PINPOINT DATA SCIENCE LIMITED

The PinPoint Test for NHS Cancer Referrals

The PinPoint Test provides physicians with clinical decision support for patients demonstrating symptoms that may be cancer.

Features

• HL7 Interface
• Integration with most major LIMS infrastructure.

Benefits

• Rapid, affordable cancer triage tool.
• Effective clinical decision support system.
• Service integrates with existing pathology systems.
• Cost saving.
• Enhancements in diagnostic capacity.
• Significantly reduces the number of spill-over appointments.

£23 to £36 a unit

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nigel.sansom@pinpointdatascience.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

593470338141532

Contact

Nigel Sansom
07968367888
nigel.sansom@pinpointdatascience.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • The buyer's laboratory must be connected to the NPEx service.
  • Laboratory must be able to perform the required input analyses.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 Hours
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: We offer a single level of support provided over email with follow-ups available via telephone or online video conference if required. ; Support is included in the cost of the service. ; We have a small dedicated team who are all skilled in providing support as required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: User documentation and in-person training (either face-to-face or online) are available.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Microsoft Word document
• End-of-contract data extraction: No user data is stored in the system, so no data extraction is required.
• End-of-contract process: All end of contract activities are included in the price of the contract.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The API is accessed through the NPEx service using HL7. It allows a laboratory's LIMS to automatically send requests to and receive results from our service.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: The service is stateless and can be scaled to additional servers using off-the-shelf load balancing software transparently to the end user.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: The system is stateless. No user data is stored in the system so no data extraction is required.
• Data export formats: Other
• Other data export formats: No user data is stored. No data extraction is required.
• Data import formats: Other
• Other data import formats: HL7

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We have developed an SLA stating that all results are returned within 24-48 hours of a complete and valid request being received by the PinPoint service.
• Approach to resilience: This is available upon request.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: No management interfaces accessible to end users exist. Support is by email, with access verified based on the sending email account.
• Access restriction testing frequency: Never
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: Management access is only available locally by modifying configuration files. Files are only accessible to members of the PinPoint team and are not accessible externally.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 20/10/2021
• What the ISO/IEC 27001 doesn’t cover: The certification number IS547581 is for compliant operation of an Information Management Security System in accordance with the Statement of Applicability Version 11.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: We have a documented and controlled information security policy covering: document classification, encryption of files, full-disk encryption, password best practices, endpoint security, network security, communication security, backups, and the use of administrator access. Because we are a small team, information security queries are reported directly to the CTO.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and change management is managed through the Greenlight Guru change control and document management service, and through Git and GitLab for source control management. Components of the service are tracked as part of the change control process, with deployed components documented in Greenlight Guru. All changes are reviewed before being put into effect, and where appropriate a risk assessment is undertaken to assess the impact of the change on patient safety and security impacts, using an Failure Mode Effects Analysis (FMEA) framework.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our QMS includes a process for a fortnightly defect and update review to be undertaken, which identifies all new defects and vulnerabilities reported in the software used in our services as well as for software used internally. These are reviewed by the entire development team at a fortnightly meeting, at which time their impact is assessed and a response plan (including how quickly a patch is required) is agreed upon. The sources for this review are the published defect lists and changelogs for each piece of software.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: No data is stored in the service, and the service is not accessible on public networks, so no protective monitoring is undertaken.
• Incident management type: Supplier-defined controls
• Incident management approach: Our QMS contains pre-defined processes for responding to security incidents. Users may report incidents by emailing our support email. As part of our response plan affected parties are identified and notified directly. Relevant bodies such as the ICO or NHS Digital are also notified as part of the response plan.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The prioritisation and triage will create efficiency gains for NHS diagnostic imaging facilities. The rule out use case will potentially significantly reduce the number of diagnostic imaging procedures, helping reduce associated emissions. Fewer hospital visits by patients means fewer car, bus, and or train journeys being made.

  Covid-19 recovery

  The prioritisation and triage use case will help tackle the lingering diagnostic bottleneck following the global pandemic.

  Tackling economic inequality

  Because many patients with symptoms that may be cancer have limited time and resources to attend secondary care clinics, due to (for example) zero hours contracts, they frequently do not attend. This is particularly true for patients referred for suspected cancer because doctors 'reassuringly' tell them the chances of having cancer are very low. This rate of 'Did Not Attends' is highest in the deprived communities and associated with poorer outcomes and cancer stage shift. It is suggested that use of the PinPoint Test, to all intents and purposes just 'a regular blood test', will provide referring physicians with additional information useful for persuading most at risk patients to attend their appointment.

  Equal opportunity

  The PinPoint Test is an affordable option for the health service and can be provided for all symptomatic patients.

  Wellbeing

  The PinPoint Test is positioned as a clinical decision support system which used correctly may increase the proportion of cancer detected early, at Stages I & II.

Pricing

• Price: £23 to £36 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nigel.sansom@pinpointdatascience.com. Tell them what format you need. It will help if you say what assistive technology you use.