Visiba Care

Visiba Triage

Visiba Triage is a market-leading AI-enabled medical device. The AI-enabled system is a clinical decision support tool, that conducts patient assessments and surfaces clinical urgency and differential diagnoses to healthcare professionals.

Includes configurable levels of automation as well as live integration with core healthcare software.

Features

• AI-enabled triage solution (Visiba Triage powered by Red Robin)
• Intelligently takes patient history for new symptoms
• Provides HCPs with urgency rating based on Manchester triage scale
• Provides differential diagnoses and probability
• Asynchronous messaging or chat
• Ability to consult colleagues discretely
• Secure video calls with up to 10 patients or colleagues
• Dynamic fully configurable forms
• Supports integrated care, primary care and secondary care services
• Patient portal available on iOS/Android app and web portal

Benefits

• Ease pressure on busy services
• Reduce inbound telephone calls
• Free up clinical time
• Reduce administration
• Hold more efficient and informed consultations
• Minimise risk of not considering lower probability conditions
• Reduce waiting lists and backlogs
• Guide patients to right level of care at right time
• Reduce DNA rates
• Provide a patient-friendly app with superior user-experience

£2.00 to £3.00 a transaction a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hannah.gibson@visibacare.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

553379264223613

Contact

Hannah Gibson
07725723438
hannah.gibson@visibacare.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: There are no service constraints that buyers need to be aware of.
• System requirements:
  • Access to a laptop/PC with a stable internet connection
  • Access to one of Google Chrome/Firefox/Microsoft Edge Chromium

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our average response time is between 30 minutes and 1 hour. ; ; We provide emergency support at the weekend for Severity Level 1 and Severity Level 2 incidents.; ; We provide 24-hour technical support.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Visiba provides a level of support within the fixed price of the service that is designed to meet all the needs of the service users. This includes training sessions at contract start, and at agreed intervals, as well as online resources for ongoing training. The service desk is also available for ongoing queries, between 9-5pm Monday to Friday. 24-hour technical support is also available.; ; Customers have support from their own Account Manager and the Visiba Support desk. Please note, there is no additional cost for support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: At Visiba, we provide focused training to our customers. Traditionally onsite, this has latterly taken place virtually. ; ; Training is delivered and tailored to the customer’s needs, i.e are they an Administrator or a Healthcare Professional. ; ; Documentation such as training manuals and video guides are also available in the solution itself , via the Visiba Helpcentre and can be easily accessed by healthcare professionals. ; ; In addition to the above documentation, we provide healthcare professionals with a simple customisable document which they can send to patients to show them how to enter the solution.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The customer contacts their representative at Visiba and asks for a full data export.; A system engineer will thereafter perform; 1) a database export with all available data, and 2) a folder compression of all uploaded files still available on Visiba servers.; These two exports will be encrypted and transferred to the customer representative through an agreed file transfer service.
• End-of-contract process: To provide a smooth handover, transitioning between solutions has to happen with some overlap to ensure the patients and Healthcare Professionals with booked meetings and ongoing communication are not terminated without another accessible solution. ; ; Visiba will be available for one week after the end of contract unless otherwise agreed. This ensures customers take all relevant EMR notes and that data has been transferred before access is denied. Visiba will share all statistics and data for the customer per user, reception and organisation level.; ; Please note: personal data and patient information is deleted one week after end of contract unless the customer has come to another written arrangement with Visiba.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences between the mobile and desktop service.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service consists of a web-app and a web interface where patients can access online triage and communicate with healthcare through different digital channels. The patient can book a video consultation or a physical appointment, join a digital drop-in room or communicate through chat or written messages with the HCP. To perform the video consultation, the patient must register and sign in. In the service the patient can also view their ongoing cases, make a payment or cancel if necessary. The patient can also access other services or information provided by the clinic, through custom buttons with embedded web content.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We care about accessibility and we are improving constantly by introducing accessibility requirements as well as testing into our product development process. We have recently completed a full accessibility report, covering all areas of the solution based on the Web Content Accessibility Guidelines (WCAG). All issues identified were recorded and reported to each of the affected product development teams with the aim of fixing the identified issues based on a prioritised order. We have also tested our interfaces with users who have visual impairments and use screen readers as assistive technology. At the same time we have included screen reader testing internally, where our test team checks new developed features.
• API: Yes
• What users can and can't do using the API: Visiba offer open APIs with a number of different endpoints including endpoints for patients, appointments, healthcare services, healthcare practitioners and more.; ; Access to the API (sandbox and production environment) is requested to Visiba. All requests to the API requires a use case and description of what you are trying to achieve which enables us to support you in the most effective manner.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Appearance; The service is delivered as "white label", making it possible to customise the platform to the graphic profile of the customers own brand, by choosing colours, fonts and logos. These customisations are done by Visiba personnel.; ; Functionality; The service can be completely tailored to the different care providers in the customers' organisation using the product. The platform is built to be able to handle large healthcare organisations.; ; Each clinic in the organisation has the opportunity to control how caregivers and patients should be able to communicate digitally; through Visiba Triage, as well as via video consultations initiated by caregivers, patient-initiated bookable video calls, drop-in video calls and asynchronous messaging service. Each reception also has the opportunity to add one or more unique questionnaires before or after the digital visit.; ; - All texts in the platform can be adapted; - Authentication methods can configure customer-specific, both for caregivers and patients; - Connections to third-party services, such as EMR, user databases, payment systems or authentication services; ; The majority of all functional adjustments can be made by the customer through an administrator account.

Scaling

• Independence of resources: Our SaaS platform is hosted with a scalable architecture in multiple data centres, ensuring both redundancy as well as availability. Server usage and stability is monitored 24/7 and in the event of increased usage, servers are added and/or upgraded instantaneously to manage higher loads.

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide reports with:; ; · Number of submitted patient cases; · Clinical urgency occurrence (1-8); · Clinical agreement with triage outcomes; · Clinician rating & feedback; · Patient rating & feedback; ; Upon customer request, Visiba can provide expended and customised report with following data on all required organisational levels:; ; · Patient demographic; · Number of unique patients in the app; · Average time spent in app; · System performance; · System Usage; · Patient conversion rate
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export data in the solution via the statistics menu in the solution.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XLSX
• Data import formats: Other
• Other data import formats:
  • Data is not imported by the customers
  • Certain data can be imported by engineers at Visiba

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Private network or public sector network

Availability and resilience

• Guaranteed availability: The uptime of Visiba is 99.9%.; ; If Visiba fails to meet a Service Level, the Customer will be eligible for a service credit. The service credit will amount to a percentage of the Monthly Fee (for the month when the Visiba received the Error Report from the Customer), based on the Error’s severity level and in line with Visiba's Service Level Agreement. ; ; In addition, customers will also be eligible for a service credit if Visiba fails to achieve the Service Uptime. The service credit will amount to a percentage of the Monthly Fee (for the calendar month when the Service Uptime was not achieved), depending on the achieved uptime. The maximum amount of service credits per calendar month that the Customer can get is 100% of the Monthly Fee for the calendar month. Details are provided in our Service Level Agreement.
• Approach to resilience: Available on request.
• Outage reporting: Our service uses a public status update page available at: https://status.visibacare.com/; ; Alerts can be subscribed through email, text messages and with a Slack integration.; ; Subscription to alerts can also be granular to a specific market and/or type of subservice (i.e. communication services, authentication services etc.)

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: This depends fully on which interface and available authentication methods for the specific customers. While we always recommend configuring the service to force 2FA authentication for all users, both practitioners and patients, it is however possible to add the availability of username and password. ; ; We also use NHS Login.
• Access restrictions in management interfaces and support channels: Users are allocated permission based on their roles. All sensitive management systems require 2FA and/or VPN connection.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bureau Veritas
• ISO/IEC 27001 accreditation date: 23/09/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have implemented an information security management system according to the ISO/IEC 27001:2013 standard, and a quality management system according to the ISO 13485:2016 standard. Our information security and quality management system includes, among other things, an overarching information security policy and policies and procedures for employee security, disciplinary action, password management, system access control, information asset management, physical security, operations security and secure development, business continuity, cryptographic controls and key management, and compliance with legal and contractual requirements. We also have procedures for document control, incident management, risk management (including cybersecurity), supplier evaluation and management, non-conformity management and quality assurance, etc.; ; We monitor compliance with our policies and procedures on a regular basis, and any non-conformities are managed according to our non-conformity management procedure. Policies and procedures are also reviewed according to predefined review periods (at least annually). Our management team is committed to information security and reviews the information security and quality management system as part of periodic management reviews, to ensure its continuing suitability, adequacy, and effectiveness. We have also appointed an Information Security Responsible and a Person Responsible for Regulatory Compliance. They are responsible for maintaining the information security and quality management system.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our services are continuously improved incrementally, with improvements and fixes being released every 3 weeks. Each sprint release is proceeded by a meeting, where included improvements, fixes and test outcomes. We conduct post-market surveillance activities to actively identify and correct issues or trends. Meetings (minimum two a year) where we assess the data collected and the outcomes of activities.; All ‘SOUP’ are subject to evaluation in accordance with our Quality Management System, and are documented in each respective product’s Technical Documentation with information such as risk level, why these are needed and how we verify their credibility.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: To assess potential threats, Visiba has a secure network that is protected at its internet boundary by a configured EAL4 certified firewall. The networks and firewalls are managed by the IT Team. Access to networks and servers is controlled through an Active Directory server. A secure (WPA2/PSK) wireless network access is available to employees, within the same secure network as specified above. A separated internet-only network for guest/non-it staff usage is also available. We carry out automatic patch updates with prompts to reboot where required after testing by the IT Team. Patches are deployed within 8 hours.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use third-party services from Detectify and Solarwinds that performs automated security scans on our web applications and monitors our databases in order to detect vulnerabilities and/or anomalies. The Detectify service performs weekly a deep scan that sends us a report by e-mail with potential vulnerabilities that get reviewed by our developers as well as our technical staff. Findings are group by graded severity. If any high impact risk are found, we take immediate action. Vulnerabilities classed as medium are reported to the responsible department and corrected within 24 business hours.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a tested and effective incident management policy (including a business continuity plan for certain scenarios) in place. Our staff receive incident management training and know how to recognise and escalate any suspected incident. We have allocated responsibility for managing incident to an incident team, with members from relevant departments within our organisation.; Users may report incidents to our support (emergency support is available 24/7). Depending on the severity, we will keep any affected customer informed throughout the incident management process and will also prepare a detailed incident report after the incident has been resolved.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Covid-19 recovery

  Covid-19 recovery

  Visiba Triage supports clinical services to manage inbound patient demand by automating the assessment of clinical urgency and generation of differential diagnoses. This is proven to improve the accuracy of their clinical triage through immediate assessment, that is patient-generated. In periods of excess demand, this enables providers to accuracy sort patients by urgency.; ; This related to Covid-19 recovery by optimising clinical capacity of front line services, which have been burdened with increased demand and reduced clinical capacity.

Pricing

• Price: £2.00 to £3.00 a transaction a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hannah.gibson@visibacare.com. Tell them what format you need. It will help if you say what assistive technology you use.