Avegen Ltd

Customisable Digital Solution For Outpatient Clinic Management

Streamline clinical workflows, improve operational efficiency and reduce costs of outpatient management. Our customisable solution enables end-to-end digitisation of a care pathway. Our solution does remote patient monitoring, appointment management, EHR & LIMS access, PROMs and communications. We have solutions in cardiac rehab, HIV, maternal health, mental health, oncology

Features

• Configurable Pathway & Care Protocol management with real-time analytics
• Integrated workflow management & capacity planning tools
• Personalisation of care plans & digital PROMs
• Appointment/session booking, cancellation, management
• Remote patient management, monitoring & consultation
• Patient education resources, notifications, alerts & motivational tips
• Tracking of vitals, symptoms & quality of life measures
• Wearable & Point of Care Device integration
• Risk stratification, clinical alerts & clinical trial data collection

Benefits

• Reduce service costs by increasing efficiency & reducing readmissions
• Automate admin, increase capacity & reduce unwanted variation in care
• Tailor care plans and improve adherence to evidence-based pathways
• Improve patient mental health, quality of life & care satisfaction
• Accurate data collection with wearable & device integration
• Increase capacity by enabling remote monitoring and consultations
• Deliver in-time action with greater risk stratification of patients
• Reduce waiting times, wait lists and loss-to-follow-up
• Improve self-management by the patient, engagement & activation

£50 to £100 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nayan@avegenhealth.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

593136159685652

Contact

Nayan Kalnad
07837810251
nayan@avegenhealth.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Requires internet access and modern, up-to-date browser.
• System requirements:
  • Internet connection
  • Modern, up-to-date browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: For critical and major issues: ; UK business hours: 1 hour. ; Out of hours: 3 hours. ; Weekends: specific to each customer/contract. ; ; Custom SLAs can be agreed with each buyer, to fit the needs of the service/team.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: License/subscription fee includes email-based support during UK business hours. In extraordinary circumstances, same-day, emergency onsite support is available. ; ; Additional support is available at extra cost, using the SFIA framework pricing. ; ; Each customer is assigned a customer services specialist.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All implementations start with a requirement gathering session to establish the customer's specific pathway and data needs. Then, our development team configure the customer's account with their specific data fields, forms, alerts, reports, and users/permissions. ; ; Users are provided UAT/test system logins before go-live. Onsite training is also provided for participating clinicians and HCPs before go-live. We then provide onsite support on the day of launch plus one follow-up training/Q&A day within 2-3 weeks or as needed. ; ; All clinical users receive a digital training manual. We can also provide top-up online training via video calls. ; ; Embedded training videos/walkthroughs are available to patients as part of their onboarding and always available within the app and accessible online.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: When a contract ends, we agree on a final service date with the customer after which no additional data will be entered or changed in the system. Our team then prepares an extract of all data belonging to that customer's account. The data are extracted in multiple CSV files as needed, encrypted, and shared with the customer in a secure, encrypted manner.; ; Data can also be exported via JSON API and FHIR API.
• End-of-contract process: Once the customer confirms that their data set is complete, we delete the data from our servers (subject to any other data retention requirements). Our standard SLA is to return all data and delete from our servers within one month of contract end date (subject to individual agreement and dependent on the size of the dataset). ; ; Once the contract is over and data return/deletion is complete, we delete the customer's account and all user access. There are no additional costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Clinician interface is optimised for desktop, whereas the patient interface is designed mobile first.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: APIs can be used for system integration, such as updating patient information, appointment details and/ or test results in both directions (both to- and from an EMR or PAS).
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: HealthMachine can be configured to the needs of specific individual pathways. Pathway states, forms, data fields, PDFs, and reports can be configured to specific pathway requirements. System can also be translated into most languages. Logo, landing page, and URL can be white-labelled.; ; Our mobile patient applications allow for better self-management by the patient. This application can also white-labelled, meaning providers can add their own brand name, logo and colours.

Scaling

• Independence of resources: We leverage cloud-based autoscaling capabilities of the AWS platform, such as highly available and scalable Elasticache, RDS, ALB. Additionally, monitoring is in place to alert ops team about unusual loads, so that manual intervention can happen as needed. ; ; We also have in place network layer throttling mechanisms to protect users from malicious unusually high loads (e.g., DDOS attacks).

Analytics

• Service usage metrics: Yes
• Metrics types: HealthMachine is designed to make customers' pathway data accessible and usable. ; ; Clinical/Pathway: patient volumes; patient journey mapping; activity volume; clinical outcomes; time series outcome analysis; PROMs; ; Operational: team capacity/utilisation; efficiency gains/savings; progress towards KPIs. ; ; Usage: audit trail data; user sessions; user activities (calls made, appointments booked).
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: An individual user (clinician or nurse) can export some data into Excel or CSV formats. An organisation (e.g., a clinical department) can request an extraction of patient-level data via support ticket. Authorised access to the REST API can also be provided for customers to export data programmatically.; ; Individual patients cannot access the system; however, we are able to support individual subject access rights requests via support tickets that come from clinical users.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Excel (xlsx)
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON/REST API
  • FHIR API

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: All servers behind the firewall are in a virtual private cloud (VPC).

Availability and resilience

• Guaranteed availability: Standard service level agreement stipulates 99.9% availability. ; ; For any unplanned outage of more than one hour during customer working hours, we will credit the pro-rated value on the next invoice.
• Approach to resilience: We have BCP and DR SOPs in place, which are reviewed annually and drills are practiced quarterly. Periodic secure offsite backup of all data. ; ; More details available on request.
• Outage reporting: All users receive email alerts with outage details, resolution ETAs, and updates until service is back up and running. ; ; There is an API which can be made available to customers upon request.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Support and firefighter access is provided strictly on request. Support personnel do not have an open-ended access. All support access is designed to fully mask any personally identifiable information (PII). Only system-internal IDs are exposed to the support interface for troubleshooting.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV
• ISO/IEC 27001 accreditation date: 28/03/2023
• What the ISO/IEC 27001 doesn’t cover: Marketing & Sales processes.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • NHS Data Security and Protection Toolkit
  • ISO 27001
  • ISO 9001
  • ISO 13485
  • GDPR compliant

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 13485:2016; NHS data protection tool kit; GDPR compliant; Cyber Essentials certified
• Information security policies and processes: We follow processes that align to GxP and ISO 27001 standards. We have clearly defined and documented SOPs and policies for: ; - data protection, ; - breach/incident management, ; - record retention, ; - access control, ; - systems & operational security, ; - recruitment, contracting & supplier policies, ; - cryptography policy, ; - change management controls, ; - data transfer policy. ; ; All employees are trained on information security policies and quizzed. All policies and SOPs are reviewed and updated at least once per year.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We follow a documented change control & configuration management process. Every change is classified and assessed for impact on safety, security, system impact, testability & maintenance, scalability, customer impact, business impact/cost-benefit. Changes must be approved before added to a sprint. ; ; All baseline and customer-specific configurations are documented in the configuration library. ; ; Every change goes through a rigorous QA process, which is fully documented. Changes are only released once all QA criteria are met. QA pass criteria, results, screenshots, and release notes are stored internally. Customers are notified of any customer-visible changes to their configuration via release notes email.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We follow processes that align to ISO 27001. ; ; User access rights: all users are granted permissions only for the systems they require; access is restricted by default and granted if needed. ; ; Security patching: patches are deployed based on criticality, with critical/high deployed as soon as possible once validated. All patches are tracked and logged. ; ; Malware/virus scans: all systems have anti-malware/virus software which is regularly updated and scans on a schedule. ; ; Systems/networks are monitored for unusual activity. Any remediating actions are assessed and carried out as per SOPs.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Compromise prevention: Server access is restricted using security groups, which are reviewed every 90 days. Only necessary ports are opened for IP addresses as per application requirement. Server OS configuration audit is done by third party. ; ; Compromise identification: all access and changes are logged; audit log is reviewed for suspicious activity. ; ; Potential compromises are flagged and escalated immediately for further investigation. If appropriate, suspected user accounts are suspended immediately. Any confirmed compromises are reported to IG and ICO teams as per SOPs. ; ; We aim to respond to incidents within 4 hours of detection.
• Incident management type: Supplier-defined controls
• Incident management approach: We follow an incident management SOP that aligns to the NHS DSPT guidelines and ISO 27001. We have pre-defined SOPs for events such as internal PII exposure, suspected compromised accounts, and disaster recovery. Users report incidents via email or phone, which are then escalated to senior management, DPO, ICO, and client organisation. Incident reports are provided digitally as per agreement with customer.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  Avegen champions equal opportunity by utilising digital health solutions to dismantle barriers to healthcare access and promote inclusivity. Through our platforms, we ensure that everyone, irrespective of their background, location, or socioeconomic status, has equitable access to quality healthcare services and resources.; ; Accessibility: Avegen's digital health solutions are crafted to be accessible to diverse populations, including those with disabilities or limited access to traditional healthcare settings. Our platforms adhere to accessibility standards, such as offering options for text-to-speech functionality and adjustable font sizes, ensuring that all users can navigate and engage with the technology effectively.; ; Language Support: We provide multilingual support within our platforms to cater to users from various linguistic backgrounds. By delivering content and support in multiple languages, we guarantee that language barriers do not impede individuals from accessing vital healthcare information and services.; ; Culturally Relevant Content: Avegen's digital health content is culturally sensitive and pertinent to diverse populations. We acknowledge the significance of tailoring health information and resources to resonate with different cultural norms, beliefs, and practices, thereby fostering greater engagement and comprehension among users from varied cultural backgrounds.; ; Inclusive Design: Our products are developed using principles of inclusive design, prioritising the needs and experiences of diverse user groups. By involving individuals from different backgrounds and abilities in the design and testing phases, we ensure that our platforms are intuitive, user-friendly, and inclusive by design.; ; Partnerships and Outreach: Avegen collaborates with community organisations, advocacy groups, and healthcare providers serving underserved populations to extend our reach and impact. Through targeted outreach efforts and partnerships, we aim to identify and address healthcare disparities, ensuring that our digital health solutions reach those who need them most.; ; In essence, Avegen is committed to advancing health equity and providing equal opportunities for all individuals to access and benefit from digital health innovations.

  Wellbeing

  Avegen's digital health solutions significantly enhance wellbeing by providing personalised care, remote monitoring, health education, behavioural support, and improved access to care. These solutions empower individuals to take control of their health and make informed decisions about their wellbeing.; ; Through personalised care plans tailored to individual needs and health goals, Avegen's platforms enable users to track health metrics, monitor progress, and receive timely support from healthcare providers. Remote monitoring capabilities facilitate proactive management of health conditions, reducing the need for in-person appointments and enhancing convenience for users.; ; Avegen's focus on health education equips users with knowledge about their health conditions and effective management strategies. By promoting health literacy and self-management skills, Avegen empowers individuals to make healthier lifestyle choices and mitigate the risk of chronic diseases.; ; Integrating behavioural science principles, Avegen's solutions support behaviour change and encourage the adoption of healthier habits. Personalised coaching, goal setting, and feedback mechanisms facilitate sustained behaviour change over time, contributing to improved overall wellbeing.; ; Furthermore, Avegen improves access to healthcare services by overcoming barriers such as geographical distance and limited resources. Virtual consultations, remote monitoring, and telehealth solutions ensure that individuals can access quality care conveniently and when needed.; ; In summary, Avegen's digital health solutions play a pivotal role in promoting better wellbeing by empowering individuals to proactively manage their health, access quality care, and make informed decisions about their overall wellbeing.

Pricing

• Price: £50 to £100 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 3-month free trial available on existing solutions. Includes standard-setup system access. Some features may be restricted/unavailable during free trial. No custom reports, custom configurations, or integrations in free trial period.
• Link to free trial: https://www.avegenhealth.com/platform

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nayan@avegenhealth.com. Tell them what format you need. It will help if you say what assistive technology you use.