SENTIUM TECHNOLOGIES LTD

Patient Engagement Solution & Services

PES (Patient Engagement Solution) is a complementary mobile messaging strategy. It helps to strengthen already existing healthcare systems with no need for additional software or hardware expense. We support effective communication impacting patient safety, quality and patient satisfaction. We support a wide range of mobile healthcare services.

Features

• Big Data Analytics
• Real time Data Management
• Data Ingestion (on-demand)
• Data Quality (Enrichment & Data Cleansing)
• Real- time Data Validation
• Data Visualization & Reporting
• On-Demand Analytics (Analytics as a Service)
• Automate Care Pathways
• Reduce Administrative Burden and Improve Patient Experience and Outcomes
• Digital Health Service

Benefits

• Business analytics and future forecasting
• Real time data tracking and change management
• Quick report creation based on real time data
• Data-driven enterprise practices even for non-data experts/users
• Data-driven challenges are solved in scalable and future proof solutions
• Agile transformation principles and tools to deliver business needs
• Design and delivery of Digital transformation and Data engineering solutions.
• Machine learning systems that identify patterns and make future predictions.
• Data architectures creation enables performance, compliance and maintainability.
• Data Solutions addressing root cause analyses and regulatory compliance requirements.

£17 to £29 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at henry.smith@sentium-consulting.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

705731030492787

Contact

Henry Smith
+442074594618
henry.smith@sentium-consulting.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: For Patient Engagement and Experience Service Solution, it has to have the integration/connection to EHR/EMR at the backend.
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: Not Applicable
• System requirements: Not Applicable

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our typical SLA has 1 hour response time for "Critical" to resolving the issue/work around in 4 hours on Weekdays from 08:00-17:00 hrs.; ; On Weekends/Holidays we try to respond as quickly as possible.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We use Jira Service Management ticketing tool, which provides integration to Slack as channel, and soon will be adding Microsoft Team to that. Thus, all kind of support requests can get addressed.
• Web chat accessibility testing: We have not done any testing for assistive technology users.
• Onsite support: Yes, at extra cost
• Support levels: Response Time : Weekdays 08:00-17:00 hrs; h - issuetype =Bug AND Priority = Highest; 4h- issuetyoe=Bug AND Priority=High; 8h - All remaining issues; Resolution Time:; 4h - issuetype =Bug AND Priority = Highest; 16h- issuetyoe=Bug AND Priority=High; 24h - All remaining issues
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We do provide onsite traing and supply documentation/videos.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We make available to Customer for a complete and secure (i.e. encrypted and appropriated authenticated) download file of Customer Data in XML format including all schema and transformation definitions and/or delimited text files with documented, detailed schema definitions along with attachments in their native format.
• End-of-contract process: Shantanu to provide

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Admnistrative tasks will challenging to perform on mobile device.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: We use REST architecture which allows API providers to deliver data in multiple formats such as plain text, HTML, XML, YAML, and JSON, which is one of its most loved features.
• Accessibility standards: None or don’t know
• Description of accessibility: Most of the time use of service is for viewing/reading only. But then certain usecases requires users to provide data/input, which is possible.
• Accessibility testing: We have not done anytesting with users of assistive technology.
• API: Yes
• What users can and can't do using the API: We comply with HL7-FHIR, which is a standard ; Fast Healthcare Interoperability Resources (FHIR, pronounced "fire") is a standard describing data formats and elements (known as "resources") and an application programming interface (API) for exchanging electronic health records (EHR). The standard was created by the Health Level Seven International (HL7) health-care standards organization.
• API documentation: Yes
• API documentation formats:
  • HTML
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Typically, pathways and other triage are mapped during deploying the services, which is carried out by our team. Though not much customisation scope is there for end users.

Scaling

• Independence of resources: We do this thru excellent customer care services. To reach this potential we need to focus on getting the basics right: the digital architecture of the health and care system – the building blocks. Open standards, secure identity and interoperability are critical to the safe and successful use of technology, ensuring that systems talk to each other and that the right data gets to the right place at the right time.; ; We have modular systems, where any module can be easily switched on or off to cater to the requirements of user groups or divisions or organisations.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide basic metrics of the usage.
• Reporting types:
  • API access
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can export data in XLSX or CSV formats. Also, the tech support provides this service when needed.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: XLSX
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: We have defined and agreed SLAs as per customer needs and demands. If there are any issues with the service levels then we take it seriously and resolve them ASAP and also refund the subscriptions for the affected users.
• Approach to resilience: Our solution & services are designed with modern Digital technologies, data analytics, and patient-centered design thinking/approach to provide new opportunities to deliver care in more efficient, cost-effective ways – like streamlining administrative processes and overcoming geographic barriers. Digital transformation has really proved the potential to reorganize service delivery and connect disparate elements of the current fragmented health system.; ; However, as with all public infrastructure, governments will need to take a lead orchestrating role in the design of a future-proof digital healthcare architecture. It’s crucial governments step into that orchestrating role now, as hospitals are investing in digitalization, to avoid trapping systems in technological lock-ins and creating data silos that are difficult to unlock. This will be essential to realize the promise of digitalization in the long run.
• Outage reporting: We use "statuspage" a public dashboard as well as email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
• Access restrictions in management interfaces and support channels: We use the following approach to reduce the impact of successful attacks against privileged users:; 1. Ensure privileged users carry out their administrative duties in a ‘clean’ (more trusted) environment.; 2. Ensure privileged users handle their email and web browsing in a separate ‘dirty’ (less trusted) environment.; 3. Consider the ‘dirty’ environment to be sacrificial, and design it in a way that anticipates compromise. When it is compromised, we are able able to find out when and how (and be able to easily recover it into a good state).; 4. Use strong authentication mechanisms, such as 2-factor authentication.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow these practices/policies for successful information security:; ; 1. Information and data classification — A clear classification policy helping to take control of the distribution of their security assets.; 2. IT operations and administration — We ensure this to work together to meet compliance and security requirements. Teams that work together can coordinate risk assessment and identification through all departments to reduce risks.; 3. Security incident response plan — Our security incident strategy provides a guideline, which includes initial threat response, priorities identification, and appropriate fixes.; 4. SaaS and cloud policy — provides the organization with clear cloud and SaaS adoption guidelines, which provides the foundation for a unified cloud ecosystem. ; 5. Acceptable use policies (AUPs) — helps prevent data breaches that occur through misuse of company resources. Transparent AUPs help personnel in line with proper use of company technology resources.; 6. Identity and access management (IAM) regulations — let IT administrators authorize systems and applications to the right individuals and let employees know how to use and create passwords in a secure way. ; 7. Personal and mobile devices — We have a policy for proper security of personal devices that can help prevent exposure to threats via employee-owned assets.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our process of change management helps to increase the success of implementations while reducing risk and minimizing downtime. Standard changes are made with little to no oversight while Emergency changes require careful management and detailed analysis of change requests made. ; ; The distinction between Standard, Normal, and Emergency Change should be observed from a conceptual perspective, beyond differences in the naming convention. It’s therefore important to differentiate three change types through careful assessment of the change requests and incidents leading to a change requirement.; ; These three types of approaches address issues as they occur while maintaining the constant pace of DevOps.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our Process to manage vulnerability are ; 1. Identifying Vulnerabilities; 2. Evaluating Vulnerabilities; 3. Treating Vulnerabilities; 4. Reporting Vulnerabilities .; ; Once a vulnerability has been validated and deemed a risk, the next step is prioritizing how we treat that vulnerability with original stakeholders, including:; ; Remediation: Fully fixing or patching a vulnerability so it can’t be exploited. This is the ideal treatment option that organizations strive for. We usually take 24 hrs to deploy patches.; ; Mitigation: Lessening the likelihood and/or impact of a vulnerability being exploited. ; ; Acceptance: Taking no action to fix or otherwise lessen the likelihood/impact of a vulnerability being exploited.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The protective monitoring and the technologies available to us to achieve it, including SIEM tools, Security auditing, Network analysis, Network logging, Data analysis and AI. We prefer to use SIEM tool. We respond to incidents within an hour.; ; Also, Analysing audit trails can assist in responding to a security incident, or fine-tuning the logging and correlation processes within the SIEM tool. It may also assist in verifying that logging is happening as predicted, and that no log sources have suddenly disappeared. This is essential while preparing any protective monitoring regime is establishing a baseline of normal behavior on the network.
• Incident management type: Supplier-defined controls
• Incident management approach: We do have predefined incident management process with the level of importance and seriousness (L1, L2, L3).; ; We follow a Five Steps of Incident Resolution:; ; 1. Incident Identification, Logging, and Categorization; 2. Incident Notification & Escalation; 3. Investigation and Diagnosis; 4. Resolution and Recovery; 5. Incident Closure.; ; Users report incidents thru a ticketing system. Upon its closure the details are made available to the users thru the same system.; ; Once the incident is resolved, formal incident closure of the record takes place thru:; ; 1. Communicating and confirming from users that service experience is normalized.; 2. Updating configuration information where required

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Climate change has been a serious consideration for our business since the day we started operating. Although the majority of our staff is working remotely we are still very much conscious of an individual and overall impact. In our current operations, we have successfully implemented the following: ; Use email for internal distribution in place of hard copies; Edit documents on-screen as much as possible to avoid printing multiple drafts; Purchase products from local suppliers to avoid long-distance shipping and packaging and from suppliers committed to environmental issues; Consider products with minimum packaging and purchase in bulk; Changing office light bulbs to LEDs; Created in-house recycling program; Educating employees about global climate change and how our daily habits can make a positive change; Eliminate the use of disposable dishware and eating utensils to cut down on waste.; We are building office space which is easily accessible via public transport and or walkable distance in order to reduce carbon print. ; However, we recognize that our organization can do more, and we are continuously looking for additional goals.

Pricing

• Price: £17 to £29 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at henry.smith@sentium-consulting.com. Tell them what format you need. It will help if you say what assistive technology you use.