from the mainline station. All staff are encouraged to use the train when attending the office. All employees are given home based contracts and in person meetings are held on an exceptional basis, minimizing travel. Our landlord employs Ashdown Phillips & Partners as facilities management provider and that business ensures that environmental issues are at the heart of their operation. Ashdown Phillips are Planet Mark Accredited, Living Wage Accredited and are members of the Better Buildings Partnership. Their teams have won numerous sustainability awards which include: Green Apple, SCEPTRE and CSR Awards. Wherever possible, our staff deliver their work remotely; less than 1% of all of our chargeable engagements require in person meetings. Typically, our projects utilise public cloud infrastructure, with Google Cloud Platform (GCP) being our preferred provider; alternatively Microsoft Azure is chosen. Both of these global corporations have published commitments to be carbon neutral or carbon negative by 2030 (Google: https://sustainability.google/operating-sustainably/net-zero-carbon Microsoft: https://www.microsoft.com/en-us/corporate responsibility/sustainability/report) and so, by taking the active decision to supply our services using these infrastructure offerings, Synanetics is able to ensure that the most power intensive and therefore carbon intensive elements of our business operations are addressed and reduced. Ultimately, Synanetics already has a very small carbon footprint, but our focus on measures which minimise levels of carbon production mean that we will be Net Zero by 2040 at the latest, but an earlier date of Net Zero by 2030 is achievable as a stretch target.

  Tackling economic inequality

  Synanetics is a Small and Medium Sized Business (SME) and we recognize that our ability to make significant contributions to the themes around Tackling Economic Inequality are necessarily constrained by our size. As a knowledge business designing and supporting solutions used across NHS customers, all job roles demand high-levels of education, knowledge and experience of programming and high levels of demonstrable problem solving abilities so that the engineering principles which deliver the company’s ongoing success are maintained as we expand. The majority of our solutions are delivered as hosted and managed services, using either Google Cloud Platform (GCP) or Microsoft Azure and therefore we do benefit from the industry leading commitments and behaviours which these global corporations enshrine in their corporate ethos. However, we clearly understand that we need to be pro-active and can confirm that our business is committed to the concept of behaving as a good corporate citizen; therefore we embrace issues pertaining to social value. Synanetics continued growth and expansion by definition supports new businesses, creates new jobs and develops new skills. Our ongoing appraisal process, together with a culture of continuous professional development, means that our clear ambition is for employees to expand their knowledge and experience, which in-turn drives our ability to meet and exceed customer expectations. With regards to the Real Living Wage (as specified by Living Wage foundation) Synanetics can confirm that all of our roles pay significantly more than these rates. Because of the size and scale of Synanetics operations, it is fundamentally important that ongoing focus on the viability of our projects is maintained throughout the life of the contract. All projects are reviewed on a monthly basis and so, should the resources planned and allocated to a project fall out of expectations, it will be reported, managed and rectified.

Pricing

• Price: £0.40 to £1.20 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.cook@synanetics.com. Tell them what format you need. It will help if you say what assistive technology you use.