Skip to main content

Help us improve the Digital Marketplace - send your feedback

Inform Health Limited

Inform HIV

Inform HIV is a Health Information System for HIV, bringing together the tools required to support the delivery of a modern HIV service. Inform HIV includes clinic and appointment management, documentation of clinical care, e-prescribing, laboratory integration, reporting including HARS and if required, integration with PAS and other systems.

Features

  • Full version history available at the point of care
  • Role based and clinical competency based access permissions
  • Real time waiting room management for handover between HCP's
  • Prescribing module built in
  • Vaccination management, planning and follow up
  • E-Requesting & Results
  • ARV and results visualisation
  • HARS Reporting
  • Integration with PHR for patient self management
  • PHR for results on line, self taken histories etc

Benefits

  • Intelligent tools to modernise and enhance working practice
  • Support for patient self management
  • Support for clinical trails

Pricing

£64,333.28 to £98,566.64 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at susan.bunn@informhealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

5 4 0 1 2 0 0 0 8 4 9 7 2 3 7

Contact

Inform Health Limited Susan Bunn
Telephone: 01285619999
Email: susan.bunn@informhealth.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Planned maintenance is scheduled outside of normal working hours between Midnight and 5AM or as agreed with the customer.
System requirements
  • MS Edge Browser required (for Inform HIV application users)
  • Chrome (for patient facing systems access)
  • Browser independent (for patient facing systems access)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Hours of Operation are Monday to Friday 08:00 to 20:00 (Excluding Bank Holidays) Saturday 09:00 to 17:30. Guaranteed levels of availability are Monday to Friday 08:00 to 20:00 (Excluding Bank Holidays) and Saturday 09:00 to 17:30. CATEGORY 1 - Service Level Target for Incident assessment and initial response - 1hr. Service Level Target for Resolution or Workaround 6hr. CATEGORY 2 - Service Level Target for Incident assessment and initial response - 1hr. Service Level Target for Resolution or Workaround 8hr. The target to respond to questions is within 24 operational hours.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
Inform Service Desk is a functional unit responsible for managing a variety of service activities made via telephone or email.

The service desk is the single point of contact (SPOC) between the service being provided and the service users. Service desk staff execute the incident management and request fulfilment process to restore the normal-state service operation to the users as quickly as possible. In context ‘restoration of service’ is meant in the widest possible sense. While this could be fixing a technical fault, it could equally involve fulfilling a service request or answering a query – Specific responsibilities of the service desk are:

Logging all relevant incidents and service request details.
Allocation, categorisation and prioritisation.
Providing first-line investigation and diagnosis.
Resolving incidents and service-requests when first contacted whenever possible.
Escalating incidents and service-requests that they cannot resolve within agreed timescales.
Keeping users informed or progress.
Closing all resolved incidents, requests and other calls. (Service desk is responsible for ensuring all the information required is captured prior to the tickets being closed.)
Conducting customer/user satisfaction call-backs/surveys
Communication with users.

A single level of service is provided to all customers and a technical account manager is also provided wherever needed.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
A combination of training styles are available to suit local need. Onsite training is delivered to individual staff roles in groups of 8 to 10 staff. On site, online and web learning is available. User documentation is provided.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
MS Word
End-of-contract data extraction
Upon the end of the contract, a full copy of the database will be supplied to the customer through an agreed method. An Read only database can also be provided if required.
End-of-contract process
Exit planning and an extract of the data will be provided within the cost of the contract. The data remains the property of the customer and is handed back to the customer in a range of formats. Any data on the Inform Health systems will be securely destroyed after an agreed period of time.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Patient facing systems have been designed for mobile operation and are browser independent.
Service interface
No
User support accessibility
WCAG 2.1 A
API
Yes
What users can and can't do using the API
The API is used to communicate between the Inform HIV clinical applications and web based patient facing technologies or patient facing kiosk and vending technologies. Changes that can be made utilising the API include updating of demographics, through to self taken patient histories, patient contribution and adjustment to the clinical record.
The API is a system to system level API and is maintained and supported by Inform Health only.
API documentation
Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
All users, user access, roles and permissions are managed locally by the customer. Clinic and appointment management is managed by the customer. Care Templates are fully customisable, the Care Template build is carried out by Inform with local configuration of the various options managed directly by the customer. Patient triage is fully customisable and specified by the customer and configured by Inform.

Scaling

Independence of resources
Infrastructure is continually monitored and sized appropriately to meet the demand. Where required additional resources will be made available to fulfil user demand.

Analytics

Service usage metrics
Yes
Metrics types
Monthly service reports, detailing KPIs against the contract, are provided to nominated contacts at the customer organisation.
Reporting types
Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Pulsant Limited

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Application SQL databases are encrypted at rest
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data reports are available for the users to download to their local environment, various formats including CSV and XML are supported. Electronic request messages are exported in an HL7 message format.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML (for HARS)
  • HL7 for Order Request Messages (ORM)
  • SQL tables
Data import formats
  • CSV
  • Other
Other data import formats
SQL Tables

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Guaranteed levels of availability are Monday to Friday 08:00 to 20:00 (Excluding Bank Holidays) and Saturday 09:00 to 17:30.

CATEGORY 1 -
Service Level Target for Incident assessment and initial response - 1hr.
Service Level Target for Resolution or Workaround 6hr.

CATEGORY 2 -
Service Level Target for Incident assessment and initial response - 1hr.
Service Level Target for Resolution or Workaround 8hr.
Approach to resilience
Redundancy is built into the system from the onset so that a loss of any single device or system will not affect the application's functionality. This includes redundant HSCN and Internet connection utilising diverse routing into the primary datacentre. In the event of a total failure of the primary datacentre, a geographically separate Disaster Recovery environment has been deployed with realtime replication of data between the primary and secondary datacentres.
Outage reporting
Service-impacting outages will be communicated to the primary contact at the customer organisation via email.
SLA reports are issued monthly by email and supported as standard with quarterly performance review meetings (or more frequently if required). The SLA report details all outages along with tickets open at the start of the period, tickets raised and solved during the period and open tickets at the end of the period.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Inform limits access to customer systems to specific individuals in the organisation who provide support and maintenance. Access is via HSCN and secure token. Authorisation is only granted once detailed training has been completed in accordance with the Inform security policy.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
NQA (for Pulsant Datacentres)
ISO/IEC 27001 accreditation date
13/06/2011
What the ISO/IEC 27001 doesn’t cover
N\A
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
25/10/2013 (for Pulsant Datacentres)
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
N/A
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
Data Security and Protection Toolkit

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
NHS Data Security & Protection Toolkit
Cyber Essentials
Information security policies and processes
Inform follows ISO27001 processes and will be certified by July 2024. Inform has a dedicated Compliance Director who sets policy and a separate internal auditor who audits staff equipment, accesses and training based upon the company policies. Inform's internal auditor reports to the external ISO auditor.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Inform follows the ITIL Change Management processes and also complies with the requirements of the DCB0129 standard for the safe manufacture of clinical systems. Any change to the system is documented and undergoes a business review and a technical review before being accepted/ rejected. If accepted, the change is risk assessed based on clinical safety and information security. Prior to development a specification is drafted and reviewed by the Inform Design Council. Iterative testing documentation is produced at each stage of the software development life cycle.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The operating environment is scanned daily using Tenable Vulnerability Manager for vulnerabilities. Critical vulnerabilities are immediately risk assessed and any mitigating actions applied. Vendor critical patches are applied with a target time of 48 hours. Routine patches are applied in line with patch schedules on the estate, but typically within 14 days.

Inform Health are members of CISP from the NCSC and receive threat intelligence from the NHS Cyber Associates Network amongst other industry feeds.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The hosting provider has deployed a suite of automated tools which monitor and alert on changes within the technology estate. Changes are compared against change management and any activity identified outside of expectation is promoted for investigation under incident management processes, including major incident invocation if required. Logs are retained should forensic analysis be required.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Inform operates an ITIL V4 incident management process.

The service desk provides the first response to customers’ requests, whether they come through the telephone or email and triage based upon priority and complexity, escalating where required as per the Inform Incident Management process. This policy and process is available on request

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
Health and Social Care Network (HSCN)

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Wellbeing

Fighting climate change

Inform Health are fully committed to fighting Climate Change and improving environmental sustainability by actively engaging stakeholders within the business to ensure that the Net Zero target of 2040 is achieved through a carbon reduction plan.

Measures such as the following are already in place to reduce carbon emissions and improve sustainability.

• Moving to paper free where possible
• Reducing business travel through the use of virtual meeting functionality
• Ensuring business travel is used shared transport where possible
• A policy of reduce, reuse and recycle to decrease the amount of waste produced
• Reducing food miles and using in-season items
• Ensuring that energy efficient technologies and processes are used

In addition the above, plans are in place to implement additional measures such as:

• Ensuring the supply chain utilises green energy
• Offering electric vehicles to staff as part of a salary sacrifice scheme
• Encouraging staff to walk or cycle to work where possible
• Utilising carbon offsets for business travel and energy utilisation

Tackling economic inequality

Inform guarantee that 100% of Inform staff are paid higher than the "Real Living Wage". We will continue to monitor this and ensure we always maintain this position.
Based in an area of social deprivation Inform Health Limited seek to recruit locally first and to train and mentor staff to assist them to achieve greater potential.
Inform has no gender pay gap. Inform Health will ensure this position is maintained.
Inform pay over 95% of all invoices within 30 days. We will monitor and endeavour to maintain or increase this percentage.

Wellbeing

Inform Health Limited sponsor NHS customer staff events annually. Inform have committed to donate the sum of £1000 per year for the next five (5) years to WEN.org.uk, who through community projects work with the local community to support adults and children with sustainable, wellbeing projects.

Pricing

Price
£64,333.28 to £98,566.64 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at susan.bunn@informhealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.