Inform Health Limited

Inform HIV

Inform HIV is a Health Information System for HIV, bringing together the tools required to support the delivery of a modern HIV service. Inform HIV includes clinic and appointment management, documentation of clinical care, e-prescribing, laboratory integration, reporting including HARS and if required, integration with PAS and other systems.

Features

• Full version history available at the point of care
• Role based and clinical competency based access permissions
• Real time waiting room management for handover between HCP's
• Prescribing module built in
• Vaccination management, planning and follow up
• E-Requesting & Results
• ARV and results visualisation
• HARS Reporting
• Integration with PHR for patient self management
• PHR for results on line, self taken histories etc

Benefits

• Intelligent tools to modernise and enhance working practice
• Support for patient self management
• Support for clinical trails

£64,333.28 to £98,566.64 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at susan.bunn@informhealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

540120008497237

Contact

Susan Bunn
01285619999
susan.bunn@informhealth.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Planned maintenance is scheduled outside of normal working hours between Midnight and 5AM or as agreed with the customer.
• System requirements:
  • MS Edge Browser required (for Inform HIV application users)
  • Chrome (for patient facing systems access)
  • Browser independent (for patient facing systems access)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Hours of Operation are Monday to Friday 08:00 to 20:00 (Excluding Bank Holidays) Saturday 09:00 to 17:30. Guaranteed levels of availability are Monday to Friday 08:00 to 20:00 (Excluding Bank Holidays) and Saturday 09:00 to 17:30. CATEGORY 1 - Service Level Target for Incident assessment and initial response - 1hr. Service Level Target for Resolution or Workaround 6hr. CATEGORY 2 - Service Level Target for Incident assessment and initial response - 1hr. Service Level Target for Resolution or Workaround 8hr. The target to respond to questions is within 24 operational hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Inform Service Desk is a functional unit responsible for managing a variety of service activities made via telephone or email.; ; The service desk is the single point of contact (SPOC) between the service being provided and the service users. Service desk staff execute the incident management and request fulfilment process to restore the normal-state service operation to the users as quickly as possible. In context ‘restoration of service’ is meant in the widest possible sense. While this could be fixing a technical fault, it could equally involve fulfilling a service request or answering a query – Specific responsibilities of the service desk are:; ; Logging all relevant incidents and service request details.; Allocation, categorisation and prioritisation.; Providing first-line investigation and diagnosis.; Resolving incidents and service-requests when first contacted whenever possible.; Escalating incidents and service-requests that they cannot resolve within agreed timescales.; Keeping users informed or progress.; Closing all resolved incidents, requests and other calls. (Service desk is responsible for ensuring all the information required is captured prior to the tickets being closed.); Conducting customer/user satisfaction call-backs/surveys; Communication with users.; ; A single level of service is provided to all customers and a technical account manager is also provided wherever needed.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A combination of training styles are available to suit local need. Onsite training is delivered to individual staff roles in groups of 8 to 10 staff. On site, online and web learning is available. User documentation is provided.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: MS Word
• End-of-contract data extraction: Upon the end of the contract, a full copy of the database will be supplied to the customer through an agreed method. An Read only database can also be provided if required.
• End-of-contract process: Exit planning and an extract of the data will be provided within the cost of the contract. The data remains the property of the customer and is handed back to the customer in a range of formats. Any data on the Inform Health systems will be securely destroyed after an agreed period of time.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Patient facing systems have been designed for mobile operation and are browser independent.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: The API is used to communicate between the Inform HIV clinical applications and web based patient facing technologies or patient facing kiosk and vending technologies. Changes that can be made utilising the API include updating of demographics, through to self taken patient histories, patient contribution and adjustment to the clinical record.; The API is a system to system level API and is maintained and supported by Inform Health only.
• API documentation: Yes
• API documentation formats:
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: All users, user access, roles and permissions are managed locally by the customer. Clinic and appointment management is managed by the customer. Care Templates are fully customisable, the Care Template build is carried out by Inform with local configuration of the various options managed directly by the customer. Patient triage is fully customisable and specified by the customer and configured by Inform.

Scaling

• Independence of resources: Infrastructure is continually monitored and sized appropriately to meet the demand. Where required additional resources will be made available to fulfil user demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Monthly service reports, detailing KPIs against the contract, are provided to nominated contacts at the customer organisation.
• Reporting types: Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Pulsant Limited

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Application SQL databases are encrypted at rest
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data reports are available for the users to download to their local environment, various formats including CSV and XML are supported. Electronic request messages are exported in an HL7 message format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML (for HARS)
  • HL7 for Order Request Messages (ORM)
  • SQL tables
• Data import formats:
  • CSV
  • Other
• Other data import formats: SQL Tables

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Guaranteed levels of availability are Monday to Friday 08:00 to 20:00 (Excluding Bank Holidays) and Saturday 09:00 to 17:30.; ; CATEGORY 1 -; Service Level Target for Incident assessment and initial response - 1hr.; Service Level Target for Resolution or Workaround 6hr.; ; CATEGORY 2 -; Service Level Target for Incident assessment and initial response - 1hr.; Service Level Target for Resolution or Workaround 8hr.
• Approach to resilience: Redundancy is built into the system from the onset so that a loss of any single device or system will not affect the application's functionality. This includes redundant HSCN and Internet connection utilising diverse routing into the primary datacentre. In the event of a total failure of the primary datacentre, a geographically separate Disaster Recovery environment has been deployed with realtime replication of data between the primary and secondary datacentres.
• Outage reporting: Service-impacting outages will be communicated to the primary contact at the customer organisation via email.; SLA reports are issued monthly by email and supported as standard with quarterly performance review meetings (or more frequently if required). The SLA report details all outages along with tickets open at the start of the period, tickets raised and solved during the period and open tickets at the end of the period.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Inform limits access to customer systems to specific individuals in the organisation who provide support and maintenance. Access is via HSCN and secure token. Authorisation is only granted once detailed training has been completed in accordance with the Inform security policy.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA (for Pulsant Datacentres)
• ISO/IEC 27001 accreditation date: 13/06/2011
• What the ISO/IEC 27001 doesn’t cover: N\A
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 25/10/2013 (for Pulsant Datacentres)
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: N/A
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Data Security and Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: NHS Data Security & Protection Toolkit; Cyber Essentials
• Information security policies and processes: Inform follows ISO27001 processes and will be certified by July 2024. Inform has a dedicated Compliance Director who sets policy and a separate internal auditor who audits staff equipment, accesses and training based upon the company policies. Inform's internal auditor reports to the external ISO auditor.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Inform follows the ITIL Change Management processes and also complies with the requirements of the DCB0129 standard for the safe manufacture of clinical systems. Any change to the system is documented and undergoes a business review and a technical review before being accepted/ rejected. If accepted, the change is risk assessed based on clinical safety and information security. Prior to development a specification is drafted and reviewed by the Inform Design Council. Iterative testing documentation is produced at each stage of the software development life cycle.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The operating environment is scanned daily using Tenable Vulnerability Manager for vulnerabilities. Critical vulnerabilities are immediately risk assessed and any mitigating actions applied. Vendor critical patches are applied with a target time of 48 hours. Routine patches are applied in line with patch schedules on the estate, but typically within 14 days. ; ; Inform Health are members of CISP from the NCSC and receive threat intelligence from the NHS Cyber Associates Network amongst other industry feeds.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The hosting provider has deployed a suite of automated tools which monitor and alert on changes within the technology estate. Changes are compared against change management and any activity identified outside of expectation is promoted for investigation under incident management processes, including major incident invocation if required. Logs are retained should forensic analysis be required.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Inform operates an ITIL V4 incident management process.; ; The service desk provides the first response to customers’ requests, whether they come through the telephone or email and triage based upon priority and complexity, escalating where required as per the Inform Incident Management process. This policy and process is available on request

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  Inform Health are fully committed to fighting Climate Change and improving environmental sustainability by actively engaging stakeholders within the business to ensure that the Net Zero target of 2040 is achieved through a carbon reduction plan.; ; Measures such as the following are already in place to reduce carbon emissions and improve sustainability.; ; • Moving to paper free where possible; • Reducing business travel through the use of virtual meeting functionality; • Ensuring business travel is used shared transport where possible; • A policy of reduce, reuse and recycle to decrease the amount of waste produced; • Reducing food miles and using in-season items; • Ensuring that energy efficient technologies and processes are used; ; In addition the above, plans are in place to implement additional measures such as:; ; • Ensuring the supply chain utilises green energy; • Offering electric vehicles to staff as part of a salary sacrifice scheme; • Encouraging staff to walk or cycle to work where possible; • Utilising carbon offsets for business travel and energy utilisation

  Tackling economic inequality

  Inform guarantee that 100% of Inform staff are paid higher than the "Real Living Wage". We will continue to monitor this and ensure we always maintain this position.; Based in an area of social deprivation Inform Health Limited seek to recruit locally first and to train and mentor staff to assist them to achieve greater potential.; Inform has no gender pay gap. Inform Health will ensure this position is maintained.; Inform pay over 95% of all invoices within 30 days. We will monitor and endeavour to maintain or increase this percentage.

  Wellbeing

  Inform Health Limited sponsor NHS customer staff events annually. Inform have committed to donate the sum of £1000 per year for the next five (5) years to WEN.org.uk, who through community projects work with the local community to support adults and children with sustainable, wellbeing projects.

Pricing

• Price: £64,333.28 to £98,566.64 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at susan.bunn@informhealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.