COHESION MEDICAL LTD.

COHESION Digital End of Life Care Plan Solution

COHESION Care Wallet enables patients to securely share data with flexibly configured cloud-based Digital End of Life Care Plan Service allowing improved care planning, remote monitoring and service feedback to deliver better outcomes and patient experiences. COHESION has a proven track record with the NHS across the UK.

Features

• Digital solution helps patients manage and own their health record.
• Configurable cloud-based services platform with integrated patient mobile/cloud application.
• Identity verified by NHS-Login with Multi-Factor Authentication (MFA).
• Integrates multiple PROMs, images and test results.
• Integrates multiple remote monitoring smart devices.
• Connects multiple services with case management and circles of care.
• Supports care planning, communication and self-management tools.
• Open-data-architecture with interoperability standards, APIs and GDPR-compliant consent model.

Benefits

• Builds care pathways moving burden from acute setting to community.
• Supported Self-Management with patient access to own health data.
• Integrate remote monitoring from home with smart devices.
• Design more flexible MDT workflows.
• Service triaging to reduce need for face-to-face consultations.
• Increase patient-centred care with co-produced care planning.
• More appropriate interventions with better medicines management and clinical outcomes.
• Open Data Architecture with interoperability and APIs standards.
• GDPR compliant consent model with privacy by design.

£1.00 to £100.00 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at euan.cameron@cohesionmedical.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

655546009334725

Contact

Euan Cameron
01416119686
euan.cameron@cohesionmedical.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Electronic Patient Records (EPR) systems. ; Patient Administration Systems (PAS). ; Picture Archive Communications (PAC) systems. ; Electronic Document Transfer (EDT) systems.; Patient Management Systems (PMS); Electronic Medical Record Systems (EMRs)
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: COHESION provides a UK-cloud based solution (Microsoft Azure) with a Software as a Service (SaaS) model so the software will be updated automatically and performed out of hours to minimise impact to services and users.
• System requirements:
  • Desktop Computer (WinPC/MacOS)
  • Tablet Computer (Android, iOS)
  • Mobile SmartPhone (Android, iOS)
  • Web browsers
  • Internet connectivity

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Time to Response (TTR) - Critical Response: 4 Business Hours. Non-Critical: 24 Business Hours. Availability: Mon-Fri, 9am-5pm, GMT. Response Times at weekends and public holidays is treated as Non-Critical.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Web chat accessibility testing; Tested with Lived Experience users.
• Onsite support: Yes, at extra cost
• Support levels: COHESION provides a support desk as first line response to users. Customers have access to an account manager as their main point of contact. COHESION solutions are backed by Microsoft Azure services 24x7, 99.99% availability. ; The standard Time to Response (TTR) - Critical Response: 4 Business Hours. Non-Critical: 24 Business Hours. Availability: Mon-Fri, 9am-5pm, GMT. Response Times at weekends and public holidays is treated as Non-Critical. ; Customers have options to increase Time To Response (TTR) times levels categorised by service request Priority: P1: Urgent: 1 hour; Service complete loss for all users or severe degradation resulting in inability to function; P2: High: 4 hours; Service some loss of service/system failure removing service from a number of users resulting in improper functioning; P3: Medium: 8 hours; Service working but functioning at less than optimal system performance resolved by fixing minor bugs/site errors; P4: Low: 24 hours; change requests.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: COHESION offers On-Boarding Installation service for new customers including: Setup and Configure, Testing and Validation, Self-Learning (User Guides and videos) and Train-the-Trainer courses which can be delivered remotely or on premise.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: COHESION provides a user admin managed Data Export Manager (DEM) for data export of CSV and XML files. Where personal data is stored locally on citizen devices this can be exported by the individual and ported to another provider of their choice.
• End-of-contract process: At contract end, data export is concluded and 30 days provided to complete hand-off before software is closed and any data is formally destroyed unless formally requested to archive data and make system inactive. No other additional costs included. COHESION will work with the customer to ensure a smooth transition to a new provider. Once this has been completed COHESION will delete the data from its platform.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: For clinical staff, tablet devices can be used as well as desktops. For patients, citizen-owned smartphone devices (iOS/Android), tablets, desktops can be used with no significant difference between services other than responsive layouts.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Secure service interface is provided via a web browser with secure login access which allows local administration teams to manage their user base and organisation setup. The interface allows for the configuration of services within their specific organisation including service dashboards and patient/clinicial dashboards for healthcare professionals to administer.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: COHESION has tested solutions with a wide range of Lived Experience users including people with restricted mobility, learning needs, visual impairments and elderly. In addition, manual and automated interface accessibility testing has been conducted.
• API: Yes
• What users can and can't do using the API: COHESION provides service APIs using RESTful and SOAP based web service interfaces over HTTPS to enable application to application communications allowing authorised clients to read and write data using a range of data models and messaging standards such as OpenEHR and HL7 FHIR. The services support a number of different authentication and authorisation options including BasicAuth, OAuth2 and mutual SSL certificate based authentication.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: COHESION solutions are designed to be configurable, flexible and scalable to meet customer localised needs during service and user setup. Organisation, service and user setup and configuration of dashboards, records and data components can all be done by the customer or by COHESION on behalf of the customer through configuration tools within the solution management area by permissioned system administrators.

Scaling

• Independence of resources: COHESION uses virtualisation to ensure applications and users sharing the same infrastructure are kept apart. Microsoft Azure performance monitoring and alarms are in place to ensure sufficient capacity and resources are available for on-demand business-critical services for many millions of users. COHESION provides a Service Level Agreement (SLA) to guarantee up-time availability.

Analytics

• Service usage metrics: Yes
• Metrics types: COHESION provides the ability for services to configure their own Key Performance Indicators (KPIs) which can be displayed and reported on real-time Service Dashboards, Service Reporting and System Logs. These KPIs and tools allow services to monitor key metrics such as service outcomes, performance analysis and identify areas for service improvement. Data can be tabulated or visualised as time series, graphs, and other charts for user needs. Example service metrics include usage levels, intervention outcomes, activity levels etc.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: COHESION provides a user admin managed Data Export Manager (DEM) for data export with anonymised data option. Extraction of data is available to authenticated users and/or systems that have the correct RBAC access and data permissions. The DEM can be configured to suit individual service and customer requirements. Most data contained within the CMS is exportable as CSV, XML, Excel ready for import into a 3rd party system at no additional cost.
• Data export formats:
  • CSV
  • Other
• Other data export formats: MS Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: MS Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: COHESION provides by a Service Level Agreement (SLA) supported by the Microsoft Azure stack to guarantee availability of 99.99%. Refer Microsoft Azure SLAs:https://azure.microsoft.com/en-gb/support/legal/sla/. Unavailability is identified by proactive fault detection by the service management team or through a customer reported fault. COHESION will refund service credits agreed to customers where the solution is less than the agreed availability.
• Approach to resilience: COHESION solutions are supported by the Microsoft Azure stack to guarantee availability of 99.99% as well as Azure storage redundancy, database cross-region replication with two Azure UK regions all data will still stay within the UK with routine maintenance provided by Microsoft. Each deployment package is archived to enable roll back where necessary. Further information on request.
• Outage reporting: COHESION is ISO 27001 and ISO 9001 compliant with business continuity plans and major incident policies. COHESION provides a customer account manager as the central point of contact with the customer. Outages are reported to customer technical contacts via email alerts, API and live service dashboards for all system statuses.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: COHESION utilises Role Based Access Controls (RBAC) and Attribute Based Access Controls (ABAC) to ensure that users only have access to the systems that they require including support channels.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 15/12/2017
• What the ISO/IEC 27001 doesn’t cover: There are no permissible exclusions which apply.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Working towards Class 2a Medical Device under EU Medical-Device-Regulations (MDR)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: COHESION is ISO 27001:2017 and Cyber Essentials Plus compliant and has an established Information Security Management System with Information Security Policies and Procedures as part of a "secure by design" approach. All staff are trained in information security and incident reporting and are fully aware of their roles and responsibilities. Senior Management review policies and procedures as part of ISO compliance and continual improvement. All staff must alert senior management if they observe a policy breach or see an opportunity for policy improvement. COHESION has passed Digital Security and Protection Toolkit (DSPT).

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: COHESION is ISO 27001:2017 and ISO 9001: 2015 compliant and maintains a systematic approach to Change Management to effectively deal with requests for change, addressing risks and to capitalise on opportunities involving adapting to the change, controlling the change and effecting the change. Changes proposed are reviewed, authorised, tested, implemented and released in a controlled manner and the status of each proposed change is monitored. COHESION performs updates to its SaaS solutions on a monthly basis and performs all changes out of hours so that there is minimal impact on users.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: COHESION complies with ISO 27001 and Cyber Essentials Plus vulnerability management process including identifying, evaluating, treating and reporting on security vulnerabilities. Regular risk analysis, threat modelling and vulnerability scanning to identify security weaknesses and ensure mitigation in place to protect from breaches. COHESION keeps an awareness of potential threats from trusted and reliable key sources through email notification alerts. COHESION regularly performs patches to its services based on the recommendations of software manufacturers. COHESION runs frequent training sessions on emerging internet security threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: COHESION maintains an ISO 27001 and Cyber Essentials Plus certification with compliant protective monitoring process, available on request. This includes deployment of a number of proactive measures to continually monitor and review in order to reduce the risk of compromises including scanning, firewalls and anti-virus software as well as Azure Insights, Azure Analytics, Performance Reports, Support Tickets, Customer Feedback. Where issues are detected, corrective action procedures is followed in accordance with the Time To Response (TTR) defined within the COHESION Service Level Agreement (SLA).
• Incident management type: Supplier-defined controls
• Incident management approach: COHESION maintains ISO 27001 and ISO 9001 compliant Security Incident Management process which outlines staff roles and responsibilities in reporting an information security event. Staff and users can raise a support request via the support desk where Incidents would be recorded and categorised using our ISO compliant incident reporting form outlining action taken, escalation steps and notifications required, and any recommendation for improvements. All staff are trained in incident reporting procedures.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: Scottish Care Information (SCI)

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  COHESION is an accredited Living Wage Employer with Living Wage Scotland and Living Wage Glasgow. No employees are paid below the Real Living Wage including Student Interns and work experience. We set our own internal Wellness Wage which is above the real Living Wage. There is physical visibility and awareness of COHESION as a Living Wage Employer to visitors to our office with stickers on the entrance door and poster on wall as Supporter of Living Wage
• Equal opportunity:

  Equal opportunity

  COHESION is an equal opportunity employer and is committed to a policy of treating all its employees and job applicants equally. COHESION will avoid unlawful discrimination in all aspects of employment including recruitment and selection, promotion, transfer, opportunities for training, pay and benefits, other terms of employment, discipline, selection for redundancy and dismissal. COHESION is committed to providing a working environment in which all employees are treated with respect and dignity and that is free of harassment and bullying based upon age, disability, gender reassignment, race (including colour, nationality and ethnic or national origins), religion or belief, sex and/or sexual orientation. In this policy, these are known as the ‘protected characteristics’. COHESION's Policy aims to ensure fair and non-discriminatory practices within COHESION and to encourage full contribution from its diverse community. COHESION is committed to actively opposing all forms of discrimination.
• Wellbeing:

  Wellbeing

  COHESION incorporated a number of initiatives for employees to promote wellbeing. Some of examples of these were: Lifestyle Monthly flexibility to attend routine appointments or general lifestyle activities. Wellness Wednesday - Weekly wellness activity promotes motivation, team building and a short period away from computer screens. Some examples: spaghetti tower building, pizza dough making, Doorstep Mile challenge. Fitness Fridays- 1st hour every Friday is allocated to fitness/wellness. Fruit- Free Fruit provided to encourage a healthy snacking. Flexible Working - Flexible hours, working from home accommodates parents and employees with long-term health conditions, reducing stress Daily Scrum Meeting - Allows for daily check-in and monitoring and managing of work tasks.

Pricing

• Price: £1.00 to £100.00 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: An evaluation version is available for up to 30 days with two user accounts and test records available. An extended evaluation period can be arranged on request.
• Link to free trial: Enquiries@cohesionmedical.com

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at euan.cameron@cohesionmedical.com. Tell them what format you need. It will help if you say what assistive technology you use.