Skip to main content

Help us improve the Digital Marketplace - send your feedback

Zesty Ltd

Induction Zesty Patient Engagement Portal

Zesty is a patient engagement platform that transforms interactions between patients and care teams. Through integration with most leading PAS/EPR/Diagnostic systems it provides smart appointment management, paperless letters, targeted questionnaires, timely patient information, and integrated video consultations leading to clinical workflow efficiencies and enhanced patient engagement along entire care pathways.

Features

  • Web-based Patient Engagement Portal with secure and simple registration
  • Appointment management including Integrated (Synchronous) and Request Based (Asynchronous)
  • Digital management and distribution of patient letters and documents
  • Customisable patient questionnaires, conditional logic, smart scoring, SMS invites
  • Bulk communications, patient guidance, content management, rules-based patient communications
  • Multi-factor authentication, secure identity management, proxy access
  • Full integration with NHS App Wayfinder and NHS Login
  • Deep integration with most leading EPR, PAS, Diagnostic systems
  • Sophisticated real-time data reporting and analytics
  • Seamless integration with Attend Anywhere video consultations

Benefits

  • Increased patient engagement, experience, and satisfaction delivering better outcomes
  • Cost savings from a reduction of administrative overheads
  • Reduced Did-Not-Attend (DNAs) driving improved resource and slot utilisation
  • Improved triage of patients before appointments, and information after
  • Reduced CO2 through reduction in travel and paper correspondence
  • Reduced number of appointments through PIFU/CIFU/DIFU
  • Improved staff experience through highly configurable and user-friendly tooling
  • Improved clinical workflow efficiencies along entire care pathways
  • Helps deliver NHS Elective Recovery and reduced waiting times
  • Highest levels of clinical safety, privacy, security, data protection

Pricing

£10,000 to £372,000 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at zesty.bids@inductionhealthcare.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

7 5 1 0 8 7 7 7 3 9 1 8 1 6 2

Contact

Zesty Ltd Bid Manager
Telephone: 03339398091
Email: zesty.bids@inductionhealthcare.com

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
The Induction Patient Portal supports a large list of leading PAS / EPR and diagnostic systems utilising both standard and bespoke interfaces. Comprehensive interfaces using HL7 V2, HL7 FHIR, Open APIs, Oauth, SAML SSO and custom configuration.
Cloud deployment model
Hybrid cloud
Service constraints
No known constraints
System requirements
  • Internet Browsers - we support all modern Internet browsers.
  • Licensed on an annual Software as a Service basis.
  • Enterprise license is inclusive of all costs, except SMS.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Business Critical Failures - Acknowledgment of receipt of a Support Request within 2 business hours. System Defect with Workaround - Acknowledgment of receipt of a Support Request within 2 business hours. Minor Error - Acknowledgment of receipt of the Support Request within 4 business hours.
The Zesty Support hours are Monday – Friday 0900 – 1700 except bank holidays.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Standard support response times - 4 business hours. With each deployment Zesty provides 2 person days of training time as part of the set up fee. Further training days are available at extra (for price see SFIA rate card). Each deployment has a remote account manager assigned to deal with any day to day issues.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Onsite training - one to one or group training provided account director or technical support team as required.

Online training - web based training provided by account director or technical support team as required.

User documentation - user guides are provided.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
We are able to support users in extracting their data by providing a CSV extract upon request.
End-of-contract process
Included in the overall price of the contract will be:
Return of customer owned data in standard Zesty format
Deletion of customer owned data - within the Data Protection Act prescribed timescales
Additional cost items would be any custom support or custom extract formats required at end of contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The patient facing aspects of our platform are fully optimised for use on mobile devices, and have been tested across a wide range of devices. The service features and functionality are identical on both desktop and mobile.
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
No
Customisation available
Yes
Description of customisation
Website branding, SMS reminders, pre visit questionnaires, patient surveys and patient feedback can be customised. Appointment management functionality can be customised to different workflows per clinic.

Scaling

Independence of resources
Zesty is fully cloud hosted by Amazon Web Services and is designed to support large increases in scale and large numbers of concurrent users with minimum technical input required.

Analytics

Service usage metrics
Yes
Metrics types
Number of user invitations
Number of user registrations
Total adoption %
Number of user logins
Number of visible appointments
Number of portal confirmed appointments
Number of portal appointments added to calendar
Number of appointments rescheduled
Number of appointment letters
Number of appointment letters downloaded
Total of Registered users with "Paper free" preference
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Database level encryption
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Patients can download their documents directly to their own device.
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • HL7 V2 messages
  • HL7 FHIR R4

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Whitelisted IP addresses and authenticated connections
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Zesty is hosted in the cloud by AWS with 99.99% guaranteed infrastructure availability.

SLAs are provided under specific contracts to meet the individual requirements of each customer.
Approach to resilience
Zesty is fully cloud hosted by Amazon Web Services and is designed to support large increases in scale and large numbers of concurrent users with minimum technical input required.
Outage reporting
Real time monitoring on both application and infrastructure levels.
Automated alerts to key staff 24/7.
Dashboard available for client monitoring.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
Users receive a validation code via SMS to their nominated mobile phone / device.
Access restrictions in management interfaces and support channels
Management interfaces are hosted on HSCN and require HSCN access.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
NHS Data Security & Protection Toolkit

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
NHS England Data Security and Protection Toolkit (DSPT): 2021 assessment status was ‘Standards Exceeded’
Information security policies and processes
Zesty adheres to the NHS IG Toolkit measures and is able to demonstrate compliance with the National Data Guardian’s 10 data security standards by our annual completion of the NHS England Data Security and Protection Toolkit (DSPT).

We use the DSPT framework to provide guidelines for defining and maintaining information security policies & processes. Our policies and processes include regular auditing and classification of information assets, identification of confidential information flows, risk assessment and implementation of appropriate controls and clear roles, responsibilities and training for all staff.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes follow a controlled release program and are subject to Manual and Automated QA and Testing in multiple similar environments before it is agreed they can be released to the live environment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Penetration testing is in line with ISO27001 guidance. Patches are released within 24 hours, with any delays communicated to users. The management of incidents is covered, including the recovery of the facilities, production environment and support systems back to standard working order.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use a variety of internal and external systems to monitor uptime health and vulnerability of key system components on a live basis. Combined results are displayed within our internal communications tools. Live monitoring of our systems allows for rapid notification with immediate response in the event of system vulnerability. We use cloud-native tooling like AWS GuardDuty, Uptime Robot, Sentry, AppCenter and CloudWatch. If an incident occurs we follow our Internal Incident Management Policy and Process
Incident management type
Supplier-defined controls
Incident management approach
If an incident occurs we have an internal incident management procedure to follow. All security incidents should be reported to the IG Lead. Incidents will be recorded on our internal system for recording such incidents. All security breaches will be forwarded to the IG team, who will log the event on the organisation's risk register, investigate, document and feedback. All incidents will be monitored, to identify recurring or high impact incidents. This may indicate the need for enhanced or additional controls. Incidents will be reported as appropriate to all stakeholders, including regulatory bodies, as soon as possible after the event.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Our Net Zero Plan details our target to halve emissions by 2030 and to achieve Net Zero by 2040.
Our plan includes policies and actions to support our target, including:
• A sustainable business travel policy to take the train where possible and reduce air travel – prioritising this will reduce our emission by 14% in the the 12 months from April 2024
• Optimising our cloud use, move to green energy servers and implement steps suggested by Amazon Web Services to reduce idle time, right size workloads, maximise utilisation and reduce the size of the data transmitted
• Formulating a hardware policy to, where possible, use low carbon models and extend the average lifecycle of products
• Purchase of appropriate durable carbon removal offsets

Attend Anywhere supports NHS Carbon Footprint and Carbon Footprint Plus reduction targets, through cloud hosting, using virtual tools and encouraging the shift to paperless.
Figures from AWS’s carbon footprint tool suggest we are already saving 75% on emissions by using AWS as opposed to trust on-premises hosting. Efficiency changes we made in 2023 within our AWS hosting infrastructure have already reduced hosting emissions by a further c.30%.
Uptake of Zesty is already higher than industry average. Having even greater uptake will lead to additional environmental benefits such as:
• Reducing unnecessary face to face appointments (and associated travel).
• Increased paperless communication. 85% of patients using Zesty choose paperless at registration. 2023 saw c.4 million digital letters being sent through Zesty across England, saving approximately 200,000kg of paper – the equivalent of 400 trees, which could absorb as much as 350 tonnes of CO2 during their lifetime.

Integrating video into the Zesty Patient Engagement Portal facilitates the continued use of remote consultations helping to save hospital journeys and reducing the trust’s wider carbon footprint.

Covid-19 recovery

Patient Engagement Portals are playing an important role in the national NHS Elective Recovery plan, maximising available clinical time and ensuring that patients have: - personalised information - tools they need while waiting for care - the ability to interact with, and manage, their elective care pathways This leads to better utilisation of available appointments, and more effective delivery of care to patients across all healthcare settings in a post pandemic environment.

Tackling economic inequality

Improving options for access to care helps those who can engage digitally do so in the formats they require while reducing burden on administration teams.
Creating capacity across administration and clinical teams allows more support to be spent on those patients who need it most.
Accessibility disproportionately affects those in low socio-economic environments.
Good design needs to not only be usable but also accessible, which means that we actively consider users’ capabilities, context, and available technology. We regularly engage the Royal National Institute for Blind (RNIB) to conduct accessibility testing and ensure our product meets Web Content Accessibility Guidelines. We use their findings to enhance the accessibility and usability of our products.

Equal opportunity

One of our corporate goals is to ‘to implement and continuously deliver an inclusive and performance driven culture’. This is underpinned by a clear set of formal company policies shared with all staff. Our Hiring Policy outlines a rigorous sourcing and selection process and strives to remove barriers jobseekers may often face.
Our Flexible Working, Remote & Hybrid Working, and Short Term Overseas Working policies are actively utilised in practice, and our flexible approach to working practices enables those with caring responsibilities or family abroad to comfortably meet their personal and professional goals.
Our restructured top-tier Leadership Team has recently moved from a 100% male to a 75% male/25% female gender profile. We have also adopted a third-party tool that will enable us to collect self-reported data around diversity resulting in a formal plan to promote greater diversity and inclusion.

Wellbeing

The health and wellbeing of our workforce is very important to us. Our employees are predominantly remote workers, our office base is with a national coworking organisation allowing teams to meet and collaborate easily in-person irrespective of location. We also bring our staff community together in person for Town Hall and quarterly social events, supporting our drive for inclusivity and engagement.
We actively promote wellbeing, recognise the value of neurodiversity, and support the mental health of our staff. Measures include providing accessibility to confidential employee assistance programmes, mental wellbeing support tools (including unlimited therapy sessions), and private medical insurance.
Our Flexible Working, Remote & Hybrid Working, and Short Term Overseas Working policies are actively utilised in practice, and our flexible approach to working practices enables those with caring responsibilities or family abroad to comfortably meet their personal and professional goals.
We actively collaborate with staff, suppliers and customers to continually improve our solutions. Our Product & User Experience teams follow human-centred design principles to understand users’ needs, and actively use insights about individual experiences when designing our products. This means we conduct user research and testing along the entire design and development process.
Good design needs to not only be usable but also accessible, which means that we actively consider users’ capabilities, context, and available technology. We regularly engage the Royal National Institute for Blind (RNIB) to conduct accessibility testing and ensure our product meets Web Content Accessibility Guidelines. We use their findings to enhance the accessibility and usability of our products.
Induction Zesty Patient Engagement Portal provides the ability for healthcare organisations and patients to better communicate between each other, providing the patient with more information about their outpatient appointments and condition, leading to reduced likelihood of the appointment being missed, allowing better care provision and improved patient wellbeing.

Pricing

Price
£10,000 to £372,000 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at zesty.bids@inductionhealthcare.com. Tell them what format you need. It will help if you say what assistive technology you use.