Accenda

Gateway®

Gateway® is a referral support platform, supporting GPs, Dentists and Opticians to refer patients into the right service, first time.

The platform fully integrates with existing primary care systems at the point of referring (including EMIS Web and SystmOne) and also integrates with e-Referral Service.

Features

Integrates with NHS e-Referral Service
Integrates with EMIS Web and TPP SystmOne
Includes Capture® teledermatology mobile app
Web-based Clinical Assessment/Triage platform
Built-in 'request builder' to dramatically simplify the practice process
NHS Digital Assured for IM1, CIS2, PDS, e-RS
GPs, Dental, Eyecare/Optical Referral and Advice Platform
Supports Enhanced Access clinicians to refer directly
Integrates with Access Mosaic and LiquidLogic for Social Care Referrals
Built-in Clinical Decision Support to alert referrer of pathway requirements

Benefits

Direct GP clinical system integration streamlines end-to-end referral process
Dynamic Clinical Template removes the need for traditional Word-Document referrals
NHS e-Referral Service (e-RS) integration
Triage supports signposting patients to appropriate service - first time
Clinical Decision Support to adhere to EBI/VBC/PLCV policy
Includes Capture® mobile tele-dermatology app
All pathways included (we don't charge per Specialty)
Dental and Optician access included
Enhanced Access can create their own referrals

£0.25 a person a year

Free trial available

Service documents

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@accenda.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

Contact

Accenda Frameworks Teams
Telephone: 0161 274 9730
Email: frameworks@accenda.co.uk

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: Planned maintenance/updates take place out-of-hours to ensure the platform continues to include the latest features and patches.
System requirements: Web-browser

User support

Email or online ticketing support: Email or online ticketing
Support response times: Support is provided to mirror most standard GP core hours, from 8am to 6pm Monday to Friday.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Onsite support
Support levels: Support is provided from 8am to 6pm Monday to Friday, excluding bank holidays.

A service delivery manager is assigned to help address specific requirements.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: The solution is incredibly easy for practice staff to pick-up. We have produced online training tutorials which are a fantastic resource.

We also have a friendly team of trainers which can travel to site to help support practices and commissioners.

All staff are IG trained to help support with day-to-day questions too.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: Self-service data extracts are available for 90-days following the end of the contract. We are always more than happy to help users with this process.
End-of-contract process: Our dedicated service delivery team are always on hand to agree a smooth transition following the end of the contract. We work with you, every step of the way.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Chrome
Application to install: Yes
Compatible operating systems: Android

IOS

Windows
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Patients can use a mobile web app to interact and track their referral. GPs/Healthcare professionals can use the Capture™ tele-dermatology app (iOS/Android) to take high-quality photos.
Service interface: No
User support accessibility: WCAG 2.1 AA or EN 301 549
API: Yes
What users can and can't do using the API: API is available in-line with our commitment to open interoperability to advance digital health integration.
API documentation: Yes
API documentation formats: Open API (also known as Swagger)
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: The solution has been designed with customisation at its core. Configuration is all achieved within the browser, without the need for supplier interaction - however, we're always happy to help.

Scaling

Independence of resources: The system has been designed with scalability as one of the core features.

Analytics

Service usage metrics: Yes
Metrics types: Self-service dashboard is available 24/7 to enable users to track their usage.
Reporting types: Real-time dashboards

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest: Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: There is a comprehensive dashboard providing self-service insights, from graphs and charts to raw tabular data, available in CSV or Excel format.
Data export formats: CSV
Data import formats: CSV

Other
Other data import formats: JSON/XML using FHIR API

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: 99.9% with Service Credits
Approach to resilience: Fully n+1 resilience at each level.
Outage reporting: A public dashboard shows system operating status

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Limited access network (for example PSN)

Username or password

Other
Other user authentication: NHS CIS2 (smartcards)
Access restrictions in management interfaces and support channels: Based on best-practice advice from Data Security and Protection Toolkit and NCSC
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: Alcumus
ISO/IEC 27001 accreditation date: 09/03/2022
What the ISO/IEC 27001 doesn’t cover: None
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: NHS Data Security and Protection Toolkit

DCB0129 and DCB0160

NCSC CHECK Pen Tested

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: NHS Data Security and Protection Toolkit
Cyber Essentials PLUS
ISO27001

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: We follow ITIL-based change management processes which are managed by our service delivery team.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: We follow best-practice processes from Cyber Essentials PLUS.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: Real-time system monitoring is in-place and follows Cyber Essentials PLUS.
Incident management type: Supplier-defined controls
Incident management approach: We follow NHS Data Security and Protection Toolkit best-practice for incident management.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: Yes
Connected networks: Health and Social Care Network (HSCN)

Pricing

Price: £0.25 a person a year
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: We are happy to discuss a trial/pilot with any Practice, PCN or ICB.

Service documents

Request an accessible format

Cookies on Digital Marketplace

Gateway®

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents