ALBERT HEALTH LIMITED

Albert Disease Management Platform

Albert is an AI driven voice-based health assistant that helps patients to manage their treatment for their chronic diseases. Patients can use voice interface to interact with the application and record their data. We are creating disease specific programs for healthcare players such as hospitals, clinics, insurers and pharmaceuticals.

Features

• Patient Reporting Outcome
• Remote Access
• Pill Reminder
• Voice Assistant for FAQ and data input
• Document Management
• Telehealth (e.g video call, appointment management)
• Library for disease support materials (e.g videos&articles)
• Patient Diary (e.g symptoms, adverse events)
• Metric record and tracking (e.g blood pressure, glucose level, HbA1c)
• Patient Engagement Program (personalized & prescheduled notifications)

Benefits

• Increase medication adherence
• Collect Real World Data
• Prevent unnecessary hospital admission
• Reduce costs for health system
• Show right contents at right time to right patients
• Answer patient's questions 7/24 through voice assistant
• Easy follow-up of patients by HCP's (documents, metrics, pills)
• Increase health literacy

£5,000 to £50,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at serdar.gemici@albert.health. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

659482763803172

Contact

Recai Serdar Gemici
+905311045070
serdar.gemici@albert.health

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: EMR and HIS systems
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No
• System requirements:
  • Linux machine (for on-premise requests)
  • PC running Windows 7 or above, or Mac running OSX
  • A screen resolution of at least 1024x768
  • A modern web browser (Firefox, Safari, Opera, Edge or Chrome)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: First response is supplied through a chatbot. We are working with Intercom for this and a team member is assigned to the case. For weekdays working hours, we usually respond within 5 minutes. Out of work hours and weekends, our maximum response time is 3 hours.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Intercom is complaint with Web Content Accessibility Guidelines (WCAG) 2.0 Level AA.
• Web chat accessibility testing: We are actively using it on our platform. Before that, we have tested the system with internal team.
• Onsite support: No
• Support levels: Tier 0 support: Provided by user guides and explanation of all modules are available.; Tier 1 support: We have easy to reach support module on web and mobile applications and a representative from company will help the user for basic needs.; Tier 2 support: If the problem is not solved by tier 1 representative, we scale up the issue to the IT team and team investigates the problem deeply to find a solution.; Tier 3 support: If the problem continues and couldn't get solved by IT customer support team, its escalated to the CTO and Development team experts and this team can directly contact the user and solve the problem.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We are providing and online demo of our service and complete the first customisation together with the Buyer. We have continuous on-time support during the preparation of service and get it ready for patients. ; ; We also have guideline documentation for web and mobile users to help them engage with the system. ; ; We are also open to give online training upon request.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: Notion Page - URL
• End-of-contract data extraction: We keep data in AWS cloud systems and if the Buyer request to extract their data, we can extract from cloud or delete the data according to GDPR and ISO 27001 Guidelines.
• End-of-contract process: Test

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Users will be using mobile application and administrator services will be used on web application.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: A secure, web-based Graphical User Interface (GUI) provides the ability to configure Albert Disease Management Platform based on the needs of your organisation. This includes a chronical disease management program building, user and patient management, data management, conditions and their treatments as well as standard system configuration.
• Accessibility standards: None or don’t know
• Description of accessibility: Albert Disease Management Platform is available via any internet connection and any standards compliant modern web browser. Accessibility is constantly reviewed and we will make enhancements to this in future releases.
• Accessibility testing: WCAG compliance is part of our product roadmap and updates will be provided as part of the licence cost.
• API: No
• Customisation available: Yes
• Description of customisation: Albert Disease Management Platform can be customised according to the needs of the Buyer. We are currently running more than 10 disease management programs with different partners and all programs are customised for the specific needs of a group of patients. ; As an example, we have customisable symptom tracking module can be used for different diseases. In Multiple Sclerosis, we are using this module as an attack diary and customised for the specific symptoms of MS patient. We are using the same module for Heart Failure patients to track their symptoms related to cardiovascular diseases.

Scaling

• Independence of resources: A load balancer is being used during requests to the backend services. Therefore, server loads are continously monitored by System Admin.; Resource requirements of software is known through resilience testing and many years' experience in production guaranteeing the appropriate memory, CPU and free hard disk space is made available.

Analytics

• Service usage metrics: Yes
• Metrics types: Google Analytics tools are being used to collect usage metrics. Anonymous data can be shared periodically (weekly, monthly).; ; Also, our web application has detailed dashboard of usage metrics. Example dashboard view can be shared upon request.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Export function is available for HCP panel and exporting as .xlsx; Patient side export is not available.; Additional export requests can be discussed and supplied with the consideration of GDPR.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Xlsx
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We are guarantee %99.6 up-time. For a Monthly Uptime Percentage less than 99.0% but equal to or greater than 98.0%, Client will be eligible for a 10% Service Credit.; For a Monthly Uptime Percentage less than 98.0%, Client will be eligible for a 30% Service Credit.; ; High Priority: Within Business Hours:; Intervened within 2 hours and solved within 8 hours following the receipt of technical support ticket.; Outside Business Hours:; Solved within 24 hours following the receipt of technical support ticket.; Medium Priority: Intervened within 24 hours and solved within 48 hours following the receipt of technical support ticket.; Low Priority: Intervened within 36 hours and solved within 1 week following the receipt of technical support ticket.
• Approach to resilience: Our datacentre provider operates IaaS on an N+1 basis for all virtual server hosts. This is cited as an industry best practice standard. All virtual server hosts are specified with dual network ports, power supplies, local HDD (where appropriate) and are actively monitored at a hardware and software level. They will automatically live migrate customer virtual machines across the available virtual server hosts to: balance consumption of CPU and memory resources within the cluster, in the event of a virtual server host failing, guaranteeing resource availability. In the event of a reboot, services are restarted automatically. We have active monitoring that indicates whether a service is available or not allowing us to react proactively where required. Data is backed-up regularly and at intervals and service interactions are logged, permitting the quick resolution of unanticipated problems.
• Outage reporting: In the event of service disruption, clients are contacted via our support desk which automatically sends an email notifying the user of an issue. It's possible to read the content of the support ticket in the email without logging into the support system for convenience and speed.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Role-based restriction applied and these restrictions are set through admin panel controlled by System Admin or supplier's selected admin.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: IQM International
• ISO/IEC 27001 accreditation date: 15/08/2021
• What the ISO/IEC 27001 doesn’t cover: We are covering all 14 main pillars of ISO 27001 and planning to add ISO 27701 on our renewal date 15/08/2022
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 27701
• Information security policies and processes: We have seperate policies for the following processes;; -Internet usage policy; -E-mail policy; -Anti-virus policy; -Password Policy; -Hardware Security Policy; -Server Security Policy; -Network Management Policy; -VPN Policy; -Supplier & Third Party Policy; -Acceptable Use Policy; -Clean Desk & Clean Monitor Policy; -Mobile Devices Policy; -Incident Management Policy; -ID Verification Policy; -Authorization Policy; -Database Security Policy; -Change Management Policy; -Safe Software Development Policy; -Personal Data Protection Policy; -Log Management Policy; ; and according to these policies, we are complaint with ISO 27001 and ISO 27701, storing our policies and related document in cloud servers that could be reached by Albert Health team only.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: -All the change requests (software or hardware) are recorded and logged; -Only authorized admin can apply changes to IT systems; -All potentially effected parties are contacted before implementing big or long term changes ; -All systems need to be backed up before implementing change; -Image backups are required before updating critical servers; -All third party software updates should be implemented according to guidance of supplier; -NDA must be signed before making a change related to third parties
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We are conducting penetration tests on a regular basis and solving potential threats according to reports by third party supplier. This is also required by ISO 27001.; Critical patches are deployed immidiately and important patches could be done within the day. ; We are also always in contact with our cloud partner and get notified about potential threats. Also, we check our logs regularly to define any unusual activity.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitroing approach to security following our ISO27001 model. Within this model, we are using various tools such as penetration tests, internal audit, root cause analysis which all informs a data security improvement plan which is regularly reviewed at Board level.; ; We have created our risk prioritization according to ISO 27001 and take actions according to our plan.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are reported through e-mail, customer support or support phone number/phone call. We are replying to the users using the same channel and we have pre-documented customer support FAQ. Other than that, we have incident management procedure prepared with the requirements of ISO 27001.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  NA
• Covid-19 recovery:

  Covid-19 recovery

  NA
• Tackling economic inequality:

  Tackling economic inequality

  NA
• Equal opportunity:

  Equal opportunity

  NA
• Wellbeing:

  Wellbeing

  NA

Pricing

• Price: £5,000 to £50,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We can provide demo version upon request. Accounts should be created by Albert Health for demo users. Requirement to be discussed for module selection.; System can be tested and used freely for a limited period of time (1 week)
• Link to free trial: https://patient.albert.health/ for users, https://dr.albert.health/ for administration/HCP Panel

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at serdar.gemici@albert.health. Tell them what format you need. It will help if you say what assistive technology you use.