EIDO HEALTHCARE LIMITED

EIDO Inform Digital Consent Suite

The EIDO Inform Consent Suite (ICS) supports digital consent processes for healthcare organisations.

It uses the trusted content from the EIDO Inform Procedure Library, or a hospital's own information, to support shared decision making.

The ICS is a modular system, split into two categories: Patient Education and Patient Consent.

Features

• Digital consent obtained in hospital or at home.
• Pre-populated with trusted content approved by colleges and associations.
• Digitisation of hospital's own content.
• Multi-device access via any modern browser.
• Bilingual, multi-language and learning disability modules.
• Patient engagement reporting to aid shared decision making.
• Intergrates with EPR, PAS and POA systems.
• Consent forms 1-4, plus custom forms available
• Fully managed and cloud-hosted, or onsite installation options
• Inform library available as PDF or digital articles

Benefits

• Supports virtual consultations with remote patient access.
• Standardises procedure-specific consent information to meet Trust policies
• Improves patient understanding through use of animation and video
• Reduce medico-legal risk by prepopulating consent forms
• Reduce medico-legal risk by providing patient engagement reports
• Version controlled date-stamped archives of EIDO content included
• Support all levels of digital readiness, print digital and hybrid
• Reduce delays due to lost forms

£7,500 a licence

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@eidohealthcare.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

619380355073902

Contact

Sam Hawkes
0115 878 1000
info@eidohealthcare.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: A knowledge base and help articles are provided, but direct patient support is provided by the Trust. Planned maintenance schedule notified in advance.
• System requirements: A modern web browser is required.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Immediate acknowledgment of tickets raised.; Core support hours are Mon-Fri 9-5. Enhanced 24-7 support available at extra cost.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard Support - Mon to Fri, 9am to 5pm. Tickets submitted by email or website.; Enhanced Support - 24/7, Tickets submitted by email, website or phone.; For all levels of support, knowledgebase available for training and solutions to common issues.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A project manager will be allocated to produce an implementation plan with the Trust to ensure all key staff are identified and supported. Trust helpdesk staff will be supported with instruction videos and resources and will have onsite training. End user staff will use a video-supported knowledge base, access online demos and group training. A dedicated account manager will be deliver targeted training sessions to help launch the service.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: EIDO are a sub-processor of patient data. EIDO are sent a copy of patient data, but the EPR is considered data master. The data processor specifies a duration to retain data for - the default is 180 days. After this time, patient data is purged/redacted. ; ; The output of this service is a PDF consent form document. When it is generated, this document is sent to hospital systems for storage against the patient record. Therefore at the end of the contract, no additional data should need to be extracted as the hospital should have all documents for storage. ; ; A subject access request can be actioned, to download the data held against a patient record.
• End-of-contract process: A date will be agreed with the Trust as Data Controller to end the data processing agreement. On this date, all identifable data held by EIDO is purged and the account deactivated. No staff member will be able to login. ; Prior to this date EIDO will work with the Trust to ensure all data has been extracted in CSV and PDF format. Direct database extraction can be supported subject to potential cost which will be agreed in advance.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The full functionality of the service is available via mobile device. The interface has been optimised for mobile, including (but not limited to) buttons and text increased scale.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Staff end-users access the service via the 'Consent Dashboard'. From here they can trigger the sending of procedure education articles to patients, print off hard copies for patients with additional needs, trigger the consent form process for remote completion or capture full digital consent. Admin users can edit patient records, access audit logs and reports and manage the API interface with third-party or hospital systems.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: An internal testing programme ensures each aspect of WCAG 2.1 is met
• API: Yes
• What users can and can't do using the API: The API and webhook functionality allows integration with 3rd parties through a number of methods. It supports HL7, FHIR and Restful JSON. ; With the API you can: ; 1. send patient demographics to EIDO ; 2. send an education article to a patient; 3. fetch a completed PDF consent form; 4. receive a PDF consent form via webhook; 5. receive event notifications via webhook. ; ; Deeper integrations are available with some EPR vendors, which can be activated to streamline the integration phase. Documentation and postman collections are available on request.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The service is designed to be highly configurable and customisable. ; It is provided as a managed service and customisation is completed during the implementation phase. ; ; The following are examples of customisations:; - All patient communications; - Patient welcome and introduction screens; - Core patient data labels match local terms - such as "patient number" or "hospital number" or "K number"; - Meta data labels; - Bespoke procedures specific to the customer; - Consent process core wording - all screens can be customised to match customer tone of voice; - PDF consent form - most elements of the form can be amended as required

Scaling

• Independence of resources: The service is hosted on an advanced UK-based AWS cloud with active monitoring and load balanced configuration. The infrastructure will auto-scale when load thresholds are exceeded.

Analytics

• Service usage metrics: Yes
• Metrics types: Procedure-specific articles sent, home consent episodes, hospital consent episodes, number of patients active in the service. These metrics can be view by specialty, procedure and date.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: CSV and PDF file.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF/A
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • PDF/A
  • HL7

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We guarantee 99.9% uptime outside of defined and agreed maintenance windows. Performance penalties are negotiated with each customer when the contract and service level agreement is finalised.
• Approach to resilience: The solution is configured in a High Availability configuration, using load balanced pods to manage users at scale. The solution is hosted on AWS and spread across three availability zones, meaning two zones can fail and the system is still available.
• Outage reporting: We provide a system status web page, which provides updates on changes in system status. Relevant users can subscribe to notification from this service in order to be proactively informed of outages and resolutions.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: In this scenario, the user is the member of hospital staff who need to access the service. The user must either authenticate using a username and password, then a 2FA challenge. Or access via Single Sign On from a federated client directory.
• Access restrictions in management interfaces and support channels: The service uses role based permissions within the customer dashboard. Certain functionality is restricted to Admin roles only. Staff authorised by the Trust are provided with direct support access to our ticketing system.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: There is no specific management interface for the customer to use - role based access through the one dashboard will show admin options for those users with an admin role. ; Superuser access for EIDO to administrate the platform is through a separate dashboard, with enforced 2FA managed access controls.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The AWS certification verified by EY CertifyPoint
• ISO/IEC 27001 accreditation date: 22/03/2022
• What the ISO/IEC 27001 doesn’t cover: EIDO internal processes and policies are currently being brought into compliance with ISO27001 and certification should be achieved by the end of 2024.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Data Security
  • Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: The AWS cloud infrastructure is ISO 27001 certfied. EIDO/the service has DSP Toolkit, DTAC, ISO 31000 and Cyber Essentials Plus certification.
• Information security policies and processes: Information Security is controlled by internal policies and procedures owned by board level staff. EIDO's information security group meet monthly to review performance against policy and any non-conformance is reported and remedied.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All assets are written out using Terraform and this is kept in a code repository. These files contain all configuration directives and full change control is applied.; ; All new code is peer reviewed before merged into the code base. The cloud infrastructure is also written in code using Terraform which is also peer reviewed before deployment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: When Server/OS/Database updates and patches are released, these are automated by the infrastructure for minor point updates and are automatically installed overnight. ; Major updates and patches are merged into the product deployment pipeline.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Automated monitoring is performed by intrusion detection software. Alerts are sent if there is a potential compromise and it is investigated immediately.
• Incident management type: Supplier-defined controls
• Incident management approach: Users report incidents through our support desk. Incidents are investigated by the appropriate person. Incidents related to data are reported to our DPO in case actions are required in that regard. Customers are notified of incidents that might affect them through our system status page and alert service. All incidents are documented and the reports are available on request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We have an environmental management policy in place, readily accessible to all via our intranet. We recognise our activities influence the local, regional, and global environment. We are therefore committed to continuous improvements in environmental performance and the prevention of pollution. We aim to achieve our Net Zero Targets by 2045 via our Carbon Reduction Plan; ; We exploit technologies which are environmentally friendly as much as possible we supply information in electronic format and make use of web-based delivery systems. In administrative activities, we limit as far as possible the use of paper. Employees are encouraged to be paper free and sign electronically where appropriate. All employees are fully remote and work from home, from when they join the organisation.; ; If our employees opt-in to the company car scheme, we will always encourage them to opt for either a full-electric EV or Hybrid company vehicle. EIDO will make a contribution to the EV charger installation costs, reimburse the cost of car insurance, for opted-in and opted-out employees, up to a maximum of £900pa. Financial support is available to employees choosing to opt-out of the company car scheme, by providing an opted-out monthly car allowance as required by their role. We have increased our full-electric fleet by adding a fourth full-electric vehicle.; ; The Directors have responsibility for policy development, coordination, and evaluation of performance.; ; We strive to: ; -comply with the requirements of environmental legislation and approved codes of practice. ; -assess the environmental impact of historic, current, and future operations. ; -promote recycling and the use of recycled materials, while reducing consumption of all raw materials, energy, and supplies. ; -raise awareness, encourage participation, and train employees in environmental matters. ; -expect similar environmental standards from suppliers and contractors.; -assist customers and the local community to use products and services in an environmentally sensitive way

  Covid-19 recovery

  In response to the COVID-19 pandemic, we have implemented a comprehensive strategy to aid recovery and ensure the safety of our employees. We have provided support through the continuation of remote working, the increased use of Microsoft Teams for internal and external meetings. Through the implementation of Covid-19 safe working methods when we had access to our temporary office during the Covid-19 Pandemic. We currently don’t have a temporary office, all staff work fully remote. Through delivering trusted patient consent information digitally. This decision not only prioritises the health and safety of our staff but also contributes to the broader societal effort to curb the spread of the virus.; ; All employees are fully remote, working from home from day one when they join the organisation. All employees who undertake business travel as part of their role, have the option to opt-in to the company car scheme we actively promote this scheme and all staff who do opt-in are encouraged to choose either a full-electric or hybrid company vehicle. During the pandemic, there was an increase in the use of Microsoft Teams by team members across the organisation. Company car travel was reduced during the pandemic, resulting in annual anld contracted mileage allowances being reduced. This resulted in significant cost savings.; ; We have a company sick policy that supports all employees to recover from periods of sickness. All employees including full-time and part-time staff have access to company sick pay. Our company sick and compassionate leave policies support the physical and mental health of our employees.; ; Employees are encouraged to actively keep in contact and speak to their line managers during their period of sick leave about how recovery is progressing, and if there are any appropriate adjustments to workday start/end hours and/or working days that need to be made.

  Tackling economic inequality

  EIDO is committed to tackling economic inequality, we aim to do this through fair pay practices, employee development, diversity and inclusion initiatives, and impactful community outreach. We believe in creating opportunities for all, driving change from within, and contributing to a fairer society.; ; We are committed to being an equal opportunities employer and promoting equal opportunities in employment. We have an Equal Opportunities Policy in place included in our staff handbook.; ; The policy sets out our approach to equal opportunities and the avoidance of discrimination at work. It applies to all aspects of employment with us including recruitment. This commitment extends beyond the company, with a pledge to only do business with partners who share the same values.; ; We invest in employee development and upskilling by providing training and educational opportunities. During their employment, staff will be required to complete various in-house training courses which the company will provide. Employees will be notified of any training course they are required to complete which will be paid by the company.; ; Employees are encouraged to speak to their line manager about training opportunities and their relevant training requirements, and the course they are interested in taking. The training will be paid by the company.; ; We invest in local communities by choosing local suppliers where applicable. This helps to create opportunities and stimulate local economic growth. We will always strive to choose suppliers that hold the same values as EIDO.; ; We have an Employer-Supported Volunteering Policy. Employees can take paid time off work to volunteer. One of the ways in which we encourage staff to help tackle economic inequality is to upskill others by volunteering to deliver workshops, mentoring or schools career talks.; ; We understand the significant role we play in tackling economic inequality and will continue to our initiatives to do so.

  Equal opportunity

  We are committed to being an Equal Opportunities employer and we have an Equal Opportunities Policy in place. We are in the process of exploring various avenues that will allow us to commit to becoming a ‘Disability Confident’ employer. This commitment is not just a label, but a reflection of our dedication to creating an inclusive and accessible environment for all.; ; We have identified five key actions that we will need to undertake to achieve this goal. Firstly, we will ensure our recruitment process is inclusive and accessible, providing equal opportunities for all applicants. Secondly, we will actively communicate and promote job vacancies to reach a diverse pool of potential candidates. Thirdly, we will offer interviews to applicants with disabilities, ensuring they are given fair consideration. Fourthly, we will anticipate and provide reasonable adjustments as required, ensuring our workplace is accommodating to all. Lastly, we will support any existing employee who acquires a disability or long-term health condition, helping them to continue their work.; ; During their appointment, employees are required to complete various in-house training which the company will provide. Employees are notified of any training they are required to complete, paid for by the company. Employees are encouraged to speak to their line manager to discuss any training course that they are interested in taking relevant to their roles.; ; We are a Living Wage Foundation accredited employer. Our commitment to this accreditation extends to all employees, contractors, staff and workers in the organisation.; ; Our company is committed to eradicating Modern Slavery. We recognise the importance of maintaining ethical business practices and we perform due diligence on our new suppliers and are dedicated to ensuring our operations are free from any form of exploitation. We believe in transparency, fairness, and respect for all individuals involved in our business operations.

  Wellbeing

  EIDO Healthcare takes a proactive approach to the wellbeing of its employees, through the active encouragement of taking appropriate breaks from their workspace as required and as their schedules allow.; ; We provide all employees access to an Employee Assistance Program (EAP) provided through our Life Assurance (DIS) employee benefit. Through this programme, employees can access services such as wellbeing, financial and mental and physical wellbeing topics. Confidential help and support can be accessed by them via a 24/7 support phone line. Wellbeing resources are also available via an online portal, which employees’ access by downloading the related health and wellbeing app.; ; EIDO has been involved in multiple events and initiatives to show our support to wellbeing. One initiative we have been involved in was the participation in a step challenge to raise money for two charities. Employees took part raising a sum of money for two good causes. In late 2023/early 2024 we sponsored one of our own team members in her bid to row across the Atlantic Ocean as part of the ‘World’s Toughest Row’, raising funds for Macmillan and Prostate Cymru. We encourage our staff members to take volunteering days throughout the year which our staff use to volunteer or raise funds for charities such as Air Ambulance.; ; During the COVID-19 pandemic employees were encouraged to catch up with fellow team members via virtual coffee breaks. Employees were also encouraged to participate in whole team virtual quizzes that were regularly held, ensuring team members were communicated with socially to limit the effect on their wellbeing. A WhatsApp group was setup for team members to share social non-work-related content including hobbies, interests and topical news items.; ; Our Chief Executive Officer actively engages with and collaborates on the delivery of relevant projects with business communities at a national level.

Pricing

• Price: £7,500 a licence
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Includes the core system with full EIDO Inform library integration, custom procedure module, core UK consent form templates, integration using EIDO's industry standard API (FHIR, JSON), SSO option and support helpdesk account for Trust's pilot team. Recommended trial period 3-6 months depending on size and scope of Trust pilot.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@eidohealthcare.com. Tell them what format you need. It will help if you say what assistive technology you use.