Zesty Ltd

Induction Zesty Patient Engagement Portal

Zesty is a patient engagement platform that transforms interactions between patients and care teams. Through integration with most leading PAS/EPR/Diagnostic systems it provides smart appointment management, paperless letters, targeted questionnaires, timely patient information, and integrated video consultations leading to clinical workflow efficiencies and enhanced patient engagement along entire care pathways.

Features

• Web-based Patient Engagement Portal with secure and simple registration
• Appointment management including Integrated (Synchronous) and Request Based (Asynchronous)
• Digital management and distribution of patient letters and documents
• Customisable patient questionnaires, conditional logic, smart scoring, SMS invites
• Bulk communications, patient guidance, content management, rules-based patient communications
• Multi-factor authentication, secure identity management, proxy access
• Full integration with NHS App Wayfinder and NHS Login
• Deep integration with most leading EPR, PAS, Diagnostic systems
• Sophisticated real-time data reporting and analytics
• Seamless integration with Attend Anywhere video consultations

Benefits

• Increased patient engagement, experience, and satisfaction delivering better outcomes
• Cost savings from a reduction of administrative overheads
• Reduced Did-Not-Attend (DNAs) driving improved resource and slot utilisation
• Improved triage of patients before appointments, and information after
• Reduced CO2 through reduction in travel and paper correspondence
• Reduced number of appointments through PIFU/CIFU/DIFU
• Improved staff experience through highly configurable and user-friendly tooling
• Improved clinical workflow efficiencies along entire care pathways
• Helps deliver NHS Elective Recovery and reduced waiting times
• Highest levels of clinical safety, privacy, security, data protection

£10,000 to £372,000 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at zesty.bids@inductionhealthcare.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

751087773918162

Contact

Bid Manager
03339398091
zesty.bids@inductionhealthcare.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: The Induction Patient Portal supports a large list of leading PAS / EPR and diagnostic systems utilising both standard and bespoke interfaces. Comprehensive interfaces using HL7 V2, HL7 FHIR, Open APIs, Oauth, SAML SSO and custom configuration.
• Cloud deployment model: Hybrid cloud
• Service constraints: No known constraints
• System requirements:
  • Internet Browsers - we support all modern Internet browsers.
  • Licensed on an annual Software as a Service basis.
  • Enterprise license is inclusive of all costs, except SMS.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Business Critical Failures - Acknowledgment of receipt of a Support Request within 2 business hours. System Defect with Workaround - Acknowledgment of receipt of a Support Request within 2 business hours. Minor Error - Acknowledgment of receipt of the Support Request within 4 business hours.; The Zesty Support hours are Monday – Friday 0900 – 1700 except bank holidays.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard support response times - 4 business hours. With each deployment Zesty provides 2 person days of training time as part of the set up fee. Further training days are available at extra (for price see SFIA rate card). Each deployment has a remote account manager assigned to deal with any day to day issues.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite training - one to one or group training provided account director or technical support team as required.; ; Online training - web based training provided by account director or technical support team as required.; ; User documentation - user guides are provided.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We are able to support users in extracting their data by providing a CSV extract upon request.
• End-of-contract process: Included in the overall price of the contract will be:; Return of customer owned data in standard Zesty format; Deletion of customer owned data - within the Data Protection Act prescribed timescales; Additional cost items would be any custom support or custom extract formats required at end of contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The patient facing aspects of our platform are fully optimised for use on mobile devices, and have been tested across a wide range of devices. The service features and functionality are identical on both desktop and mobile.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Website branding, SMS reminders, pre visit questionnaires, patient surveys and patient feedback can be customised. Appointment management functionality can be customised to different workflows per clinic.

Scaling

• Independence of resources: Zesty is fully cloud hosted by Amazon Web Services and is designed to support large increases in scale and large numbers of concurrent users with minimum technical input required.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of user invitations; Number of user registrations; Total adoption %; Number of user logins; Number of visible appointments; Number of portal confirmed appointments; Number of portal appointments added to calendar; Number of appointments rescheduled; Number of appointment letters; Number of appointment letters downloaded; Total of Registered users with "Paper free" preference
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Database level encryption
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Patients can download their documents directly to their own device.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • HL7 V2 messages
  • HL7 FHIR R4

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Whitelisted IP addresses and authenticated connections
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Zesty is hosted in the cloud by AWS with 99.99% guaranteed infrastructure availability.; ; SLAs are provided under specific contracts to meet the individual requirements of each customer.
• Approach to resilience: Zesty is fully cloud hosted by Amazon Web Services and is designed to support large increases in scale and large numbers of concurrent users with minimum technical input required.
• Outage reporting: Real time monitoring on both application and infrastructure levels.; Automated alerts to key staff 24/7. ; Dashboard available for client monitoring.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Users receive a validation code via SMS to their nominated mobile phone / device.
• Access restrictions in management interfaces and support channels: Management interfaces are hosted on HSCN and require HSCN access.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: NHS Data Security & Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: NHS England Data Security and Protection Toolkit (DSPT): 2021 assessment status was ‘Standards Exceeded’
• Information security policies and processes: Zesty adheres to the NHS IG Toolkit measures and is able to demonstrate compliance with the National Data Guardian’s 10 data security standards by our annual completion of the NHS England Data Security and Protection Toolkit (DSPT). ; ; We use the DSPT framework to provide guidelines for defining and maintaining information security policies & processes. Our policies and processes include regular auditing and classification of information assets, identification of confidential information flows, risk assessment and implementation of appropriate controls and clear roles, responsibilities and training for all staff.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes follow a controlled release program and are subject to Manual and Automated QA and Testing in multiple similar environments before it is agreed they can be released to the live environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Penetration testing is in line with ISO27001 guidance. Patches are released within 24 hours, with any delays communicated to users. The management of incidents is covered, including the recovery of the facilities, production environment and support systems back to standard working order.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use a variety of internal and external systems to monitor uptime health and vulnerability of key system components on a live basis. Combined results are displayed within our internal communications tools. Live monitoring of our systems allows for rapid notification with immediate response in the event of system vulnerability. We use cloud-native tooling like AWS GuardDuty, Uptime Robot, Sentry, AppCenter and CloudWatch. If an incident occurs we follow our Internal Incident Management Policy and Process
• Incident management type: Supplier-defined controls
• Incident management approach: If an incident occurs we have an internal incident management procedure to follow. All security incidents should be reported to the IG Lead. Incidents will be recorded on our internal system for recording such incidents. All security breaches will be forwarded to the IG team, who will log the event on the organisation's risk register, investigate, document and feedback. All incidents will be monitored, to identify recurring or high impact incidents. This may indicate the need for enhanced or additional controls. Incidents will be reported as appropriate to all stakeholders, including regulatory bodies, as soon as possible after the event.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our Net Zero Plan details our target to halve emissions by 2030 and to achieve Net Zero by 2040. ; Our plan includes policies and actions to support our target, including:; • A sustainable business travel policy to take the train where possible and reduce air travel – prioritising this will reduce our emission by 14% in the the 12 months from April 2024; • Optimising our cloud use, move to green energy servers and implement steps suggested by Amazon Web Services to reduce idle time, right size workloads, maximise utilisation and reduce the size of the data transmitted ; • Formulating a hardware policy to, where possible, use low carbon models and extend the average lifecycle of products; • Purchase of appropriate durable carbon removal offsets; ; Attend Anywhere supports NHS Carbon Footprint and Carbon Footprint Plus reduction targets, through cloud hosting, using virtual tools and encouraging the shift to paperless. ; Figures from AWS’s carbon footprint tool suggest we are already saving 75% on emissions by using AWS as opposed to trust on-premises hosting. Efficiency changes we made in 2023 within our AWS hosting infrastructure have already reduced hosting emissions by a further c.30%.; Uptake of Zesty is already higher than industry average. Having even greater uptake will lead to additional environmental benefits such as:; • Reducing unnecessary face to face appointments (and associated travel).; • Increased paperless communication. 85% of patients using Zesty choose paperless at registration. 2023 saw c.4 million digital letters being sent through Zesty across England, saving approximately 200,000kg of paper – the equivalent of 400 trees, which could absorb as much as 350 tonnes of CO2 during their lifetime.; ; Integrating video into the Zesty Patient Engagement Portal facilitates the continued use of remote consultations helping to save hospital journeys and reducing the trust’s wider carbon footprint.

  Covid-19 recovery

  Patient Engagement Portals are playing an important role in the national NHS Elective Recovery plan, maximising available clinical time and ensuring that patients have: - personalised information - tools they need while waiting for care - the ability to interact with, and manage, their elective care pathways This leads to better utilisation of available appointments, and more effective delivery of care to patients across all healthcare settings in a post pandemic environment.

  Tackling economic inequality

  Improving options for access to care helps those who can engage digitally do so in the formats they require while reducing burden on administration teams. ; Creating capacity across administration and clinical teams allows more support to be spent on those patients who need it most. ; Accessibility disproportionately affects those in low socio-economic environments. ; Good design needs to not only be usable but also accessible, which means that we actively consider users’ capabilities, context, and available technology. We regularly engage the Royal National Institute for Blind (RNIB) to conduct accessibility testing and ensure our product meets Web Content Accessibility Guidelines. We use their findings to enhance the accessibility and usability of our products.

  Equal opportunity

  One of our corporate goals is to ‘to implement and continuously deliver an inclusive and performance driven culture’. This is underpinned by a clear set of formal company policies shared with all staff. Our Hiring Policy outlines a rigorous sourcing and selection process and strives to remove barriers jobseekers may often face.; Our Flexible Working, Remote & Hybrid Working, and Short Term Overseas Working policies are actively utilised in practice, and our flexible approach to working practices enables those with caring responsibilities or family abroad to comfortably meet their personal and professional goals.; Our restructured top-tier Leadership Team has recently moved from a 100% male to a 75% male/25% female gender profile. We have also adopted a third-party tool that will enable us to collect self-reported data around diversity resulting in a formal plan to promote greater diversity and inclusion.

  Wellbeing

  The health and wellbeing of our workforce is very important to us. Our employees are predominantly remote workers, our office base is with a national coworking organisation allowing teams to meet and collaborate easily in-person irrespective of location. We also bring our staff community together in person for Town Hall and quarterly social events, supporting our drive for inclusivity and engagement. ; We actively promote wellbeing, recognise the value of neurodiversity, and support the mental health of our staff. Measures include providing accessibility to confidential employee assistance programmes, mental wellbeing support tools (including unlimited therapy sessions), and private medical insurance.; Our Flexible Working, Remote & Hybrid Working, and Short Term Overseas Working policies are actively utilised in practice, and our flexible approach to working practices enables those with caring responsibilities or family abroad to comfortably meet their personal and professional goals.; We actively collaborate with staff, suppliers and customers to continually improve our solutions. Our Product & User Experience teams follow human-centred design principles to understand users’ needs, and actively use insights about individual experiences when designing our products. This means we conduct user research and testing along the entire design and development process. ; Good design needs to not only be usable but also accessible, which means that we actively consider users’ capabilities, context, and available technology. We regularly engage the Royal National Institute for Blind (RNIB) to conduct accessibility testing and ensure our product meets Web Content Accessibility Guidelines. We use their findings to enhance the accessibility and usability of our products.; Induction Zesty Patient Engagement Portal provides the ability for healthcare organisations and patients to better communicate between each other, providing the patient with more information about their outpatient appointments and condition, leading to reduced likelihood of the appointment being missed, allowing better care provision and improved patient wellbeing.

Pricing

• Price: £10,000 to £372,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at zesty.bids@inductionhealthcare.com. Tell them what format you need. It will help if you say what assistive technology you use.