EYEV LIMITED

EyeV: Referrals

EyeV Referrals allows clinicians to send, triage, book and process referrals with ease, in an easy to use web platform.

It integrates with existing electronic patient records, patient administrations and reporting systems using open APIs which follow international standard such as FHIR and HL7.

Features

• Online referral platform
• Customisable referral forms
• Triage module with auto-triaging capabilities
• Integration with NHS Spine, PDS
• Integration with e-RS
• Real-time reporting
• Automated feed for BI platforms, such as Power BI
• APIs for all aspects of the platform

Benefits

• Cut triage time by up to 2 minutes
• Make referrals quicker
• Get structured information from referrals
• 7 day a week support

£290 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cellan@eyev.health. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

757712714348211

Contact

Cellan Griffiths
0115 650 0102
cellan@eyev.health

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The support regime may differ should the customer request bespoke development of the system.
• System requirements:
  • Google Chrome (supported versions) — Windows, macOS, iOS, Android
  • Apple Safari (supported versions) — macOS, iOS
  • Microsoft Edge (supported versions) — Windows
  • Mozilla Firefox (supported versions) — Windows

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support times are graded based on the priority of the ticket:; ; Critical - Acknowledged within 15 minutes, resolved within 2 hours.; High - Acknowledged within 1 hour, resolved within 4 hours.; Medium - Acknowledged within 2 hours, resolved within 24 hours.; Low - Acknowledged within 24 hours, resolved within 48 hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Web chat testing has been conducted with users within hospital trusts, using the same system that is used for the web support.
• Onsite support: Yes, at extra cost
• Support levels: We offer a range of support levels to meet various business needs, ensuring that our customers receive timely and effective assistance.; ; Standard Support: Included within the licence cost, our managed service desk operates Monday to Friday from 8 AM to 8 PM, and weekends from 9 AM to 4 PM. This service provides comprehensive assistance and troubleshooting support through phone, email, and online chat.; ; Extended Support: For additional support outside standard hours, we charge at the Software Engineer day rate. This premium service caters to clients requiring round-the-clock assistance.; ; On-site Support: We offer face-to-face support, where a Software Engineer visits the client’s location for direct assistance. This is billed at the day rate plus reasonable expenses, including travel, mileage, and accommodation.; ; Dedicated Technical Support: Clients can opt for a Technical Account Manager or a Cloud Support Engineer, depending on their specific requirements. These professionals provide strategic support and tailored solutions.; ; These structured support tiers allow clients to choose a level that best suits their operational needs and budget, ensuring they always have access to expert help whenever required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide users with a number of comprehensive virtual training sessions with our senior staff, and product experts. We set up as many sessions as required for each type of staff group (for example, clinical staff, followed by referral and booking staff) to ensure that all aspects of the system have been trained.; ; We also have a permanent online user guide and training videos for each user, which is downloadable. This means that users can refer back to the online guide at any time, and download as offline documentation in order to adopt it into standard operating procedures within the organisation.; ; Our clinical and operational lead also works in tandem with the customer to ensure that process mapping is completed comprehensively and accurately, which ensures a smooth onboarding service.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users are able to download an extract of all of their data on the system in CSV, SQL and JSON format.; ; They can also download all of their data via our REST API, or by liaising with our support team to provide a bulk extract in CSV, SQL or JSON format to be sent via agreed means.
• End-of-contract process: At the end of the contract, our support team will ensure that all data is provided to the customer in an agreed format, and will support the customer to ensure that all information has been extracted. This is included in the price.; ; We will also assist the customer in manually migrating data to a new supplier, and performing the migration ourselves. This will incur an additional day rate cost at the "Software Developer" day rate.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service on desktop and mobile is identical, with the exception of reporting dashboards, which are designed to work on large screens, will not work on mobile devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: REST APIs covering all aspects of the platform, which are FHIR-compliant.; ; HL7 APIs.
• Accessibility standards: None or don’t know
• Description of accessibility: This is not applicable, as the service interface is a REST API.
• Accessibility testing: This is not applicable, as the service interface is a REST API.
• API: Yes
• What users can and can't do using the API: All aspects of the platform can be managed via the API. Authentication and authorisation is done via OAuth 2.0 and OpenID Connect.; ; Users can set up the directory of services, make and manage referrals via the API, in a user or application-restricted manner.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Clinical forms, triage rules, patient databases and booking rules can be configured directly from within the system itself.; ; The customisations are strictly controlled by role-based access control, meaning that only "Service Administrators" are able to make changes to patient databases, triage and booking rules.; ; "Clinical Administrators" are able to make changes to the clinical forms from directly within the system.; ; The customer can also quote for bespoke customisation of the system with the Account Manager, who can ensure that the system is tailored to the customer's exact requirements.

Scaling

• Independence of resources: To ensure that users aren't affected by the demand others place on our service, we employ a robust load balancing system that distributes traffic across multiple servers, maintaining high availability and performance. Our scalable cloud infrastructure automatically adjusts resources based on demand, and rate limiting prevents excessive use. Our support team uses advanced monitoring tools to manage issues and can augment resources to accommodate new services. These strategies guarantee stable and reliable access for all users.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide service uptime, user usage, organisational usage, referral volume, triage outcomes and time to triage.; ; All information contained within the system can be extracted via the API, or produced in a customisable reporting dashboard.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users are able to log into the platform and export their data to CSV, JSON or SQL.; ; They can also call our REST APIs to export their data.; ; Additionally, users can make support requests to our service desk to request a specific export of data.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • SQL
  • JSON
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • SQL
  • JSON
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We guarantee a service availability of 99.9%. Our Service Level Agreement (SLA) specifies that if availability falls below this threshold, users are entitled to service credits. These credits are calculated on an hourly basis and are proportional to the annual fee, providing compensation for downtime beyond 48 hours in any given month. This ensures our commitment to maintaining high levels of service and offers users a form of recompense if the agreed standards are not met. The process for claiming these credits is streamlined and clearly detailed in our user agreements to ensure transparency and ease of understanding for all parties involved.
• Approach to resilience: Available on request.
• Outage reporting: Service outages are reported via the following means:; ; - Email notifications to users; - SMS notifications to users; - An online Statuspage website

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: We enforce strict access restrictions in management interfaces and support channels to safeguard our services and data. Access is limited to authorised personnel only, based on roles and responsibilities. We use multi-factor authentication (MFA) to ensure that only verified users can gain access, and all access attempts are logged and monitored.; ; Role-based access control (RBAC) provides users with the minimum necessary permissions needed for their duties, preventing unauthorised actions. Regular audits review access privileges and ensure compliance with security policies, maintaining secure and controlled access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Annual CHECK pen test

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our security governance follows the principles of ISO 27001, including a full information security management system.
• Information security policies and processes: Our organisation is committed to maintaining rigorous information security policies and processes, following the principles of ISO 27001’s Information Security Management System as detailed in our Corporate Data Manual.; ; Security Policies: Our security policies cover data protection, access control, incident response, and risk management. These guidelines are frequently updated to meet ISO 27001 standards and address new security challenges.; ; Compliance and Auditing: We enforce our security policies through regular internal audits and at least annual external audits conducted by third-party CHECK pentest.; ; Reporting Structure: Our Technology Director oversees the support and software engineering teams, handling our security policies. This direct reporting structure ensures that security concerns are integrated into broader company policy.; ; Training and Awareness: All employees undergo regular training to stay informed about security threats and preventive measures. We subscribe to feeds from the National Cyber Security Centre.; ; Penetration Testing: We conduct internal penetration tests monthly and external penetration tests at least annually to proactively discover and mitigate potential security vulnerabilities.; ; Enforcement: Monitoring tools are utilised to ensure compliance with our security policies. Any deviations are promptly addressed, with actions taken depending on the severity of the issue.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our configuration and change management processes are designed to ensure stability and security across all service components. Each component's lifecycle is meticulously tracked from deployment to decommissioning using automated systems that log updates, modifications, and status changes. Before any change is implemented, it undergoes a rigorous assessment to evaluate potential security impacts. This involves a preliminary security review by our Technology Director, followed by tests in a controlled staging environment. Only after thorough testing and approval are changes applied to the live environment, ensuring that our services remain secure and functional without disrupting user experience.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management process proactively identifies and mitigates threats to ensure robust service security. We assess potential threats by continuously monitoring various security channels, including industry advisories, security forums, and partnerships with cybersecurity organisations. We also subscribe to the NCSC Threat Intelligence Feeds.; ; Upon identifying a vulnerability, we prioritise its severity and impact on our services. Critical patches are deployed within 24 hours, while less urgent updates follow a structured schedule to minimise disruption, though within 30 days.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our protective monitoring approach is designed to swiftly identify and respond to potential security compromises. We utilise advanced monitoring tools to continuously scan our systems for unusual activities that may indicate a breach. Upon detecting a potential compromise, we provide an initial acknowledgement within 15 minutes. Our incident response protocol is immediately activated, involving isolation of the affected systems, a thorough investigation, and remedial actions. We aim to conclude our response within 24 hours, providing updates every 2 hours.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management process is robust, with pre-defined procedures for common security events to ensure swift and effective resolution. Users can report incidents via email, phone, or through our dedicated online portal, which is accessible 24/7. Each report is immediately logged and assessed by our Technology Director, who oversees the response. We provide detailed incident reports to the affected users, outlining the nature of the incident, actions taken, and steps for prevention in the future. These reports are typically delivered within a few hours of incident resolution, ensuring transparency and maintaining trust with our users.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At EyeV Ltd, we are dedicated to combating climate change by prioritizing sustainability and; serving as stewards of the earth. Our office is equipped with designated recycling facilities,; and we operate in a paperless environment. We make conscious choices by opting for the; most sustainable providers, particularly in areas such as data servers. Additionally, we; actively promote sustainable commuting practices among our staff, encouraging the use of; public transportation and carpooling to reduce emissions.

  Covid-19 recovery

  At EyeV Ltd, we recognize the impact COVID-19 has had on the working environment,; businesses, and individuals at large. To address this, we have implemented a remote; working policy, enabling our staff to work from home. We support this initiative by; providing all necessary equipment for remote work. Moreover, our office layout is designed; to facilitate social distancing measures. We foster open communication between staff and; management, encouraging dialogue where employees can propose new ways of working in; a post-COVID-19 environment.

  Tackling economic inequality

  AT EyeV Ltd we are conscious of economic inequalities, where possible work with small business and local business.

  Equal opportunity

  At EyeV Ltd, we ensure that all protected characteristics under the Equality Act are treated equally and fairly and are not discriminated against.; ; Our Managing Director acts as the company champion for equality, reviews policy regularly, and ensures that direct or indirect discrimination is avoided before any real or perceived discrimination could occur.

  Wellbeing

  At EyeV Ltd, we encourage our staff to look after both their physical health, and their mental health. EveV Ltd provides an environment where staff feel empowered to talk about their mental wellbeing, fostering a supportive culture and having designated mental health; champions.; ; Knowing the importance of physical exercise on mental health, our flexible working policy allows staff to this into their day.; Through our actions, we aim to influence not only our staff but also our suppliers, customers, and communities to prioritize health, wellbeing, and community integration.

Pricing

• Price: £290 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cellan@eyev.health. Tell them what format you need. It will help if you say what assistive technology you use.