Dr Julian Medical Group

Dr Julian Healthcare Platform

Dr-Julian provides technology that improves access to human therapy.

Our platform combines case management, electronic health record and telemedicine functionality to make online and live consultations simpler for provider, carer and patient. The system is modular, flexible and integrates seamlessly with existing digital systems.

Features

• Scheduling/Booking
• Electronic assessments (form builder/utilising existing standardised questionnaires)
• Customisable resource library with self help/digital therapy homework tools
• Patient access to notes and letters
• Communications centre and customisable email and SMS notifications
• Finance and supervision modules
• Case management
• Teleconferencing system
• Extensive reporting functionality and interoperable/integrations with other services
• EHR and white-labelled and branding

Benefits

• Increase engagement
• Improve recovery rates
• Reduce 'did not attend' rate
• Reduce clinical admin time by 30% +
• Improve efficiencies in administration of running a service
• White-labelled and branding aligns to service provider so demonstrates coherence
• Patient choice - delivery and communication methods
• End to end service improves efficiency

£0.52 to £1.24 a unit an hour

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  ODT

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at julian@dr-julian.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

728974002321255

Contact

Julian Nesbitt
07824903433
julian@dr-julian.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We respond within 24 hours Monday to Friday between the hours of 0800 - 1800
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is customisable to meet specific requirements, however our standard plan is as follows: ; 1. Support Desk Configuration ; 2. Client Support Desk Training ; 3. Ongoing Support Request Analysis ; 4. Client Feedback / Training where required ; ; Service ticket management ; The Dr-Julian support helpdesk is available 24 hours a day, 7 days per week for customers to raise support requests. Human responses are available during Business Hours. ; ; Incident and requests tickets are logged and assigned to the relevant SLA fault classification. Dr-Julian's technical support team will request additional information to aid their investigations. ; ; Dr-Julian aims to confirm that an incident is fixed within 3 Business Days, upon which the ticket will be closed. If no response is received on a ticket after 3 attempts, the ticket will auto-close after a period of two weeks. ; ; Support costs are as per the published rate card/subject to requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We have an online Digital Adoption Platform which will provide online documentation as well as onboarding training.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We will provide the users their data in the format that is agreed at the point of them giving us the required notice of termination. Provided this is 3 months in advance.
• End-of-contract process: At the end of the contract, we will include secure destruction of users data (and any back-ups) at no extra cost.; The contract will determine what is chargeable as an extra cost, if anything.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Users can refer patients into the platform via API from services like PCMIS and IAPTUS.; The platform will also update back to the referring system.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Super admin users can set the branding and colours used. Reports can be enabled/disabled.; The Form builder allows the user to create unlimited custom pages and publish/disable them as required.

Scaling

• Independence of resources: We use AWS servers set to 'Auto-Scaling' and also employ load balancers so that there is never any resource conflict.

Analytics

• Service usage metrics: Yes
• Metrics types: Capacity, Throughput and Recovery metrics are available on a MTD, Monthly and Annual/Annual to date basis.; ; We have 40+ metrics available, all derived from our real-world experience of actually using our platform.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Export via CSV, Excel and PDF as standard.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: Most common formats accepted

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We expect to provide 99% uptime as standard. Our cloud servers are automatically scaling so there is very little chance of downtime.
• Approach to resilience: Available on request
• Outage reporting: We have a dashboard visible to clients.; In addition, in the event of a serious outage, we would email clients directly.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access is via an individual username and password. ; Passwords are required to meet the published password policy/platform security requirements.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 09/10/2023
• What the ISO/IEC 27001 doesn’t cover: All services are covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • NHS Data Security and Protection Toolkit
  • DTAC

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Being certified to ISO 27001 means that we have a formal infosec management system, Infosec policies, processes and procedures are documented and reviewed on a scheduled basis. All policies, processes and procedures are 'owned' and 'approved'. ; Defined policies and procedures are provided to new starts as part of the induction process with 'read and sign' practices in place, where applicable. ; Adherence to published policies, processes and procedures is tested through scheduled internal audits and various random spot checks. Engagement and comms practices also ensure staff remain aware of published documentation and how their associated responsibilities to ensure adherence. ; Policies, procedures and processes include (but are not limited to): Acceptable Use of Assets/Access Control/Backup/Bring Your Own Device (BYOD)/Business Continuity/Change Control/Clear Desk and Clear Screen/Cryptographic Controls/DPIA Procedure/Data Quality/Data Security/Information Classification Labelling and Handling/Information Governance/Information Security/Maintaining a Vulnerability Management Program/Mobile Devices/Password/Protection from Malware/Protection of Personal Information/Security Incident Management/Suppliers/Use of Software.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our formal Change Control Process and Procedure defined the key steps for managing change to ensure that risks to information security are identified and minimised. ; These include:; - A defined change request (scope/justification/authorisation/change window); - Analysis of change (risk assessment/impact/control measures); - Change approval; - Testing (results reviewed and accepted or adjustments made); - Formal communications (relative to the change); - Document updates (where required); - Change implemented
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Maintaining a Vulnerability Management Program Policy details protection practices.; AWS CloudWatch and GuardDuty are deployed as a threat detection control on the Dr Julian AWS servers. ; AWS CloudTrail is used to capture event history on AWS servers. ; All system components/software are protected from known vulnerabilities by installing applicable security patches. Critical security patches are installed, as soon as reasonably practicable, following release. ; The NHS Digital Cyber alerts site is monitored to ensure that known vulnerabilities that could impact the delivery of services are identified, recorded and remediation action taken. Applicable vulnerabilities are recorded.; Penetration testing/vulnerability testing is completed using OWASP.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: AWS CloudWatch and GuardDuty are deployed as a threat detection control on the Dr Julian AWS servers. ; AWS CloudTrail is used to capture event history on AWS servers. ; The NHS Digital Cyber alerts site is monitored to ensure that known vulnerabilities that could impact the delivery of services are identified, recorded and remediation action taken. ; Vulnerability Scans via OWASP ZAP.; Web Application Firewall - AWS Security groups. Security groups act as a firewall for associated instances, controlling both inbound and outbound traffic at the instance level.; Incidents are responded too promptly, as identified.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: A formal Security Incident Management Procedure details practices including:; - What a security incident is; - How to report an incident (to Head of IT) and what to report (date/time/nature of incident/who was involved and affected); DPO/other staff would be involved in investigating and resolving incidents, where applicable. ; All incidents are recorded on the Security Incident Log (as per ISO 27001; requirements) and a full incident report completed where deemed applicable.; The ICO/clients/data subjects would be advised, if required.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The Platform is committed to reducing the environmental impact of operations, for example, in the areas of energy use and travel. There is a responsibility to help protect the environment, wherever we have an opportunity to do so.; We publish a formal Environmental Policy which is available to staff and clients upon request, and, as a fully distributed organisation, we’ve already lowered our environmental impact. ; Promoting the use of technology to deliver services to patients via the Platform reduces the need for travel, optimises power use thus supporting climate change.

  Covid-19 recovery

  The Platform supports an ongoing commitment to support all patients affected by Covid 19 into therapeutic recovery. Specifically, demonstrating effective outcomes in the following areas: ; Supporting patients to find, remain or return to work in the event of redundancy, unemployment and/ or long-term sickness, as a direct effect of Covid 19. ; Reducing symptoms of Social Anxiety, Agoraphobia, and panic, associated with prolonged periods of social isolation/staying at home, as a direct result of Covid-19. ; Recovering from traumatic events (PTSD) associated with Covid -19, including symptoms of bereavement/loss. ; Recovery from symptoms of OCD and Health Anxiety, associated with fears of illness/contamination, as a direct result of Covid 19. ; Recovery from symptoms of depression associated with isolation, reduced activity/socialisation, and bereavement and loss, as a direct result of Covid 19. ; Treatment of Long Covid mental health symptomology, provided by Dr Julian Therapists who have additional Long Term Conditions training. ; Method Statement ; The Platform provides therapeutic intervention for patients whose clinical presentation is either directly, or indirectly affected by the Covid -19 pandemic.

  Tackling economic inequality

  In in such a high growth sector, the delivery of therapeutic services to a greater number of patients provides an array of opportunities. Such opportunities include the creation of new employment opportunities and resulting growth in regard to employment (FTE) in a variety of roles. For example but not limited to, IT development, IT support, administration (back end), delivery of therapeutic services and direct client and patient support services - employment growth directly facilitates the skills, competencies and capabilities development of new employees. ; Additionally, business growth provides the opportunity to identify skills, competencies and capabilities gaps and training requirements across all levels of competency and role to allow further development of the skills, competencies and capabilities of existing staff, allowing in-work progression and career development within the company. ; Growth also allows us to explore the possibility of expanding and diversifying the availability of service offerings to our clients to meet market demands.

  Equal opportunity

  The delivery of services provided via the Dr Julian Platform provides all suitable patients with the opportunity to receive services irrespective of age, sex, race and other prejudices/preferences - all patients are treated similarly based upon diagnostic assessment and treatment needs.

  Wellbeing

  The Platform provides a mechanism by which patients services can be delivered in an effective manner supporting therapeutic recovery and overall patient wellbeing.

Pricing

• Price: £0.52 to £1.24 a unit an hour
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  ODT

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at julian@dr-julian.com. Tell them what format you need. It will help if you say what assistive technology you use.