Helicon Health Ltd.

Teladoc Health Cloud Video Consultation Solution (Telemedicine, Telehealth)

The Teladoc Health platform transforms how people access and experience healthcare. The recognised world leader in virtual care technology, we provide cloud software, purpose-built hardware, and services to enable the virtualisation of services across acute, outpatients, mental health and primary care. Use cases include Stroke, Critical Care, and Elderly Care.

Features

• Telemedicine consulting within a hospital e.g. A&E to major specialties
• Telemedicine consulting between hospitals for sharing expertise and MDT working
• Telemedicine consulting between hospitals and community primary care services
• Virtualisation of services/pathways across acute, primary/community, mental health, care homes
• Connectivity to medical devices including dermacams, otoscopes, stethoscopes, blood pressure
• Telemedicine consulting and monitoring for care home residents and home-care
• FHIR, HL7, DICOM, API, Okta, ADFS, and enterprise integration
• HiTrust certification of software security, with VPNs and 256AES encryption
• Dynamic bandwidth management to ensure optimal clinical and patient experience
• Fully cloud-hosted using Teladoc Health multi-host network ensuring 100% availability

Benefits

• Enable closer working within hospitals (e.g. between A&E and specialties)
• Enable access to specialists by out-of-hospital services (Primary, Community Care)
• Virtualisation of consultation across adult, paediatric, critical, outpatient, primary care
• Decrease service delivery costs, reduce travel, optimise workforce and estates
• Reduce COVID-19 infection risk for patients and clinical teams
• Improve clinical workforce wellbeing and work-life balance by enabling remote-working
• Implement a strategic platform for the incremental expansion of telehealth/telemedicine
• Disseminate and drive adherence to best practice
• Uninhibited information flow across organisations using standards-based integration (FHIR, HL7)
• Fast deployment, 100% network availability due to robust cloud network

£370.32 a user a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@heliconhealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

714847543639094

Contact

Tony Bowden
+44 (0)7850 905538
info@heliconhealth.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Our telemedicine platform can be used either as a standalone service or as part of a wider healthcare enterprise by enabling uninhibited information flow across the organisation. We support this through standards-based, bi-directional integration (FHIR, HL7, DICOM) with EPRs, PACS, LHCRE and other healthcare systems.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Our system is architected for zero downtime for normal operations and functions, including maintenance activities. In the event of a network unscheduled downtime, customers and Teladoc Health field personnel are notified immediately via a text message system.
• System requirements:
  • OS: Windows 7 and 10
  • MacOS 10.14+
  • Android 9.0+
  • IOS 12.1+
  • Browser: Chrome 68+, Safari 12.1 for Native Safari
  • Safari 11+ for iOS app, and Firefox 61+
  • Connectivity: As low as 300 kbps
  • Web Camera / Mic: Any

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide a 24/7/365 Technical Assistance Centre to troubleshoot all support tickets remotely. We provide four levels of support tickets: - Level 1 (Critical) have an initial response time of 30-60 minutes - Level 2 tickets (High) have an initial response time of 60-90 minutes - Level 3 tickets (Medium) have an initial response time of 4 hours - Level 4 tickets (low) have an initial response time of 1 business day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat is available in our software for registered users. Access and accessibility will be determined by the browser of choice. Our web chat is exclusively plain text-based, and excludes audio, video, graphics elements, captions, and colours.
• Web chat accessibility testing: We are working towards several accessibility standards in our redesign of our UI/UX. At this time our software standards meet minimum requirements. We are working towards standards such as 508 Compliance, W3C WCAG 2.0, W3C WAI-ARIA, and IEC Medical Device Standards.
• Onsite support: Onsite support
• Support levels: We maintain our Technical Assistance Center (TAC). TAC acts as a Tier 1 Support Level to support all InTouch solutions. TAC is staffed 24/7/365 with low wait times and we continue to increase staffing to meet the demands of our call times. Each call is addressed within 30 minutes in accordance with the ticket severity level. Other support options include: 1) Provider Support - we offer live chat functions for immediate assistance when a provider is logged in 2) Patient Support - when customers deploy solutions that require patients to leverage their personal devices to access virtual consultations, we offer first line support to address technical issues or concerns that might arise during patient intake or video consultations. 3) Hardware Support - we proactively monitor by live network operations personnel to ensure maximum availability. We actively monitor all InTouch provided devices to ensure they are ready for use, and if something goes offline, we will proactively reach out to get it turned back online.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We deliver a full managed implementation service from programme/project management, solution design, change management, embedding and training.; ; During the implementation stage, we provide training for specific user groups that will be using our software (i.e. admin, provider, etc.) either directly or through a train the trainer approach. Full online training and user documentation is available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Teladoc Health will follow customer guidelines with respect to handling customers’ data upon end of contract.
• End-of-contract process: At the end of a contract: if to be ceased, the only potential cost is the removal of any supplied telemedicine devices, the cost of which will be determined by its nature and scale. An exit plan is developed with the customer during the contracting stage.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Depending upon mobile device, operating system, and whether users download our app or are conducting in-browser sessions, there may be variations in the features available. For example, when using a mobile app with a cell phone form factor, the navigation features may differ compared to the desktop app.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Remote providers (users) can connect to patients via a desktop, laptop, tablet, or mobile device via a browser or app.. Patients can connect to remote providers using a temporary link for a virtual appointment using a desktop, laptop, tablet, or mobile device via a browser or app. In addition, if the patient is located in a facility, a purpose-built telemedicine device can be used for the remote provider to connect to the patient.
• Accessibility standards: None or don’t know
• Description of accessibility: Our updated design system includes numerous details to address accessibility including: ; 1. high contrast and larger copy (WCAG), ; 2. support screen readers and accessibility with tab focus states, alt-tags, etc. (WAI-ARIA), ; 3. language standards to meet 8th grade reading levels; 4. automatically audited code for accessibility (WCAG and WAIT-ARIA); 5. responsive and scalable components (titles, buttons, forms that can be resized for low visibility users or to scale up buttons for users with mechanical difficulties, all without breaking the experiences)
• Accessibility testing: We are working towards several accessibility standards in our redesign of our UI/UX. At this time our software standards meet minimum requirements. We are working towards standards such as 508 Compliance, W3C WCAG 2.0, W3C WAI-ARIA, and IEC Medical Device Standards.
• API: Yes
• What users can and can't do using the API: Our API capabilities allows us to support all major functions of our telehealth platform for the purposes of integration, including sending or receiving patient information, telehealth appointment information, visit notes, appointment slots, patient documents, and context aware linking. Our Solution Design team works with each customer to scope requirements and develop recommendations for integrations.
• API documentation: Yes
• API documentation formats:
  • ODF
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Yes, our platform is configurable with the use of a variety of feature toggles that can be enabled based on the use case and workflow. Many clinical use cases can be supported through the customisation of clinical notes, patient intake forms, and patient and provider notifications can be enabled for each clinical use case. A variety of practices can also be established, localised, and translated to support customer specific language and white labelling.; ; We offer a range of configuration tools that will enable construction of virtual interactions to support your clinical and business requirements. In general, the supplier will co-define the scope and then develop and deliver the configured system. The supplier will also train local leads to undertake configuration independently (for which supplier guidance and checks can be provided, if sought) for practice administration including setting up virtual waiting rooms and care locations, adding/removing users, and downloading data.

Scaling

• Independence of resources: Our global infrastructure is designed around a mesh network concept, which provides built-in redundancy and failover from multiple data centres around the world. If a data centre reaches capacity or goes offline, all communications are routed through the closest neighbouring data centre

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics provided include unique patient, visit, and call identifiers, patient name (first, middle, last), date of birth, gender, session wait start/end time, call start/end time, information regarding the waiting room in which the patient is waiting before the session begins, visit date, status, reasons for visit, provider(s) that conducted the visit. Further, if payments are collected through our platform, we can also provide visit fee amount, transaction ID, status, payment amount, and date.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Teladoc Health

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: We encrypt data in transit and at rest using AES 256 encryption. We restrict access to buildings or areas where data is stored, transmitted, or processed based on role and only to authorized personnel.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Depending on the requirement, Teladoc Health offers a variety of options for accessing data collected during and stored in our system. Data can be accessed to customers in a variety of ways, including through an Analytics portal, monthly performance reports, through a data sharing service, and/or through a direct data download in XML or CSV formats.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: We follow TLS protocols to protect the transfer of data. AES-256 is used to encrypt data in-transit and at-rest to protect classified or sensitive information and data. Where appropriate, Teladoc Health also utilises VPN connections for specific products.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: We follow TLS protocols to protect the transfer of data. AES-256 is used to encrypt data in-transit and at-rest to protect classified or sensitive information and data. Where appropriate, Teladoc Health also utilises VPN connections for specific products.

Availability and resilience

• Guaranteed availability: To ensure the highest availability, our platform was architected and designed with dynamic bandwidth management. Our platform allows our network to enable telehealth consultations in low bandwidth instances to optimise sessions when limited bandwidth is available, such as when the provider is using a mobile device on a cellular network. Our network is 100% available with an average monthly uptime of 99.95%. To ensure the highest availability, Teladoc Health proactively monitors our network connectivity through our Technical Assistance Centre (TAC). If any device is not reporting connection, the TAC team will remotely resolve the issue before it is used for virtual consult.
• Approach to resilience: The redundancy built into the Teladoc Health network assures that a connection can be made anytime, anywhere. As a Managed Service Provider, Teladoc Health maintains and operates a global server network, designed around a mesh network concept, which provides built in redundancy and failover. If a data centre reaches capacity or goes offline, all communications are routed through the closest neighbouring data centre. Data centres are geographically dispersed in multi-availability zones.
• Outage reporting: Teladoc Health Services average uptime commitment exceeds 99% per calendar month. Over the past 3 months, we have averaged 99.9% system uptime. Planned scheduled downtime is communicated to the impacted group of customers via email with a two-week notice. Because of redundancy in the network, there is no planned unscheduled downtime, but we offer the option for customers to opt into receiving unplanned downtime notifications as well.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: The Teladoc Health authorisation service is based on a Role Based Access Controls model. For administrative users using management interfaces, and access to specific information or capabilities is limited by role.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ASCB Accreditation Services Worldwide
• ISO/IEC 27001 accreditation date: 02/07/2020
• What the ISO/IEC 27001 doesn’t cover: We are certified for "THE DELIVERY OF TECHNOLOGY-ENABLED CONSULTANCY SOLUTIONS AND ASSOCIATED HEALTH & CARE SERVICES"
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 13485:2016 Certificate
  • EU Medical Device Directive 93/42/EEC
  • ISO 13485:2016 MSAP Certificate for Canada effective
  • Basic EMC standard. CB Scheme certificates EMC standard testing.
  • HITRUST version 9.2, aligns with NIST, ISO, and other frameworks.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: HITRUST version 9.2 compliance. Our solutions also support country-specific standards, such as GDPR, HIPAA, PIPEDA, and others.
• Information security policies and processes: Information security policies and procedures are outlined in our Security Programme procedures. These contain company sensitive information which cannot be shared in its entirety. Data security standards are managed and audited under the existing HITRUST CSF certification program (to be demonstrably certified, also, under ISO 27001 imminently), throughout the development and engineering lifecycles. Policy, procedure, enforcement and audit ensure the integrity of the data security programme and associated technical and administrative safeguards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Teladoc Health manufactures its telemedicine system products (including hardware and software) under an ISO 13485:2016, ISO 9001, and 21 CFR Part 820 compliant Quality Management System (QMS). Products are tested to and comply with medical electrical equipment standards for basic safety and essential performance, electromagnetic compatibility (EMC) and/or information and communications technology (ICT) safety and EMC standards, depending upon the environment within which the products are intended to be used.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We conduct vulnerability scanning and penetration testing after each significant change. Vulnerability scanning and penetration testing are conducted annually and as necessary
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The Teladoc Health Technical Assistance Centre (TAC) proactively monitors our network connectivity. In the event that any device is not reporting connection, the TAC team will remotely resolve the issue before it is used for virtual consult.
• Incident management type: Supplier-defined controls
• Incident management approach: Teladoc Health maintains policies and procedures for responding, investigating, mitigating, and reporting the outcomes of all alleged security incidents will be documented.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Helicon Health is committed to sustainability and is certified to the ISO 14001:2015 standard. Helicon Health is fighting climate change by doing the following:; Our ISO 14001:2015 environmental management system enables us to enhance our environmental performance and helps us to manage our environmental responsibilities in a systematic manner that contributes to the environmental pillar of sustainability.; Our ISO 14001:2015 environmental management system sets out objectives and procedures to enable us to provide value for the environment, the organisation itself and interested parties.; Consistent with the organisation's environmental policy, the outcomes of our environmental management system include:; ; 1. enhancement of environmental performance;; ; 2. fulfilment of compliance obligations;; ; 3. achievement of environmental objectives.; ; Helicon Health are committed to achieving Net Zero emissions by 2030 as detailed in our Carbon Reduction Plan and we have adopted the following carbon reduction initiatives:; 1. The use of video conferencing and remote working; 2. The use of more environmentally acceptable vehicles; 3. Recycling and reuse of waste paper; 4. Recycling of Toner cartridges; In the future we hope to implement further measures such as:; 1. Continue remote working practices to reduce emissions from commuting wherever possible; ; 2. Develop plans to encourage more sustainable commuting practices; ; 3. Digital Technologies – we plan to increase the use of virtual reality techniques and technologies for site visits, fieldwork and audits; ; 4. Be aware of and follow the NHS net zero supplier roadmap.

  Covid-19 recovery

  Helicon Health is an SME working in the field of healthcare technologies. As a company, we developed a recovery plan focused on sustainability and adaptability. Our plan includes measures to ensure the safety and well-being of our employees, such as supporting remote working. From a financial perspective, we successfully diversified our revenue streams by expanding our range of products for online consultation in specialist areas such as cardiology and neonatology enabling us to enter new markets. Financially, we optimized our cash flows by actively and successfully seeking out government support programs to bolster our liquidity. Through these measures we believe we have emerged stronger from this crisis and better equipped to continue serving our customers and community effectively.

  Tackling economic inequality

  Helicon Health is an SME committed to fostering economic equality. We have developed a policy aimed at addressing disparities within our organisation and beyond. Internally, we prioritise fair levels of pay. We provide equitable opportunities for career development. We foster a diverse and inclusive workplace culture. Helicon Health (Helicon) pay our bills quickly. Helicon is a signatory to the Prompt Payment Code (“Code”) administered by the Small Business Commissioner on behalf of The Department for Business, Energy & Industrial Strategy. Helicon has adopted the principles of the Code, which are followed by our accounting staff and communicated to, and endorsed by, its other members of staff. Helicon is committed to pay suppliers in accordance with the terms of their contract with them which is usually 30 days from receipt of a valid invoice or from receipt of the goods/services (whichever is the later). Externally, we support local community initiatives, invest in education and skill-building programs, and prioritize sourcing from suppliers that uphold ethical practices. By championing fairness and opportunity, we strive to contribute to a more equitable economic landscape for all.

  Equal opportunity

  Helicon Health has developed a policy aimed at addressing disparities within our organisation and beyond. Internally, we prioritise fair levels of pay. We provide equitable opportunities for career development. We foster a diverse and inclusive workplace culture. Helicon Health is committed to driving out acts of modern-day slavery and human trafficking within its business and that from within its supply chains, including its sub-contractors and partners. The Company acknowledges responsibility to the Modern Slavery Act 2015 and will ensure transparency within the organisation and with suppliers of goods and services to the organisation. These as well as the suppliers of services make up the supply chain within Helicon Health Ltd. As part of the company’s due diligence processes into slavery and human trafficking our supplier approval process will incorporate a review of the controls undertaken by the supplier. Imported goods from sources from outside the UK and EU are potentially more ‘at risk for slavery/human trafficking issues. The level of management control required for these sources will be continually monitored. Our company will not support or deal with any business knowingly involved in slavery or human trafficking.

  Wellbeing

  Helicon Health is dedicated to supporting employee well-being. We prioritize mental and physical health by offering flexible work arrangements and promoting work-life balance. Additionally, we provide resources for professional development and encourage open communication to support the well-being of our team members.

Pricing

• Price: £370.32 a user a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@heliconhealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.