Skip to main content

Help us improve the Digital Marketplace - send your feedback

Preventx Limited

Freetest.me - Online STI Screening

Freetest.me is a fully integrated self-sampling online sexual health platform focusing on remote screening for sexually transmitted infections. The service includes cloud-based intervention with postal sample collection kits backed up by integrated laboratory services.

Features

  • Simple patient pathway and secure cloud-based clinical record system
  • Service user registration and postcode geo-location eligibility look up
  • Flexible web-based kit and test selection triage with safeguarding
  • Customers provide their own in-house clinical support/patient management
  • In-house laboratory testing service accredited to ISO 15189
  • Secure web-based reporting hub for reporting / live service information
  • National datasets (such as CTAD) automatically submitted
  • Automated patient notifications for kit completion, results ect (email/SMS)
  • Flexible and integrated fully offline kit model for local services/venues

Benefits

  • Highly cost-effective cost-per-screen and cost-per-positive
  • Intuitive cloud-based clinical record system with training available for clinics
  • Automated processes reduce workload for local services and overheads
  • Simple triage process allows alignment with local service requirements
  • Secure web-based reporting hub for reporting / live service information
  • Live service information/reports available via secure cloud-based reporting hub
  • In-house laboratory testing service accredited to ISO 15189
  • Flexible and integrated fully offline kit model for local services/venues

Pricing

£4.75 to £81.50 a transaction

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.clune@preventx.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 3 9 5 6 1 8 8 1 9 5 4 1 0 1

Contact

Preventx Limited Mark Clune
Telephone: 07812731315
Email: mark.clune@preventx.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
Access to internet connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
We operate support during business hours (8:00 - 17:00) and working days (Mon - Fri). However, the ability to add support tickets is always available to users. Given the nature of the service we provide we find this currently works for the users. However, we continuously assess this.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
Because of the nature of the service we provide we have no defined service levels. All users are provided with same level of support.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Preventx has over 16 years of experience at onboarding new users of their services, which has allowed us to develop a tried and tested mobilisation approach. Onboarding requirements of customers are varied; therefore we work with them to understand their requirements and develop a bespoke mobilisation package.

Onboarding of new customers can include the following training:

Remote and/or online training for clinicians who will be using the SH.UK secure cloud based clinical record system to manage patients.

Remote and/or online training for clinicians who will be using the SH.UK secure cloud based clinical record system to access reporting tools.

Remote and/or online training for clinicians who will be using the SH.UK secure cloud based portal to access reporting tools.

Remote and/or online system training for all commissioners requiring aggregate data reporting access through the SH.UK secure cloud based portal.

Top up training / support for all local clinicians managing onward care of positive patients in local services.

All training is supplemented by key FAQ training documentation, allowing staff to have a key reference guide for their development.

Throughout the contract cycle, customers can access the Preventx Head of Service Design, who is available to support, re-train and advise.
Service documentation
Yes
Documentation formats
  • ODF
  • PDF
End-of-contract data extraction
Throughout the life of the contract, users are able to export various (anonymised) data from the platform in order to fulfil their specific internal reporting obligations. Also during the time of the contract, users with the appropriate role-based access are able (with suitable DPIA in place) to access service user (patient records) which they are able to transpose information from into their own Electronic Patient Record (EPR) systems. At contract termination the Preventx becomes sole Data Controller for the data generated as part of the contract and as such cannot transfer / extract this data in line with EU GDPR. All data will then be managed in line with guidelines set out in the Records Management Code of Practice for Health and Social Care 2021 and where data is stored that falls outside of this Code, we have internal processes to ensure that the subject rights under article 17 of the GDPR are met.
End-of-contract process
At the end of a contract the following processes are implemented with the supplier:

Set date for closure of kit request service.

Set date for closure of kit receipt and laboratory testing services (usually within 1-3 months of the kit request closure).

Set date for data management access closure (this is agreed with the supplier). Preventx adhere to standard data retention periods for the UK.

Preventx deletion policy anonymises all PID; provision made to return the patient record and this data to the customer as requested by them.

Final invoice generation.

There are no additional costs for these end of contract services

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
The interface is a web application that delivers accessible user interface for users to interact with our healthcare system.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The application has been through accessibility scans to ensure that the web interface adheres to the standard that assistive technologies require.
API
Yes
What users can and can't do using the API
Service Providers can integrate with our testing services through API. Core functions are available via the API for placing orders for testing and health products. These orders are processed through our dispatch and lab operations. Throughout the whole journey webhooks are available to notify systems of updates to orders and testing. Test Result date is available by API as data (json) and PDF. Preventx can also accept and publish HL7 messages to integrate with our dispatch and lab operations.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Users have the ability to customise significant parts of the service user consultation journey and various branding options. These are implemented during the onboarding process for the service using configuration and internal technology resource. This customisation enables services to personalize triage processes, aiming to provide tailored kits and products to service users through customised triage methods. This involves adjusting the tests and components within the kit, as well as offering personalized advice, safeguarding assessments and call-backs to users during their care pathway. The ongoing care pathways are also configurable allowing custom care pathways to be developed to work along side your clinical teams. These pathways can be tailored to drive efficiency into result management, safeguarding and ongoing care. Changes can be made to user notifications including the content and timings of these notifications.

Scaling

Independence of resources
Preventx utilise cloud services to host the applications; all applications are monitored 24/7 for issues related to demand. The cloud services offer elasticity in the provisioning of our resources, allowing us to scale to meet demand.

Analytics

Service usage metrics
Yes
Metrics types
Preventx’s services are data-rich, we provide a wide range of real-time reporting tools that provide access to a number of key service metrics:

-Gender
-Age
-Ethnicity
-Positivity rate by STI
-Return Rate
-Service Lookups
-Offline test kit reports
-Positivity rate by kit distribution channel
-Activity rate by channel
-Activity tracker
-Lab outcomes report
-Average cost per screen
-Average cost per diagnosis
-Spend tracker
-Spend tracker by channel/site
-User feedback survey report
-Local Authority ward report
-Local Authority LSOA report
-Local Authority Population Report
-Offline Kit expiry report
-Custom report generation
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Customers/local providers are able to export data from the Preventx system in a number of ways:

Raw data export (enables local data analysis).

Custom report downloads (custom report design and implementation is provided as part of ongoing consultancy services).

CTAD/GUMAD data download (all CTAD/GUMCAD data is submitted by Preventx, however downloads of these submissions are available to customers/local providers).
Data export formats
  • CSV
  • Other
Other data export formats
XML
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • HL7

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We offer 99.9% uptime and have monitoring and support mechanisms in place to ensure that this is adhered to. We generally don't (and are not required) to provide users with refunds if we don't meet availability levels.
Approach to resilience
Available on request.
Outage reporting
We report significant planned / unplanned outages to clients via email alerts and through our account management team.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
IP whitelisting for specific locations of clinical teams.
Access restrictions in management interfaces and support channels
Areas of the public facing Preventx platform that will access and display patient data (for example account areas, online test results, etc.) will follow strict rules around the authentication of the user, including the use / option of 2 factor authentication (2FA).

Clinician access for result management and advisory services is managed via our clinician portal, which is secured via industry standard TLS/HTTPS encryption. In addition to mitigating risk using IP whitelisting and encryption we can enforce the use of One Time Password (OTP) devices or 2FA applications.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
IP whitelisting for specific locations of clinical teams.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
NHS DSP Toolkit

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
As a provider to NHS we complete the Data Security Protection Toolkit assessment that allows us to measure our performance against the National Data Guardian’s 10 data security standards. All new services are required to be GDPR compliant with Data Protection Impact Assessments and Data Sharing Agreements required to be in place before commencement. We are working towards ISO27001 certification.
Information security policies and processes
We have a board-level responsibility around information security where the Chief Technology Officer acts a the Information Governance Lead and Chief Information Security Officer for the business. Information security risks are monitored through a corporate risk register which are also reviewed at each monthly board meeting.

We have a Data Protection Officer (DPO) who is responsible for ensuring compliance to the EU GDPR and again our compliance is regularly monitored and reported on at the monthly board meetings.

We have a number of policies around information security (mobile device policy, remote working policy, etc.) that are included as part our employee handbook and a corporate IT Security policy that has been adopted at board level.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Preventx run a robust change management process and have mechanisms in place as part of our software development process to assess the security impacts of any change. We have a clearly defined and documented process around code review and code release that ensures full traceability and auditing of any change. We also ensure that all changes are assessed for data protection requirements and clinical safety needs. We implement annual web application penetration tests to confirm overall security conformance.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We run scheduled vulnerability scans for all applications and devices in our platform. Any vulnerabilities categorised with a severity of high or above are patched within 7 days. Information on vulnerabilities is found via Azure Security Centre and software package management tools.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Available upon request.
Incident management type
Supplier-defined controls
Incident management approach
We have pre-defined processes for common events and users report incidents via our online support portal. For most incidents these tickets and the responses form part of the incident reports.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

Fighting climate change

Preventx’s HR and environmental policies detail our approach on how we consider and reduce the carbon impact of our activities on the environment directly, and in-directly through our supply chain.

As part of our dedication to Environmental, Social and Corporate Governance, Preventx is always seeking new ways to be more sustainable and environmentally conscious. As such, we have made a change to our self-sampling test kits, transitioning from hard ‘clamshell’ plastic packaging (used for transporting collection tubes), to a new recyclable transport pouch. As a result, we will reduce our plastic waste by 80%.

To encourage staff to reduce their carbon impact on the environment whilst travelling to the office, Preventx offers a cycle to work scheme. All staff are encouraged to use public transport to commute to the office or to car share.

For external off-site meetings, Preventx has implemented a ‘train first’ policy to further reduce carbon impact on the environment and we partner with local tram and bus services to provide employees with a discount to encourage them to use public transport where possible.

Preventx installed electric vehicle charging points for the use of employees who commute via electric vehicles and have purchased an electric van which is used solely to travel between our sites in Sheffield.

Preventx has completed installation of a combined heat and power system, which will reduce energy waste and we have upgraded all laboratory lighting to an LED system.

We source our packaging via Greenshires who have Forest Stewardship Council certification and are certified with the ISO 14001:2004 Environmental Standard.

Cardboard waste from test kits received back at the Preventx laboratory is recycled and service users are asked to return unused parts from testing kits for reuse or recycling.

Equal opportunity

Preventx have a number of policies in place that support equality, diversity and inclusion. For example:
- A recruitment policy which sets out that we are committed to applying our equality, diversity and inclusion policy at all stages of recruitment and selection
- Disability policy
- EDI Policy
- Menstruation policy
- Menopause policy.

We also have a Women’s Inspiration Network whose mission is to inspire, challenge, connect and stimulate creativity, by strengthening each other through shared experiences. We are planning to introduce further Employee Resource Group’s in the near future.

Wellbeing

Preventx have a social wellbeing and outreach committee whose objectives are to:

- Encourage healthier lifestyles for all employees
- Build a positive overall workplace culture
- Provide access to programs and memberships that help employees live healthier
- Ensure employees have the chance to practice health and wellbeing at work
- Improve general employee engagement, morale and happiness
- Provide volunteering opportunities to employees (Preventx employees have 8 hours paid volunteering time per annum)
- Organise wellbeing and social activities for employees

Pricing

Price
£4.75 to £81.50 a transaction
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.clune@preventx.com. Tell them what format you need. It will help if you say what assistive technology you use.