Woodward Associates

LiveAudit

LiveAudit is an end-to-end audit solution that allows NHS and private hospitals to manage in-house audit programmes. The service delivers a clinically driven and scalable methodology for the audit of clinically coded data with the aim of improving coding quality and obtaining appropriate PbR reimbursement.

Features

• Targeted coding audit
• Comprehensive SUS validation
• Pre and Post Audit Reporting
• Clinician review
• Offline Audit Support Tool Included

Benefits

• Improves Coding Accuracy
• Improves PbR Income
• Real-Time Understanding of Audit Impact
• Streamlined Audit Process

£1,500 to £8,000 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.light@woodwardassoc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

658513128118739

Contact

Mark Light
01753 867220
mark.light@woodwardassoc.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: SimpleCode, ClearView
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements: Azure Site-to-Site VPN compliant router desirable but not a requirement

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We respond within 24 hours during normal working hours (0900-1700 Monday to Friday excluding public holidays)
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Please see Appendix A of the SLA
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We can provide onsite training, online training, and provide interface and managers documentation
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: No data is retained by this service
• End-of-contract process: Access to the service is removed, nothing else is necessary due to the lack of data retention.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: No
• Customisation available: No

Scaling

• Independence of resources: Response metrics and system health statistics are monitored - additional resources can be committed when required.

Analytics

• Service usage metrics: Yes
• Metrics types: Individual Response Time, Average Response Time, Failed Requests Counts, Average Failed Requests
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Only derived results are returned by the service
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • HL7
• Data import formats:
  • CSV
  • Other
• Other data import formats: HL7

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Please see SLA
• Approach to resilience: Scalability, backup, disaster recovery and resilience plan is in place and available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Client managed access control with superuser status granted to specific personnel.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: NHS Data Security and Protection Toolkit
• Information security policies and processes: Process and Security policies are maintained of the Company's intranet.; Company personnel and reporting structure is also documented and maintained on the Company's intranet with specific emphasis on the security reporting pathway.; Personnel are made aware of these policies and are required to read and acknowledge them.; Regular (annual) retraining is run on specific components of these policies that relate to the handling, retention and protection of client or other sensitive data.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Components are tracked through industry standard (Microsoft) source code control mechanisms, test suites and release management systems (e.g. Azure).; A Security Impact Analysis (SIA) is conducted by our Security Manager prior to major releases where access control mechanisms require changes.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We monitor recommendations from Azure Security Advisor, and respond to threats by updating system and infrastructure accordingly. Reviews are carried out on a systematic basis, and identified changes will be actioned in accordance with the SLA.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Audit access logs (including W3C service logging, and our own authorised access logs) includes the following capabilities for monotoring and responding to incidents:; Accurate Time Stamps; Recording on Session Activity by User and Workstation; Report on Backup, Test and Recovery operations; Alerting Critical Events; Audit System Status monitoring; Production of Sanitised and Statistical Management Reports; ; The Service Desk has real time access to logs and alerts; ; Incident responses are covered in the SLA
• Incident management type: Supplier-defined controls
• Incident management approach: We comply with the ISO-27001 information security standard, covering the scope of the service delivered.; The Statement of Applicability for our ISO controls is available under NDA.; Configuration, change management, incident response and protective monitoring are all demonstrated in our compliance with the ISO-27001 information security standard.; In addition to our ISO-27001 compliance, and our use of independent 3rd party penetration tests, we operate an assumed breach model and use active red-team penetration testing and vulnerability management as part of our Operational Security Assurance (OSA).

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  The LiveAudit system provides a multi-disciplinary patient audit environment, helping to ensure that clinical coding is comprehensively recorded. Accurate recording of this information is vital for the management of patients, both during COVID-19 recovery and any long-term effects.

Pricing

• Price: £1,500 to £8,000 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.light@woodwardassoc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.