Health Place
Health Place is a next generation support directory that makes it easy for people to access the support they need, with an assistant that offers ongoing support and progress tracking. It works to make support as accessible as possible, including through public campaigns as well as many digital integrations.
Features
- Data in system is updated automatically
- Ready-made national data set including apps, web and helplines
- Integrations with other digital systems e.g websites, messaging and CRM
- Customisation to support any data set or target audience required
- Run campaigns to target and engage with thousands of people
- Search and support recommendation for the most relevant support
- Support assistant for action planning, learning and accessing ongoing support
- Data dashboards that track engagement, supply chains and demand patterns
- Built in quality assurance and user review
- Branding of platform as required
Benefits
- Less time spent collecting and updating data
- Uniquely comprehensive support for public
- Ensures widest possible access to support
- Maximum local flexibility of use
- Reach whole target populations at ultra-low cost
- Easy for users to find appropriate support
- Maximises the chances of successful behaviour change
- Unique intelligence on local supply and demand
- Assurance of quality and safety builds trust and engagement
- Branding helps to build the profile and reputation of user
Pricing
£0.06 to £0.10 a unit a year
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
5 8 2 8 0 3 8 6 8 7 1 0 3 6 8
Contact
HEALTH PLACE LIMITED
Matthew Pike
Telephone: 07885 540216
Email: matthew@healthplace.io
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- We support the latest two versions of all modern browsers. We cannot guarantee performance on older browsers.
- System requirements
- No system requirements
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We respond within one working day to all requests, or the following Monday if a request is shared late on a Friday or over the weekend.
- User can manage status and priority of support tickets
- No
- Phone support
- No
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- We use third party systems that meet accessibility standards.
- Onsite support
- No
- Support levels
- We provide standard support to all users as part of our standard pricing model - as set out in other answers.
- Support available to third parties
- No
Onboarding and offboarding
- Getting started
-
We offer a full, end to end service that maximises people's access to the support they need and that minimises local deployment burdens.
We help organisations purchasing Health Place to customise the service as they wish. We advise on best routes to deployment, including integrations with other digital systems as well as cohorts to target proactively. We collect data on local and national support opportunities, only requiring access to local databases as appropriate. Videos and other 'how to' materials are offered to staff, but mostly to build awareness and buy in; deployment takes less than one minute for the average user. Health Place also offers standard data dashboard for reporting on outcomes and supply chains that is very simple to use. - Service documentation
- Yes
- Documentation formats
-
- Other
- Other documentation formats
- Videos
- End-of-contract data extraction
- Any data owned by the purchaser will be available as a CSV export for 30 working days after the end of the contract.
- End-of-contract process
- At the end of the contract the choice is either to renew or to terminate. If the contract is terminated then data owned by the purchaser is made available at no additional cost. There are no hidden termination costs.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- No difference in functionality. Minor differences in layout of functionality.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- Health Place is a web app that offers three interfaces for users: a) search bar b) a support finder quiz and c) a support assistant. An admin area also offers access to extra tools for providers and commissioners.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- We have tested use of the system with a) A public and patient involvement group who experience a diverse range of health problems and disabilities; b) user testing with a range of users c) formal testing of accessibility
- API
- Yes
- What users can and can't do using the API
-
Users can receive or share data feeds with Health Place using a private API - access to which is restricted by an API key. We also have the capability to also offer Open/ Public APIs on a bespoke basis.
API documentation available with NDA only. - API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Branding can be customised throughout the platform. Our team will implement your guidelines and designs. (see rate card)
Health Place can be integrated with any digital system, for example websites, intranets, apps., social media, messaging channels, client management systems. Options for bespoke integrations include use of links, fully customisable widgets or APIs.
We can collect and process data sets in the form you want, for example data limited to certain types of support or locations, or on a more bespoke basis.
Data dashboards can be customised in many ways so as to offer the insights you need on a timely basis.
Health Place can help you to build campaigns using Health Place, including helping you to analyse data to target specific cohorts, helping you to import personal data into Health Place (on a secure, encrypted basis) for the purposes of inviting and onboarding users and also supporting effective deployment by front line professionals.
Scaling
- Independence of resources
- The platform has been subject to an independent, well-architected review and further mitigations have been put in place to ensure maximum scalability. Hosting is provided through a full managed service by AWS. We have robust reporting on all aspect of platform performance. New processing power can be added automatically as and when the number of users increases without any friction for the end user.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
The main metrics we report on include the following KPIs.
Numbers for use the service - split as required for locality and referral channel.
Number and percentage of users viewing support listings.
Number and percentage making access requests for support. Numbers of account creations.
Aggregated progress reports for users who create an account including activation and progress with chosen goals and a summary of the economic valuation of these outcomes.
We can also provide more tailored reporting on a custom basis according to your requirements. - Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Other
- Other data at rest protection approach
- Use of OAuth2, mandatory 2 factor authentication, encryption of all data in transit and at rest, role management controls within siloed zones in the platform and other best practices.
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
The Health Place data team will export a purchaser's data for them and make this available as a CSV export using our standard format.
Health Place never shares personal data without the explicit permission of the user's who own this data. - Data export formats
- CSV
- Data import formats
-
- CSV
- ODF
- Other
Data-in-transit protection
- Data protection between buyer and supplier networks
- Other
- Other protection between networks
-
We normally receive public data only from customers.
In some cases we will work with a customer - on site or through remote access - to help them set up a cohort that will then be messaged through their own system with a link to Health Place. For the NHS we do this as non salaried employees with a full DPIA in place.
In some cases personal data is encrypted and then uploaded to Health Place on a one off basis.
Integrations are in train with TPP SystmOne, EMIS and Health Information Exchange - Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- We guarantee performance and availability standards of 99.5% including all major upgrades as well as disaster recovery.
- Approach to resilience
- Health Place is hosted through a full managed service from AWS, who on our behalf operate distributed servers for maximum resilience (e.g. fires at a data centre) and best practices in disaster recovery. Copies of all data are made daily, alongside automated back-ups of live data.
- Outage reporting
- Major outages and maintenance events are reported on the website's status page alongside email alerts.
Identity and authentication
- User authentication needed
- No
- Access restrictions in management interfaces and support channels
-
We operate strict role based access to the platform, supported by two factor authentication and O Auth-2.
For members of the public wishing to use our advanced support assistant features, or provider organisations wishing to edit their support listings, they must create an account that uses the same security protections. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
-
The company's CTO is held accountable for data security and privacy, which is a standing item at board meetings.
We hold an internal risk log of security threats, which is updated and reviewed on a continual basis as new risks come to light.
The CTO leads on ensuring that the design and implementation of all software maximises protection against known risks.
We carry out independent reviews of security along with third party penetration testing and update our risk log and risk mitigations accordingly. - Information security policies and processes
-
Our CTO leads on data security and privacy and reports to the CEO and board on these issues on a regular basis.
The CTO manages the development team who are in turn tasked with adhering to requirements and technical solutions for data security and privacy specified by the CTO.
The results of independent reviews and penetration tests are reported directly to the board and the CTO is then tasked with implementing any necessary mediations, covering both capacity for monitoring potential security hazards and applying best practices to new software design and delivery.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Implementation of all new features and code is subject to design for maximum data security.
All code released is subject to unit testing prior to release.
The platform is monitored on a continual basis for suspicious activity. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We have a set of advanced capabilities for monitoring use of the system and spotting potential red flag events immediately. Patches can be applied within hours, if not sooner. The CTO is held responsible for keeping abreast of new and common threats to data security and adding these to the corporate risk register and actioning further risk mitigations as appropriate.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- As noted above, the platform monitors use of the platform and flags potential security threats in real time.
- Incident management type
- Supplier-defined controls
- Incident management approach
-
Our pre-defined process for incident management is as follows.
1. Identify and categorise the issue
2. Notification and escalation
3. Investigation and diagnosis
4. Resolution and recovery
5. Incident closure
6. Disclosure of an incident report to trusted parties - depending on severity of issue - via normal support channels i.e. via webchat or email.
Users can raise issues through our normal support channels where they will be ticketed and taken through our standard process as above.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
Health Place promotes access to the nearest and best support available to users. It thus helps to reduce the carbon foot print as well as improve the economic vitality and environmental sustainability of places. - Covid-19 recovery
-
Covid-19 recovery
Covid-19 has resulted in an enormous backlog of patients waiting for support and a further increase in the number of adults with one or more long term condition. Health Place provides essential support for these cohorts and in the process helps to mitigate pressures on the NHS and other local public services. - Tackling economic inequality
-
Tackling economic inequality
Health Place includes many resources that help less advantaged users to find support and new economic opportunities. This includes access to employment support and jobs as well as access to financial advice and services, legal advice, housing and welfare support. - Equal opportunity
-
Equal opportunity
Health Place is widely used as a way of targeting and supporting people who experience greater health inequality for example as a result of lower social class, income, ethnicity, sexual preference, health conditions, forms of disability or discrimination as well as lower access to support for other reasons.. - Wellbeing
-
Wellbeing
Health Place offers uniquely comprehensive support for increasing the health and wellbeing of users. This extends to the employees of companies as well as patients of the NHS. Health Place allows users to access support that is safe and appropriate for them and it allows users to track their wellbeing and progress and receive ongoing support.
Pricing
- Price
- £0.06 to £0.10 a unit a year
- Discount for educational organisations
- No
- Free trial available
- No