Health Place

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: We support the latest two versions of all modern browsers. We cannot guarantee performance on older browsers.
System requirements: No system requirements

User support

Email or online ticketing support: Email or online ticketing
Support response times: We respond within one working day to all requests, or the following Monday if a request is shared late on a Friday or over the weekend.
User can manage status and priority of support tickets: No
Phone support: No
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
Web chat accessibility testing: We use third party systems that meet accessibility standards.
Onsite support: No
Support levels: We provide standard support to all users as part of our standard pricing model - as set out in other answers.
Support available to third parties: No

Onboarding and offboarding

Getting started: We offer a full, end to end service that maximises people's access to the support they need and that minimises local deployment burdens.

We help organisations purchasing Health Place to customise the service as they wish. We advise on best routes to deployment, including integrations with other digital systems as well as cohorts to target proactively. We collect data on local and national support opportunities, only requiring access to local databases as appropriate. Videos and other 'how to' materials are offered to staff, but mostly to build awareness and buy in; deployment takes less than one minute for the average user. Health Place also offers standard data dashboard for reporting on outcomes and supply chains that is very simple to use.
Service documentation: Yes
Documentation formats: PDF

Other
Other documentation formats: Videos
End-of-contract data extraction: Any data owned by the purchaser will be available as a CSV export for 30 working days after the end of the contract.
End-of-contract process: At the end of the contract the choice is either to renew or to terminate. If the contract is terminated then data owned by the purchaser is made available at no additional cost. There are no hidden termination costs.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: No difference in functionality. Minor differences in layout of functionality.
Service interface: Yes
User support accessibility: WCAG 2.1 AA or EN 301 549
Description of service interface: Health Place is a web app that offers three interfaces for users: a) search bar b) a support finder quiz and c) a support assistant. An admin area also offers access to extra tools for providers and commissioners.
Accessibility standards: WCAG 2.1 AA or EN 301 549
Accessibility testing: We have tested use of the system with a) A public and patient involvement group who experience a diverse range of health problems and disabilities; b) user testing with a range of users c) formal testing of accessibility
API: Yes
What users can and can't do using the API: Users can receive or share data feeds with Health Place using a private API - access to which is restricted by an API key. We also have the capability to also offer Open/ Public APIs on a bespoke basis.

API documentation available with NDA only.
API documentation: Yes
API documentation formats: PDF
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Branding can be customised throughout the platform. Our team will implement your guidelines and designs. (see rate card)

Health Place can be integrated with any digital system, for example websites, intranets, apps., social media, messaging channels, client management systems. Options for bespoke integrations include use of links, fully customisable widgets or APIs.

We can collect and process data sets in the form you want, for example data limited to certain types of support or locations, or on a more bespoke basis.

Data dashboards can be customised in many ways so as to offer the insights you need on a timely basis.

Health Place can help you to build campaigns using Health Place, including helping you to analyse data to target specific cohorts, helping you to import personal data into Health Place (on a secure, encrypted basis) for the purposes of inviting and onboarding users and also supporting effective deployment by front line professionals.

Scaling

Independence of resources: The platform has been subject to an independent, well-architected review and further mitigations have been put in place to ensure maximum scalability. Hosting is provided through a full managed service by AWS. We have robust reporting on all aspect of platform performance. New processing power can be added automatically as and when the number of users increases without any friction for the end user.

Analytics

Service usage metrics: Yes
Metrics types: The main metrics we report on include the following KPIs.
Numbers for use the service - split as required for locality and referral channel.
Number and percentage of users viewing support listings.
Number and percentage making access requests for support. Numbers of account creations.
Aggregated progress reports for users who create an account including activation and progress with chosen goals and a summary of the economic valuation of these outcomes.

We can also provide more tailored reporting on a custom basis according to your requirements.
Reporting types: Real-time dashboards

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: European Economic Area (EEA)
User control over data storage and processing locations: No
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least every 6 months
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with another standard

Encryption of all physical media

Scale, obfuscating techniques, or data storage sharding

Other
Other data at rest protection approach: Use of OAuth2, mandatory 2 factor authentication, encryption of all data in transit and at rest, role management controls within siloed zones in the platform and other best practices.
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: The Health Place data team will export a purchaser's data for them and make this available as a CSV export using our standard format.

Health Place never shares personal data without the explicit permission of the user's who own this data.
Data export formats: CSV
Data import formats: CSV

ODF

Other

Data-in-transit protection

Data protection between buyer and supplier networks: Other
Other protection between networks: We normally receive public data only from customers.

In some cases we will work with a customer - on site or through remote access - to help them set up a cohort that will then be messaged through their own system with a link to Health Place. For the NHS we do this as non salaried employees with a full DPIA in place.

In some cases personal data is encrypted and then uploaded to Health Place on a one off basis.

Integrations are in train with TPP SystmOne, EMIS and Health Information Exchange
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: We guarantee performance and availability standards of 99.5% including all major upgrades as well as disaster recovery.
Approach to resilience: Health Place is hosted through a full managed service from AWS, who on our behalf operate distributed servers for maximum resilience (e.g. fires at a data centre) and best practices in disaster recovery. Copies of all data are made daily, alongside automated back-ups of live data.
Outage reporting: Major outages and maintenance events are reported on the website's status page alongside email alerts.

Identity and authentication

User authentication needed: No
Access restrictions in management interfaces and support channels: We operate strict role based access to the platform, supported by two factor authentication and O Auth-2.

For members of the public wishing to use our advanced support assistant features, or provider organisations wishing to edit their support listings, they must create an account that uses the same security protections.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: No
Security governance approach: The company's CTO is held accountable for data security and privacy, which is a standing item at board meetings.

We hold an internal risk log of security threats, which is updated and reviewed on a continual basis as new risks come to light.

The CTO leads on ensuring that the design and implementation of all software maximises protection against known risks.

We carry out independent reviews of security along with third party penetration testing and update our risk log and risk mitigations accordingly.
Information security policies and processes: Our CTO leads on data security and privacy and reports to the CEO and board on these issues on a regular basis.

The CTO manages the development team who are in turn tasked with adhering to requirements and technical solutions for data security and privacy specified by the CTO.

The results of independent reviews and penetration tests are reported directly to the board and the CTO is then tasked with implementing any necessary mediations, covering both capacity for monitoring potential security hazards and applying best practices to new software design and delivery.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Implementation of all new features and code is subject to design for maximum data security.

All code released is subject to unit testing prior to release.

The platform is monitored on a continual basis for suspicious activity.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: We have a set of advanced capabilities for monitoring use of the system and spotting potential red flag events immediately. Patches can be applied within hours, if not sooner. The CTO is held responsible for keeping abreast of new and common threats to data security and adding these to the corporate risk register and actioning further risk mitigations as appropriate.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: As noted above, the platform monitors use of the platform and flags potential security threats in real time.
Incident management type: Supplier-defined controls
Incident management approach: Our pre-defined process for incident management is as follows.

1. Identify and categorise the issue
2. Notification and escalation
3. Investigation and diagnosis
4. Resolution and recovery
5. Incident closure
6. Disclosure of an incident report to trusted parties - depending on severity of issue - via normal support channels i.e. via webchat or email.

Users can raise issues through our normal support channels where they will be ticketed and taken through our standard process as above.

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Fighting climate change: Fighting climate change

Health Place promotes access to the nearest and best support available to users. It thus helps to reduce the carbon foot print as well as improve the economic vitality and environmental sustainability of places.
Covid-19 recovery: Covid-19 recovery

Covid-19 has resulted in an enormous backlog of patients waiting for support and a further increase in the number of adults with one or more long term condition. Health Place provides essential support for these cohorts and in the process helps to mitigate pressures on the NHS and other local public services.
Tackling economic inequality: Tackling economic inequality

Health Place includes many resources that help less advantaged users to find support and new economic opportunities. This includes access to employment support and jobs as well as access to financial advice and services, legal advice, housing and welfare support.
Equal opportunity: Equal opportunity

Health Place is widely used as a way of targeting and supporting people who experience greater health inequality for example as a result of lower social class, income, ethnicity, sexual preference, health conditions, forms of disability or discrimination as well as lower access to support for other reasons..
Wellbeing: Wellbeing

Health Place offers uniquely comprehensive support for increasing the health and wellbeing of users. This extends to the employees of companies as well as patients of the NHS. Health Place allows users to access support that is safe and appropriate for them and it allows users to track their wellbeing and progress and receive ongoing support.

Pricing

Price: £0.06 to £0.10 a unit a year
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Health Place

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents