everyLIFE Technologies Ltd

PASS digital care management platform

Market leading all-in-one digital care management platform, supporting care providers to be the best they can be. Delivering care planning, eMAR, scheduling, finance, and comprehensive auditing & reporting. Customer-centric, CQC aligned, NHS-assured, transforms operational efficiency. Provides realtime access to GP records via GP Connect, offline working, and a family portal.

Features

• Digital care planning incorporating outcomes, medications & care delivery
• Staff rostering incorporating scheduling, invoicing & payroll
• Realtime reporting data for deeper insight into care quality
• Reporting at service user, site, business & care worker levels
• Easy access to evidence of care for auditing requirements
• Remote access with online & offline capabilities
• Suite of tools for medications administration, including automated eMAR
• Realtime access to GP practice clinical information via GP Connect
• Secure access to care records for verified family & friends
• Document builder to create or edit customised documents and assessments

Benefits

• Higher quality care and improved, personalised outcomes
• Manages, sustains and evidences person-centred care
• Drives business operational efficiency
• Safer medications management
• Improved safety through realtime information sharing across the care team
• Eliminates integration risks by providing 1-stop care planning and rostering
• Easy to use, promotes employee engagement which helps improve retention
• Promotes transparency with care record access for authorised 3rd parties
• Better informed care decisions through realtime access to GP data
• Simplifies rostering with intuitive drop & drag functionality

£8.20 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at duncan.campbell@everylifetechnologies.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

653856736383820

Contact

Duncan Campbell
07834 800418
duncan.campbell@everylifetechnologies.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Software updates are pushed out typically every two weeks with zero interruption to service. Our maintenance window for releases that require downtime is 11pm-1am. This is rarely required, and the typical downtime is usually only minutes. Customers arenotified in advance.; ; PASS is designed to support the technologies most commonly used in the care sector. Care workers require the PASS app on an Android or iOS smart phone or tablet. The PASS web portal, used by office staff, is optimised for Chrome and Chromium based browsers like Edge but is otherwise device and operating system agnostic.
• System requirements:
  • App works on android/ iOS mobile devices with minimum specification
  • Optimal web portal performance using Chrome browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Customers can expect for their phone call to be answered in less than <1 minute and <5 minutes for web chat support. Critical Issues will receive a response within 2 business hours, Material Issues within 4 business hours and Important issues within 8 business hours. ; Outside of core business hours (week days 17:00 - 09:00) and weekends (Friday 17:00 - Monday 09:00) emergency support is available calls are answered by a triage team typically in <5minutes and further call backs will be returned within 1 hour.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We employ Intercom Messenger for web chat. This complies with the Web Content Accessibility Guidelines (WCAG) 2.0 Level AA. For example:; • Screen reader support: the Messenger is accessible via screen readers; • Colour contrast: all text in the web Messenger is clearly visible when using colors with enough contrast. ; • Keyboard navigation: Every component of the Messenger can be accessed using a keyboard without requiring a mouse or trackpad
• Onsite support: Yes, at extra cost
• Support levels: Typically, onsite support is not required as we install our services and remotely. We are able to solve customer issues remotely with the use of screensharing technology (over a web browser and handheld devices) using web chat or telephone. Customers can reach us via email, phone and in-product chat. Enquiries to the customer support team are triaged and directed to the appropriate technical support engineer if required. All frontline support services are included in the monthly subscription fee unless otherwise stated. Where onsite support is required, this can be provided by everyLIFE. Any costs will be quoted in advance, based upon the particular requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A PASS implementation is delivered in clearly defined stages to enable a tailored incremental Go-Live plan, ensuring that users begin to realise the benefits of the new system as quickly as possible.; Implementation starts with a Project Kick-Off meeting, which defines the scope, understands the organisation readiness, defines responsibilities and sets target go-live dates. These will inform the published project plan.; ; For each implementation we design a blended learning package to provide a personalised but also time-manageable approach to learning. ; Training is delivered as a series of feature led modules, each approximately 1 hour long. All online training is recorded and shared with the customer for future reference and can be used for efficiently onboarding new users. We also provide how-to videos and online webinars. One-to-one sessions as well as a range of coaching and mentoring is available on request.; ; We encourage a collaborative approach between our team and the care provider and advocate for the provider to nominate an implementation champion. Our online implementation portal is used to provide full visibility of milestones, deadlines, tasks and progress to date, and to allow the two parties to work collaboratively together to deliver the programme in an efficient and controlled manner.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: Online and in-app
• End-of-contract data extraction: When the contract ends, the customer has the following options:; • Customer data can be retained within the PASS as a legacy solution on a single licence access basis ; • Data can be returned to the Customer for retention in machine readable format, as defined by the portability provisions in the GDPR ; • The Customer may retain data in hard copy and to facilitate this everyLIFE permits the Customer a period of 30 days following the date of termination to save or print whatever data they require; • The Customer may have their data deleted, or otherwise destroyed by everyLIFE.
• End-of-contract process: There is a fee for data retention on a single license access basis, or for returning data in machine readable format. ; 30-day access to data for retention in hardcopy, or data deletion, are available free of charge.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile app is used by carers at the point of care to:; • View their schedules; • View Service User details, care to be delivered, and care history; • Tag-in/out of care visits; • Record the delivery of care; • Raise and complete assessments, observations and other documents; The PASS desktop service is designed for managers, and is used for:; • Managing enquiries/ referrals; • Creating Service User & Care Worker profiles; • Building and monitoring Care Plans; • Rostering, including scheduling, holidays & absences, and invoicing & payroll; • Managing care documents; • Managing Alerts ; • Reporting
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: PASS is designed to be accessed via natively written apps for iPhone and Android for use at the point of care, and via a web browser for management/ office functions. In both cases, PASS is built for accessibility and to suit the type of device through which it is accessed.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: On the mobile app we support voice to text, and offer an intuitive User Interface design that makes the information easy to absorb, without the need to learn. It supports for TalkBack on Android, or VoiceOver for iOS, which audibly describe functional icons within the user interface; Additionally we believe that at least one of our customers is using the Jaws screen reader with PASS.
• API: Yes
• What users can and can't do using the API: Our PASSport API allows for 3rd party systems to integrate with PASS. We offer a 2 way integration or a manual CSV upload. The integration allows 2-way real time syncing of selected data. Data can be sent and/ or received ; The 3rd party system provider would need to set up the integration by implementing our API. We work closely with providers to ensure correct implementation of the API.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: EveryLIFE can customise the following areas during the implementation phase:; • Bespoke PASS offices, personalised with logo and service provider name; • Terminology – specific terms used for “care-receivers”, “care-givers”, “tasks” and other terms. ; • Roles – a hierarchy of up to ten user access roles and permissions to control user access to information and functions throughout the system. ; • Template care plan names - a pick-list of relevant care plan names for rapid setup before personalising to individual’s needs.; • Integrations – bespoke integrations with 3rd party systems, subject to technical review and agreed functional specification.; Users with the correct permissions are trained during implementation to customise the following:; • Document templates – forms, assessments, observations etc for capturing relevant information about care needs or risk; • Alert settings; • Timeout thresholds; • Reporting favourites; • Care groups & Tags; • Non-contact time activities; • Absence reasons; • Office message; • Visit types; • Employee break threshold; • Wait time threshold; • Cancellation reasons

Scaling

• Independence of resources: PASS is offered as a Software as a Service (SaaS) solution, hosted on AWS. We utilise Amazon Relational Database Service (RDS) which makes it simple to set up, operate and scale databases in the cloud. As our storage requirements grow, we can provision additional storage on-the-fly with zero downtime. Likewise compute and memory resources can also be scaled up if required.; The RDS Management Console allows us to view key operational metrics, including compute/ memory/ storage capacity utilisation, to monitor demand on the PASS service.

Analytics

• Service usage metrics: Yes
• Metrics types: Analytics dashboards available at national, regional and individual service level, as well as at customer and care worker levels. Metrics include service capacity, incidents, punctuality and staff turnover, presented in aggregate form as well as by individual service. Service location metrics include Incidents and missed task alert reports, care visits and tasks by type, visit durations, continuity of care, and a breakdown of task types for every customer and care worker. Word clouds show frequently used terms in care notes, Tag in and tag out methods show care worker punctuality.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: AWS adheres to independently validated privacy, data protection, security protections and control processes. (Listed under “certifications”). AWS is responsible for the security of the cloud; customers are responsible for security in the cloud. AWS enables customers to control their content (where it will be stored, how it will be secured in transit or at rest, how access to their AWS environment will be managed). Wherever appropriate, AWS offers customers options to add additional security layers to data at rest, via scalable and efficient encryption features. We employ flexible key management options and dedicated hardware-based cryptographic key storage services from AWS.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Any report generated in PASS can be downloaded as either an image file (for example, graphs and charts for use in reports and presentations), or as a flat file (CSV format). ; PASS tabular data can be exported in an interrogatable and importable format for onward analysis and import into downstream programmes.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • XLSX
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: The main PASS database, hosted on the Amazon Web Services (AWS) platform, is encrypted as a managed service provided by AWS using the industry standard AES-256 encryption algorithm. Keys are securely managed using AWS Key Management Service.

Availability and resilience

• Guaranteed availability: Our standard SLA’s for response and resolution times, as defined in our Terms and Conditions, are as follows:; ; Leve1, Critical; Non-availability and total loss of service to the Customer due to failure of the Software Product; Response 2 business hours, Target resolution 4 business hours; ; Level 2, Material; A limited repeatedly occurring loss of service availability to the Customer, affecting usage and operational risk; Response 4 business hours, Target resolution 8 business hours; ; Level 3, Important; Reduced service availability which does not create operational risk of the Customer; Response 8 business hours, Target resolution 4 business days; ; Level 4, Cosmetic; A fault of a cosmetic nature and of no immediate consequence which does not affect the use of the application or service availability of the customer; Response 2 business days, Target resolution 3 months or next release, whichever is sooner
• Approach to resilience: PASS is offered as a Software as a Service (SaaS) solution, hosted on AWS. The AWS global infrastructure has a high level of availability and provides features to deploy a resilient IT architecture.; PASS employs a Highly-Available (HA) clustered infrastructure. Additionally our PASS databases and application nodes are spread across multiple AWS servers in different isolated zones within the London region, with robust load-balancing, offering strong protection against hardware failures, power outages, etc.; We also run a separate AWS disaster recovery site datacentre, as well as a passive staging environment which is maintained like for like with our production system.; AWS datacentres are operated in alignment with the Tier III+ guidelines. Some aspects, such as the fault tolerant sequence of operations with self-correcting mitigation in place, exceed the Tier III+ guidelines.
• Outage reporting: EveryLIFE has established a publicly accessible page which provides a live view of our PASS uptime statistics including details of any outages: https://status.passgenius.com/ ; Our Incident Management Framework describes the process for managing adverse incidents, including the PASS service becoming inaccessible to customers. Incidents are triaged, and if appropriate communications are sent out to customers and other external stakeholders.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: As well as multi factor authentication and username/ password, the PASSforcare mobile app also supports biometric and PIN logon.
• Access restrictions in management interfaces and support channels: PASS operates a comprehensive Role Based Access Control approach to restrict access in management interfaces and support channel.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: Initial Certificate 20th November 2015, most recent certificate 23/12/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 06/11/2020, reissued 18/11/22 and 22/11/23 (AWS)
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: N/A
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: DPST: Standards Met

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO9001 (Quality); NHS Digital Data Security and Protection toolkit - 'Standards Met' level; National centre for cyber security cloud principles; Cyber Essentials and Cyber Essentials Plus
• Information security policies and processes: We have an Information Security Management System (ISMS) based on ISO27001. We have an in house data protection officer who has responsibility for information security. ; We have a full document suite covering information security policies including:; • Access Control Policy; • Business Continuity Management Policy; • Data Breach Reference Guide; • Email and Communications Policy; • General Data Protection Regulation Policy; • Incident Management Framework; • Information Governance Policy; • Information System & Asset Security and Usage Policy; • Internet Use Policy; • Mobile Device Usage Policy; • Password Policy; • Risk Management Strategy; • Quality and Information Security Management System Manual; • Quality and Information Security Management System Policy ; Reporting is to the everyLIFE Senior Leadership Team, who meet weekly and are also responsible for enforcing the company’s policies. ; Company policies are disseminated centrally with a mechanism for ensuring that they have been read. We have a risk register where all risks are logged, rated and monitored.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: PASS is offered as a Software as a Service (SaaS) solution, hosted on AWS. We use a number of AWS services to support our configuration and change management approach:; • AWS CodeDeploy (automates software deployments); • AWS CloudFormation (simplifies infrastructure management using a resources template); • AWS Secrets Manager (protection for credentials, API keys, tokens and other secret information without the need for code deployments); • AWS Certificate Manager (to provision, manage and deploy SSL/TLS certificates); • AWS CloudTrail (monitors and records account activity for audit, security monitoring and operational troubleshooting)
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: PASS is offered as a Software as a Service (SaaS) solution, hosted on AWS. We use a number of AWS services to support our vulnerability management process.; • Amazon Relational Database Service and AWS Lambda (automated patching and upgrades); • AWS Security Hub (performs security best practice checks, aggregates alerts and enables automated remediation); • AWS Inspector (automated vulnerability management that continually scans workloads for software vulnerabilities and unintended network exposure); • AWS GuardDuty (continuous security monitoring of key logs, using threat intelligence feeds to identify unexpected and potentially unauthorised and malicious activity)
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: PASS is offered as a Software as a Service (SaaS) solution, hosted on AWS. We use a number of AWS services to support our protective monitoring approach.; • AWS WAF (a web application firewall that protects against common web exploits and bots that may affect availability, security, or excessive resource consumption); • Amazon Inspector (automated vulnerability management); • Amazon GuardDuty (continuous security monitoring of key logs to identify unexpected and potentially unauthorised and malicious activity); Our Incident Management Framework outlines our process for managing adverse incidents, including the triage process. Our Business Continuity includes recovery timeframes and resources required.
• Incident management type: Supplier-defined controls
• Incident management approach: Our Incident Management process is defined in our Incident Management Framework. It outlines our process for managing adverse incidents, including a list of incident categories, roles & responsibilities, the triage process, reporting timeframes, incident prioritisation and grading, guidance to employees, communications, and incident investigation.; Our Business Continuity Management Policy identifies potential incidents, and provides a Business Impact Analysis on each, including timeframes and resources required for recovery.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Wellbeing

  Fighting climate change

  Reduction in car journeys and travel time; Reduction in printing and paper usage

  Wellbeing

  Enhancing the outcomes for people being cared for. Supporting carers and care managers in their challenging work environment.

Pricing

• Price: £8.20 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at duncan.campbell@everylifetechnologies.com. Tell them what format you need. It will help if you say what assistive technology you use.