CENIGMA

Healthier Together

Healthier Together helps to educate and empower patients to make an informed choice about where and when to access healthcare services.

The service is evidenced to reduce unnecessary A&E attendances and GP appointments of patients and raises awareness of red flags to avoid delayed care.

Features

• Medical advice and guidance on common illnesses
• Advice for newborns to children to pregnant women to adults
• Advice on when and how to contact urgent care services
• Advice on when and how to contact GP Practice
• Online Consultation with GP Practice
• Self-care advice to provide care at home
• Local nearest pharmacy that is open and accessible
• Locate nearest hospital A&E department
• Support for a range of mental health conditions
• Support for managing pregnancy and accessing care

Benefits

• Patient empowerment and education to seek urgent help when necessary
• Access self-care advice and self-help resources when appropriate
• Reduced unnecessary presentations at A&E
• Reduced costs of care leading to system wide efficiency savings
• COVID-19 response and dealing with winter pressures
• Reduced unnecessary appointments by the ‘worried well’
• Manage on-day demand prioritising cases based on health need
• Promote greater self-care, pharmacy help and social prescribing
• Reduced unnecessary calls to NHS 111 call centre
• Promoting the use of digital channels including NHS 111 online

£0.04 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@cenigma.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

733854733639405

Contact

Ahmad Chughtai
07572602121
sales@cenigma.net

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The app is available on iOS and Android mobile devices.
• System requirements: Mobile device running iOS or Android operating system

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We work on three severity levels as follows:; ; - P1 (total/severe loss of functionality) - 24/7 - 8hr target resolution; - P2 (partial loss of functionality) - 24/7 - 16hr target resolution; - P3 (minor issues that do not have a material impact on the customers ability to function) - Mon-Fri (8:00 - 18:30), Sat (9:00 - 13:00), target resolution subject to severity and also P1 and P2 issues presently being handled; ; Our average response time is less than one hour and average resolution time (with the exception of enhancement requests) is under 4 hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We have not carried out any direct testing ourselves. This is managed by our partner organisation.
• Onsite support: Yes, at extra cost
• Support levels: - Operations Support: An inbound and outbound office based team available as front line support for practices.; - Account Management Team: Field based team that support CCGs/STPs/ICSs/GP Practices who have commissioned the service.; - Transformation Team: Field based team that work with selected practices to create exemplar sites; - Technical Team: Specialist second line support team to support with specifics on integration, APIs, web site configurations; - Commercial Director: Available for any required escalations.; - ICE (incase of emergency) Line: Managed 24/7; ; All services noted above are provided within the licence fee.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We follow the following process to onboard each new practice,; ; 1. Webinars to allow practices to learn more about the service and ask any questions; 2. Completion of the online registration form by the practice advising their preferences against each configuration option; 3. 1:1 meeting to test end-to-end patient journey and practice workflow; 4. Go-Live; 5. Ongoing maintenance and support
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Upon contract end, customers can place a request with our operations team for all data held pertaining to the account/practice. This request is actioned within 24 hours (Mon-Fri, 8am-6:30pm).; ; We do not retain any patient data in our platform once it has been fully processed. The only data retained are activity logs and aggregated data in terms of patient utilisation and analytics.
• End-of-contract process: The pricing model is all-inclusive. There are no further applicable fees during the contract term, nor post-contract end.; ; The notice period required is 30 days prior to the annual contract renewal date. Should notice not be served the agreement will auto-renew for a further 12 months. The contract may also be terminated at any point during the contract period subject to a 90 day notice.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Healthier Together is a native mobile app and operates on mobile devices only.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Healthier Together is supported by a modern admin interface to manage its feature and contents. This is protected by multi-factor authentication and role-based access control allowing the possibility to assign variable levels of access to service users.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Our accessible design has been evaluated by patients from diverse backgrounds and demonstrated social inclusion for people with disabilities as well as isolated groups including ethnic minorities.; ; We have an in-house Web Accessibility Specialist who works closely with our design team and evaluates all features against the above guidelines before approving the designs for implementation. We avoid the use of any design components that may have a negative impact on patient experience.
• API: No
• Customisation available: Yes
• Description of customisation: Healthier Together app has been engineered to be highly scalable and to allow ease of customisation. It supports all GP practices across England. Configurable options for practices include,; - Opening hours outside of which the app automatically switches to out-of-hours mode and advises parents to contact NHS 111; - Time window for Online Consultation feature to be available; - Age range for the Online Consultation feature; - Custom message to advise parents on what to do when contacting the practice; ; All configurations can be set or modified at any time during the licence period.

Scaling

• Independence of resources: The app is capable of running on mobile devices without an internet connection in offline mode.; ; The Healthier Together back-end server is hosted on a fault-tolerant, load-balanced public-cloud with the ability to scale performance as required. Our server is sized to handle twice the peak-load at any given time. We have continuously achieved 99.9% service uptime and have multiple levels of monitoring in place to detect infrastructure outages (via an automated alert system provided by our infrastructure provider), system-level issues (e.g. high memory usage), and application-level issues (e.g. problems with the delivery of data).

Analytics

• Service usage metrics: Yes
• Metrics types: We provide comprehensive reports on patient utilisation which can be accessed directly in real-time or configured to be shared as per a defined schedule.; ; This includes,; - Total users; - New users; - Sessions; - Screen views; - Engagement rate; - Conditions accessed; - Patient demographics (age bracket, gender); - Ethnic background; - Self-triage funnel (breakdown of dispositions - Red | Amber | Green); - Online Consultations
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: We do not retain any patient data in our platform once it has been fully processed. The only data retained are activity logs and aggregated data in terms of patient utilisation and analytics.; ; Customers are provided with regular analytics data as part of their service agreement. This is provided on a weekly and monthly basis. Ad-hoc data requests can be made via the service desk. We are also able to share this directly with the PCN and/or CCG subject to practice approval.; ; All submitted web-forms are transmitted to the respective practice for processing and management.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • CDA
  • JSON
  • PDF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Availability - 99.9%; Excludes downtime for scheduled maintenance
• Approach to resilience: Datacentre information including resilience and security is available upon request.
• Outage reporting: Outages would be reported via email alerts.; ; For reporting of known issues, we are able to set an alert message to notify the end-user.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: Access is restricted to backend admin panel via multi-factor authentication and restricted role-based access control.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: DSP Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials; DSP Toolkit (In progress); Note: ISO 27001 relates to our hosted data centre only
• Information security policies and processes: An Information Governance team has been defined, and meets regularly. All staff are required to undertake basic Information Governance training.; ; Defined procedures are in place for data sharing & confidentiality, the handling of sensitive data, and information asset security. These procedures are detailed in the organisation's DSP Toolkit documentation.; ; A Change Control team is assembled when required and is responsible for producing Privacy Impact Assessments of any changes that relate to information security.; ; Penetration tests are carried out regularly by an accredited, external organisation.; ; An escalation/notification process exists, detailing 5 levels of risk and an associated chain of responsibility and the procedures that must be followed accordingly.; ; The Chief Technology Officer is responsible for ensuring the above policies are adhered to.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Requested changes are managed by the Product Owner and reviewed at monthly roadmap meetings. Once approved, they are added to the product backlog and assigned a priority. Request planning includes,; ; a. accessibility requirements; b. teams involved; c. clinical and information governance; d. beta testing; e. customer updates; f. training needs; g. documentation updates; h. evaluation needs; ; Features are reviewed at at a minimum of 12 month intervals. New features are deployed on a fortnightly release cycle with updates performed out of hours. Internal metrics are used to analyse the performance of the product and features.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threat management - using our network of specialist cyber security suppliers and contacts we continually monitor potential security threats. We also only use specialist software tools and products to monitor all security elements of the service.; ; Patches - server patching is managed by our specialist data centre provider.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Alerts system - the platform has an inbuilt alerting system.; ; Hosting supplier - our specialist hosting supplier also continually monitors the platform.; ; Issue Resolution - patches and updates can be implemented on a same day basis where required.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident Reporting - we have pre-defined process for as many common events as possible.; ; We have a defined notification/escalation process in place. This details 5 levels of risk, and the escalation procedures for each.; ; A number of potential risks have been highlighted, and detailed processes to follow in the event of such an incident have been defined for each.; ; A standardised form is used to document any event, including unscheduled service outages, and a defined process is in place to follow-up on any such event.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We use responsible cloud infrastructure providers that is increasingly incorporating renewable energy sources within their business and have set a carbon net zero target.

  Covid-19 recovery

  The service contains advice and guidance on COVID-19 for select age groups.

  Equal opportunity

  We are inclusive in our approach and ensure our product is suitable to be used by people from all backgrounds including people with disabilities, ethnic minority, socially disadvantaged, low income and vulnerable communities.

  Wellbeing

  The service contains a dedicated section outlining self-care and self-referral services on a range of lifestyle choices to promote physical and emotional wellbeing.

Pricing

• Price: £0.04 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@cenigma.net. Tell them what format you need. It will help if you say what assistive technology you use.