HEARTFELT TECHNOLOGIES LTD

Remote Patient Monitoring for Heart Failure

Passive leg oedema monitoring for non-adherent patients. Data is transmitted from a device in the patients home to the cloud for processing which flags significant changes in foot volume. These changes then provide an alert for either Heartfelt or medical professionals to act.

Features

• Remote Monitoring
• Optical Sensor
• Medical Alerts
• AI Model
• Passive Monitoring
• Data Processing

Benefits

• Quick Alerts
• Reduce Travel
• Prioritise Intervention
• Reduce Emergency Hospitalisation
• Early Warning
• Manage More Patients

£750 to £10,000 a user a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at joe@hftech.org. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

596944038322899

Contact

Joe Nelson
07713488384
joe@hftech.org

Service scope

• Service constraints: Bespoke hardware must be installed at patient site for service to operate.
• System requirements: Internet connection

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Service emails will be answered within 2 working days
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Level 1 - Bronze - Device, AI monitoring, basic alerts; ; Level 2 - Silver - Device, AI Monitoring, basic alerts, SME remote support; ; Level 3 - Gold - Device, AI Monitoring, basic alerts SME remote support and custom dashboard system integration
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite installation and training provided plus user documentation.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: No personal or confidential data is stored on the hardware or in the AI model
• End-of-contract process: Hardware is uninstalled and returned to HeartFelt. Hardware is reset by HeartFelt with new unique IDs. No personal or confidential data is retained.

Using the service

• Web browser interface: No
• API: Yes
• What users can and can't do using the API: Users can access monitoring data through the API to integrate into their systems if required.; Set up would be dependent on service package bought.
• API automation tools: Other
• API documentation: Yes
• API documentation formats: PDF
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: The system is scaled for a single HeartFelt specialist to support up to 100 users. Hardware and software is updated based on service demand and can be scaled quicker than the bespoke devices can be manufactured. The AI model is capable of supporting significantly higher numbers than the 100 to 1 model.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Minimum of 16 days per rolling 30 day period of data collection. Pro-rata refund of fee if data is not collected for the minimum period. Subject to device configuration and power uninterrupted by patient and patient on site for full 30 day period.
• Approach to resilience: Available on request
• Outage reporting: Service level dependant, methods include email, telephone, audio from bespoke device or dashboard alert.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
• Access restrictions in management interfaces and support channels: 2FA including with hardware security FIDO2 device tokens
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
• Devices users manage the service through:
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: CVE monitoring and response. CTO remains responsible for information security at it's highest level.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Design changes in accordance with ISO13485, logged on an accredited QMS
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Use of vulnerability checking tools in accordance with IEC 62304, before any release known anomalies are checked and periodically thereafter
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Quarterly internal security reviews. In the event of compromise, relevant stakeholders notified including suppliers/customers within 72 hours where possible.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: NCR system under ISO 13485

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Datacentres hosted by AWS & Scaleway

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Heartfelt Technologies service exists to help patients, their families, carers and doctors, to reduce hospital readmission rates from heart failure decompensation.; ; Its is estimated that it will save the NHS a minimum of £15,000 per year per patient with the average heart failure patient requiring 3 emergency hospital admissions a year.

Pricing

• Price: £750 to £10,000 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at joe@hftech.org. Tell them what format you need. It will help if you say what assistive technology you use.