Abtrace Ltd

Abtrace CDSS Proactive Monitoring

Abtrace CDSS Proactive Monitoring is intended for clinical use in primary care. The software analyses clinical data within the Electronic Health Record to support clinical and administrative staff in identifying and undertaking clinical activity required for the ongoing management of patients. It reads and writes into the Patient's record.

Features

• Real-time Intelligence: Continuous clinical background assessment of population
• Encoding of up-to-date national clinical safety guidelines
• Real-time Recall Dashboards: see unified monitoring status of every patient
• Automated Recall Process: patients are automatically identified and messaged
• Self-booking links: Empower patients to book directly into appointments
• Clinically validated: UKCA/CE mark Software as Medical Device
• Integrated with main UK electronic health record (EHR) providers
• Full read and write functionality
• Adapted to clinical workflows
• One-Click SNOMED code correction

Benefits

• Efficiently drives gold standard monitoring of medications and conditions
• Reduces need for HCA (Health Care Assistant) appointments
• Supports becoming CQC-ready with a safe monitoring system
• Automates local and national KPI achievements
• Reduces workload through intelligent automation
• Avoids duplication of tests and appointments

£2,000 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at team@abtrace.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

590941630284870

Contact

Umar Ahmad
+44 208 1 06 05 04
team@abtrace.co

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Our software communicates with the Electronic Health Record (EHR) software established at the client's site (the primary care institution). We currently integrate with both EMIS and TPP, covering 96% of UK population.
• Cloud deployment model: Public cloud
• Service constraints: No current known constraints. An extensive set of documentation and instructions can be found on the support portal.
• System requirements:
  • Computer running Windows 10 or above, with internet connection
  • An Electronic Health Record system for integration (EMIS or TPP)
  • Computers to be on the HSCN

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Less than 24 hours during week days.; The next working day during the weekend.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Users can access a Support section within the products' interface. This section redirects the user to our support portal, where different channels are available, to better suit the user's need. A live chat with one of our staff is possible 24/7. The chat icon is presented at the bottom right of each page of our website, with an informative pop-up. User can send attachments during the live chat.
• Web chat accessibility testing: N/A
• Onsite support: No
• Support levels: Onboarding: There is a 1:1 onboarding, which typically takes approximately 2x 1h sessions. Staff involved may include either the practice manager, the practice project lead or the admin person. There are no costs associated to onboarding. Onboarding process is detailed in our support portal.; ; Product and Online Support Portal: There is a Support and Feedback section within the Product's interface. There are no costs associated with online support. ; ; Web chat and Other Contacts: There is a 24/7 web chat, phone contact and general email available at our main website: https://www.abtrace.co/contact/; ; We provide a technical account manager for each client.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There is a 1:1 onboarding, which typically takes approximately 2x 1h sessions. Staff involved may include either the practice manager, the practice project lead or the admin person. There are no costs associated to onboarding.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: According to Data Processing Agreement.
• End-of-contract process: Off-boarding process requires removal of user access > deletion of data > inactivation of data transfer pipeline and backend activities. There are no off-boarding costs.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The service interface displays 2 main pages:; Patient View shows a summary of actions (ex. blood tests, measurements) that a selected patient needs. These are colour coded according to due date. Clicking to expand action displays related information. Ticking the action box, or writing in measurements will input this information into the health record.; Population View lists all patients of the GP practice who have requirements according to the monitoring guidelines. This can be sorted or filtered and exported to CSV. By clicking a patient within the table, opens the Patient View.; A Settings and Support section is also available.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We are working towards conducting interface testing with users of assistive technology.
• API: No
• Customisation available: Yes
• Description of customisation: Additional clinical rulesets can be added by the Abtrace team on request.

Scaling

• Independence of resources: The resources required are segmented per client and the architecture is set to be scalable, should it be required. The extensive use of the tool does not interfere with the usability by other users

Analytics

• Service usage metrics: Yes
• Metrics types: The application software collects live data through logs and analytics. This measures number of users accessing the application, number of users registered and number/type of queries run.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users have the option to export results of specific searches straight from the software (population view) in the form of CSV.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: Data upload is automated via integration with Electronic Health Record.

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 90% SLA
• Approach to resilience: Available on request.
• Outage reporting: There is a public dashboard:; https://abtrace.pagefate.com/

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: Management Interfaces for the client are controlled at the GP practice level. Each GP practice has defined admin users who control the users' accesses. Further details can be found at our support portal.; ; Support channels are open to users and management at our support portal.; ; Backend access is restricted to specific Abtrace members and is closely controlled.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register Quality Assurance Limited
• ISO/IEC 27001 accreditation date: 07/08/2022
• What the ISO/IEC 27001 doesn’t cover: The scope of the approval is applicable to:; Information Security as applied to Abtrace and the management and delivery of our software solutions and supporting infrastructure, in line with the Statement of Applicability v1.n
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: NHS Data Security & Protection (DS&P) Toolkit, 28/06/2023

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: In compliance with ISO 27001:2013, Abtrace has an Information Security Policy in place, which outlines the processes and policies that are required to ensure that Abtrace is adherent to the Information Governance laws within the UK. Incidents are reported to Abtrace's SIRO through the Incident Management procedure, which includes Risk Management. As result of following the procedures, and when deemed required, Abtrace has a duty to report to the appropriate authorities as well as commissioning organisations within the defined timeframes.; ; Abtrace ensures policies are followed through periodic internal audits and annual external audit by certified authority.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Abtrace operates in compliance with ISO 13485:2016 - Medical devices - QMS, while following ISO 14971:2012 - Medical Devices - Application of risk management and IEC 62304:2006 Amd 1:2015 – Medical device software – Software lifecycle processes.; ; We follow procedures for Control of Design Changes, as part of which Risk Assessment activities are conducted for both clinical safety and information security. Changes are logged and recorded in the software's Device Master Record.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: As part of our ISO 27001:2013 ISMS, we assess potential threats to our services by following our Risk Management Process, and conducting supporting activities such as internal audits, and external pentests to ensure a robust security model.; We deploy patches to our services within 24h of being informed (in most cases, depending on the severity of the vulnerability discovered) and get information about potential threats from NHS digital (frequent notifications) and by following industry-leading blogs and forums where such vulnerabilities are discussed.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: In compliance with ISO 27001:2013 we have controls in place for protective monitoring which generate. Response to potential compromise follows our Incident Management procedure alongside our Risk Management process. Corrective and Preventive actions are implemented according to incident severity. Responsibilities are clearly assigned for timely response to incidents.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Abtrace has an Incident Management procedure in place, which provides for a system and instructions, and to assign responsibilities for identifying, triaging, assessing, managing and resolving Incidents within Abtrace.; ; Users can report a potential incident directly at the software application, through the Support section. ; ; Serious Incidents (severity 1 and 2) will be reported to the National Competent Authority via email, within the time scales, as compliant with MED DEV 2.12-1 rev 8. Major Information Security Incidents will be reported to the ICO within 72h through the dedicated online portal.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Abtrace is committed to deploying its products responsibly and appropriately, and has mapped how the installation and use of the Abtrace CDSS Proactive Monitoring product results in green outcomes for the client and public service. Product installation is done via use of Cloud services and no additional IT equipment is required. We ensure interoperability/ integration with established EHR, avoiding bespoke interfaces. Product use leads operational efficiency which directly or indirectly contribute to environmental protection, by e.g., reduction in patient travel due to reduction in avoidable visits to the practice; reduced admin work and post handling.

  Covid-19 recovery

  Covid-induced backlog of appointments, increased demand of patients during the pandemic, running of the vaccination campaign and shortage of staff due to illness or absence, are some of the factors contributing to significant workload increase in general practices, generating additional pressure over already overstretched clinical staff. Following a pilot project involving several GP practices and 15,000 patients, Abtrace led to a 30 per cent reduction in the number of HCA appointments needed and halved the number of repeat prescriptions that required a GP appointment to process it. By reducing workload, Abtrace CDSS Proactive Monitoring can therefore play an important role in supporting both physical and mental health in the practice workforce. By providing a more effective and better-quality care, support physical and mental care of patients affected directly or indirectly by COVID-19.

  Tackling economic inequality

  Abtrace CDSS Proactive Monitoring software is intended to be used by any primary care staff who have access to patient records and provide or enable clinical activity required for ongoing patient care for use within a GP surgery. The training provided and ongoing use of the software contribute to up-skilling staff in the use and understanding of digital technologies, which overall aligns with the Digital Transformation goals of the NHS Long Term Plan. The intelligence and automation provided by the system supports operational efficiency for clinical and administrative tasks, releasing more time to spend with patients.

  Equal opportunity

  Abtrace is an Equal Opportunity Employer. We do not tolerate discrimination or harassment in any part of Abtrace’s operations. We are fully committed to continuously promote equal opportunities in employment and to support in-work progression, helping our staff move into higher paid work by developing new skills and competencies, and assigning new responsibilities.

  Wellbeing

  Growing backlog of appointments, increased demand of patients during the pandemic, running of the vaccination campaign and shortage of staff due to illness or absence, are some of the factors contributing to significant workload increase in general practices, generating additional pressure over already overstretched clinical staff. Following a pilot project involving several GP practices and 15,000 patients, Abtrace led to a 30 per cent reduction in the number of HCA appointments needed and halved the number of repeat prescriptions that required a GP appointment to process it. By reducing workload, Abtrace CDSS Proactive Monitoring can therefore play an important role in supporting both physical and mental health in the practice workforce.

Pricing

• Price: £2,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at team@abtrace.co. Tell them what format you need. It will help if you say what assistive technology you use.