Freetest.me - Online STI Screening
Freetest.me is a fully integrated self-sampling online sexual health platform focusing on remote screening for sexually transmitted infections. The service includes cloud-based intervention with postal sample collection kits backed up by integrated laboratory services.
Features
- Simple patient pathway and secure cloud-based clinical record system
- Service user registration and postcode geo-location eligibility look up
- Flexible web-based kit and test selection triage with safeguarding
- Customers provide their own in-house clinical support/patient management
- In-house laboratory testing service accredited to ISO 15189
- Secure web-based reporting hub for reporting / live service information
- National datasets (such as CTAD) automatically submitted
- Automated patient notifications for kit completion, results ect (email/SMS)
- Flexible and integrated fully offline kit model for local services/venues
Benefits
- Highly cost-effective cost-per-screen and cost-per-positive
- Intuitive cloud-based clinical record system with training available for clinics
- Automated processes reduce workload for local services and overheads
- Simple triage process allows alignment with local service requirements
- Secure web-based reporting hub for reporting / live service information
- Live service information/reports available via secure cloud-based reporting hub
- In-house laboratory testing service accredited to ISO 15189
- Flexible and integrated fully offline kit model for local services/venues
Pricing
£4.75 to £81.50 a transaction
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
6 3 9 5 6 1 8 8 1 9 5 4 1 0 1
Contact
Preventx Limited
Mark Clune
Telephone: 07812731315
Email: mark.clune@preventx.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- None
- System requirements
- Access to internet connection
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We operate support during business hours (8:00 - 17:00) and working days (Mon - Fri). However, the ability to add support tickets is always available to users. Given the nature of the service we provide we find this currently works for the users. However, we continuously assess this.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
- Because of the nature of the service we provide we have no defined service levels. All users are provided with same level of support.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Preventx has over 16 years of experience at onboarding new users of their services, which has allowed us to develop a tried and tested mobilisation approach. Onboarding requirements of customers are varied; therefore we work with them to understand their requirements and develop a bespoke mobilisation package.
Onboarding of new customers can include the following training:
Remote and/or online training for clinicians who will be using the SH.UK secure cloud based clinical record system to manage patients.
Remote and/or online training for clinicians who will be using the SH.UK secure cloud based clinical record system to access reporting tools.
Remote and/or online training for clinicians who will be using the SH.UK secure cloud based portal to access reporting tools.
Remote and/or online system training for all commissioners requiring aggregate data reporting access through the SH.UK secure cloud based portal.
Top up training / support for all local clinicians managing onward care of positive patients in local services.
All training is supplemented by key FAQ training documentation, allowing staff to have a key reference guide for their development.
Throughout the contract cycle, customers can access the Preventx Head of Service Design, who is available to support, re-train and advise. - Service documentation
- Yes
- Documentation formats
-
- ODF
- End-of-contract data extraction
- Throughout the life of the contract, users are able to export various (anonymised) data from the platform in order to fulfil their specific internal reporting obligations. Also during the time of the contract, users with the appropriate role-based access are able (with suitable DPIA in place) to access service user (patient records) which they are able to transpose information from into their own Electronic Patient Record (EPR) systems. At contract termination the Preventx becomes sole Data Controller for the data generated as part of the contract and as such cannot transfer / extract this data in line with EU GDPR. All data will then be managed in line with guidelines set out in the Records Management Code of Practice for Health and Social Care 2021 and where data is stored that falls outside of this Code, we have internal processes to ensure that the subject rights under article 17 of the GDPR are met.
- End-of-contract process
-
At the end of a contract the following processes are implemented with the supplier:
Set date for closure of kit request service.
Set date for closure of kit receipt and laboratory testing services (usually within 1-3 months of the kit request closure).
Set date for data management access closure (this is agreed with the supplier). Preventx adhere to standard data retention periods for the UK.
Preventx deletion policy anonymises all PID; provision made to return the patient record and this data to the customer as requested by them.
Final invoice generation.
There are no additional costs for these end of contract services
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- None.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- The interface is a web application that delivers accessible user interface for users to interact with our healthcare system.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- The application has been through accessibility scans to ensure that the web interface adheres to the standard that assistive technologies require.
- API
- Yes
- What users can and can't do using the API
- Service Providers can integrate with our testing services through API. Core functions are available via the API for placing orders for testing and health products. These orders are processed through our dispatch and lab operations. Throughout the whole journey webhooks are available to notify systems of updates to orders and testing. Test Result date is available by API as data (json) and PDF. Preventx can also accept and publish HL7 messages to integrate with our dispatch and lab operations.
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Users have the ability to customise significant parts of the service user consultation journey and various branding options. These are implemented during the onboarding process for the service using configuration and internal technology resource. This customisation enables services to personalize triage processes, aiming to provide tailored kits and products to service users through customised triage methods. This involves adjusting the tests and components within the kit, as well as offering personalized advice, safeguarding assessments and call-backs to users during their care pathway. The ongoing care pathways are also configurable allowing custom care pathways to be developed to work along side your clinical teams. These pathways can be tailored to drive efficiency into result management, safeguarding and ongoing care. Changes can be made to user notifications including the content and timings of these notifications.
Scaling
- Independence of resources
- Preventx utilise cloud services to host the applications; all applications are monitored 24/7 for issues related to demand. The cloud services offer elasticity in the provisioning of our resources, allowing us to scale to meet demand.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Preventx’s services are data-rich, we provide a wide range of real-time reporting tools that provide access to a number of key service metrics:
-Gender
-Age
-Ethnicity
-Positivity rate by STI
-Return Rate
-Service Lookups
-Offline test kit reports
-Positivity rate by kit distribution channel
-Activity rate by channel
-Activity tracker
-Lab outcomes report
-Average cost per screen
-Average cost per diagnosis
-Spend tracker
-Spend tracker by channel/site
-User feedback survey report
-Local Authority ward report
-Local Authority LSOA report
-Local Authority Population Report
-Offline Kit expiry report
-Custom report generation - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
Customers/local providers are able to export data from the Preventx system in a number of ways:
Raw data export (enables local data analysis).
Custom report downloads (custom report design and implementation is provided as part of ongoing consultancy services).
CTAD/GUMAD data download (all CTAD/GUMCAD data is submitted by Preventx, however downloads of these submissions are available to customers/local providers). - Data export formats
-
- CSV
- Other
- Other data export formats
- XML
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- JSON
- HL7
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- We offer 99.9% uptime and have monitoring and support mechanisms in place to ensure that this is adhered to. We generally don't (and are not required) to provide users with refunds if we don't meet availability levels.
- Approach to resilience
- Available on request.
- Outage reporting
- We report significant planned / unplanned outages to clients via email alerts and through our account management team.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Other
- Other user authentication
- IP whitelisting for specific locations of clinical teams.
- Access restrictions in management interfaces and support channels
-
Areas of the public facing Preventx platform that will access and display patient data (for example account areas, online test results, etc.) will follow strict rules around the authentication of the user, including the use / option of 2 factor authentication (2FA).
Clinician access for result management and advisory services is managed via our clinician portal, which is secured via industry standard TLS/HTTPS encryption. In addition to mitigating risk using IP whitelisting and encryption we can enforce the use of One Time Password (OTP) devices or 2FA applications. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
- Other
- Description of management access authentication
- IP whitelisting for specific locations of clinical teams.
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- NHS DSP Toolkit
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- As a provider to NHS we complete the Data Security Protection Toolkit assessment that allows us to measure our performance against the National Data Guardian’s 10 data security standards. All new services are required to be GDPR compliant with Data Protection Impact Assessments and Data Sharing Agreements required to be in place before commencement. We are working towards ISO27001 certification.
- Information security policies and processes
-
We have a board-level responsibility around information security where the Chief Technology Officer acts a the Information Governance Lead and Chief Information Security Officer for the business. Information security risks are monitored through a corporate risk register which are also reviewed at each monthly board meeting.
We have a Data Protection Officer (DPO) who is responsible for ensuring compliance to the EU GDPR and again our compliance is regularly monitored and reported on at the monthly board meetings.
We have a number of policies around information security (mobile device policy, remote working policy, etc.) that are included as part our employee handbook and a corporate IT Security policy that has been adopted at board level.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Preventx run a robust change management process and have mechanisms in place as part of our software development process to assess the security impacts of any change. We have a clearly defined and documented process around code review and code release that ensures full traceability and auditing of any change. We also ensure that all changes are assessed for data protection requirements and clinical safety needs. We implement annual web application penetration tests to confirm overall security conformance.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We run scheduled vulnerability scans for all applications and devices in our platform. Any vulnerabilities categorised with a severity of high or above are patched within 7 days. Information on vulnerabilities is found via Azure Security Centre and software package management tools.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Available upon request.
- Incident management type
- Supplier-defined controls
- Incident management approach
- We have pre-defined processes for common events and users report incidents via our online support portal. For most incidents these tickets and the responses form part of the incident reports.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Equal opportunity
- Wellbeing
Fighting climate change
Preventx’s HR and environmental policies detail our approach on how we consider and reduce the carbon impact of our activities on the environment directly, and in-directly through our supply chain.
As part of our dedication to Environmental, Social and Corporate Governance, Preventx is always seeking new ways to be more sustainable and environmentally conscious. As such, we have made a change to our self-sampling test kits, transitioning from hard ‘clamshell’ plastic packaging (used for transporting collection tubes), to a new recyclable transport pouch. As a result, we will reduce our plastic waste by 80%.
To encourage staff to reduce their carbon impact on the environment whilst travelling to the office, Preventx offers a cycle to work scheme. All staff are encouraged to use public transport to commute to the office or to car share.
For external off-site meetings, Preventx has implemented a ‘train first’ policy to further reduce carbon impact on the environment and we partner with local tram and bus services to provide employees with a discount to encourage them to use public transport where possible.
Preventx installed electric vehicle charging points for the use of employees who commute via electric vehicles and have purchased an electric van which is used solely to travel between our sites in Sheffield.
Preventx has completed installation of a combined heat and power system, which will reduce energy waste and we have upgraded all laboratory lighting to an LED system.
We source our packaging via Greenshires who have Forest Stewardship Council certification and are certified with the ISO 14001:2004 Environmental Standard.
Cardboard waste from test kits received back at the Preventx laboratory is recycled and service users are asked to return unused parts from testing kits for reuse or recycling.Equal opportunity
Preventx have a number of policies in place that support equality, diversity and inclusion. For example:
- A recruitment policy which sets out that we are committed to applying our equality, diversity and inclusion policy at all stages of recruitment and selection
- Disability policy
- EDI Policy
- Menstruation policy
- Menopause policy.
We also have a Women’s Inspiration Network whose mission is to inspire, challenge, connect and stimulate creativity, by strengthening each other through shared experiences. We are planning to introduce further Employee Resource Group’s in the near future.Wellbeing
Preventx have a social wellbeing and outreach committee whose objectives are to:
- Encourage healthier lifestyles for all employees
- Build a positive overall workplace culture
- Provide access to programs and memberships that help employees live healthier
- Ensure employees have the chance to practice health and wellbeing at work
- Improve general employee engagement, morale and happiness
- Provide volunteering opportunities to employees (Preventx employees have 8 hours paid volunteering time per annum)
- Organise wellbeing and social activities for employees
Pricing
- Price
- £4.75 to £81.50 a transaction
- Discount for educational organisations
- No
- Free trial available
- No