OPTELLUM LTD

Optellum Virtual Nodule Clinic

Optellum Virtual Nodule Clinic is an AI-based clinical decision support software supporting the early identification and diagnosis of lung cancer patients, while reducing the load on the healthcare system.
It is clinically validated to improve patient outcomes vs. current standard of care.

Features

• Patient Safety Net – configurable to meet reporting needs
• Tracking & Management – patient management interface with status information
• Lung Cancer Prediction – calculates nodule malignancy risk score
• Access via web browser
• Service metrics available on real time within the Dashboard

Benefits

• Better care coordination: surfaces at-risk patients
• Streamlines patient management; further improves care coordination
• Enhanced risk stratification potential vs. current SoC
• Avoided stress/risk for benign nodule patients
• Better outcomes for malignant nodule patients

£22,500 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at disha.chopra@optellum.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

765035685007302

Contact

Disha Chopra
+44 1865745252
disha.chopra@optellum.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: There will be a downtime of approximately an hour when there is any planned upgrade to the already installed software at the customer premises. This will be planned with their IT department. There will be no impact on customers who are clinicians as they will not be using the technology outside of their working hours.
• System requirements:
  • Single RHEL 8+ VM
  • MSSQL 2017+ Database
  • 3GB local server storage per patient tracked
  • Compatible PACS configuration
  • Access to radiology report (API to RIS or HL7 messages)
  • Single Sign On (SSO) identity provider

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Respond within 2 hours during business hours
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Level 1 support:; - Response within 2 hours during business hours; - provided by dedicated support team; - for help using software and solving basic problems; ; Level 2/3 support:; - response time varies with issue complexity; - provided by software engineering team; - for issues escelated from level 1 support; ; All users have access to full support at no extra cost. ; ; Each user is assigned a customer success manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Optellum customer support will configure the service within the customers network. Once configured user and admin training is delivered via a online session as well as a user manual PDF.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: No data is persisted in the cloud. The data is only on the customers internal database which they manage and are free to extract data as needed.
• End-of-contract process: Optellum support staff will engage with the customer to decommission the service. This will mean uninstalling the client side application, and deleting or migrating data as the customers see fit.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Windows
  • Other
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service interface is a web based application hosted on premise at the customers site. This web based application is used for interacting with the customers internal data repositories in order to retrieve relevant radiology reports and CT scans. The application is used for querying these repositories for the required data before sending it to the cloud based component of the software which performs the main function of the service, calculating the Lung Cancer Prediction AI Score.
• Accessibility standards: None or don’t know
• Description of accessibility: Please refer to the WCAG 2.1 AA standard for Non-text Content, Use of colour, Contrast (minimum), Non-text contrast, No timing, Three Flashes or below threshold, Three Flashes, Page titled, Heading and Labels, On Focus, On Input, Consistent Navigation, Consistent identification, and Labels or instructions, which we meet and which, in our view, assure accessibility of our service for users with disabilities.; The interface is readily adaptable to other WCAG 2.1 standards to further improve accessibility in accordance with experience of users with disabilities and their feedback. ; This also covers our response for the "User Support" and "Documentation" sections.
• Accessibility testing: We have not yet commenced testing our interface with users of assistive technology. There has not been a requirement for this to date, but we are readily able to do so, according to user requirements.
• API: No
• Customisation available: Yes
• Description of customisation: Optellum will consult clinical users to customise the product, including:; 1) Configuring patient discovery AI to meet radiology reporting styles and clinical needs.; 2) Patient location and class to consider for enrolment; 3)Available clinical decisions

Scaling

• Independence of resources: A job queuing system is implemented which allows us to monitor usage levels and scale as necessary.

Analytics

• Service usage metrics: Yes
• Metrics types: 1)Total enrolled patients; 2)New enrolled patients per month; 3)Breakdown of number of each clinical decision within date range; 4)number of LCP scores computed within time range; ; These can be retrieved via an analytics page within the client side application.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: 1)It is possible for clinicians to export a PDF report via a download button for each patient.; ; 2)A csv file of patients can be exported via the analytics page.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: Our Service does not require data upload by the user

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Only minimal data required for the service to operate is transmitted. This data is encrypted in transit via TLS.
• Data protection within supplier network: Other
• Other protection within supplier network: Data is not transferred within our network. It is stored in a secure database and only kept for as long as needed.

Availability and resilience

• Guaranteed availability: The availability of our service is described in the "support level" question under the "User support" section of this application. And such availability is supported through a contractual warranty that Services will be performed with the standard of professional care, skill, and diligence, normally provided in the performance of similar services.
• Approach to resilience: Our product is hosted on cloud and the cloud provider (Azure, Microsoft) is responsible for resilience of Azure environment.
• Outage reporting: Outages would be reported to customers via email.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Client:; - Customer provided single sign on provider using SAMLv2; or; - Username/password; Service:; - Private access key
• Access restrictions in management interfaces and support channels: Only users specified via SSO attribute are able to access admin functions
• Access restriction testing frequency: At least once a year
• Management access authentication: Other
• Description of management access authentication: SSO SAMLv2. ; Only specified users with the correct SSO attribute may access management functionality.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI, Certificate number - IS799048
• ISO/IEC 27001 accreditation date: Awaiting first issue - assessment completed on 5th April 2024 and certificate number issued by BSI
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our information security policies are aligned to ISO/IEC 27001 standard. Adherence to policies are monitored by internal/external audits.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change management and configuration management processes conforms to ISO13485 and ISO/IEC27001 standards and we have system in-place which covers planning, impact, approval, communication, fall back procedure and responsible individuals.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: 1) Threat and vulnerability are assessed based on defined policies and procedures.; 2) Patches are applied within 14days. ; 3) Threat information are gathered from many sources such as NCSC, Mandiant, ENISA, Crowdstrike, CISA
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: 1) A number of tools are used to monitor and alert any potential compromise e.g., Microsoft Defender for Endpoint Devices and Microsoft Defender for Cloud; 2) Response to a potential compromise is based on incident management procedure; 3) Response time to an incident is based on the the severity and priority of the incident.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: 1) Event Reporting Procedure in-place and communicated to all users which describes how to report any suspected or actual incident; 2) Each incident is recorded and logged on the Incident Management System which Detection, Report, Analysis, Priority, Impact, Investigate, Review, Close, and Lesson Learnt

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Other
• Other public sector networks: Individual NHS Trust/Health Board Network

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Optellum VNC use can contribute to the fight against climate change. Specifically, it can enable emission reduction of, approximately, ~330 kg of CO2 consequential emissions (or ~3,200 kg of CO2 attributional emissions) p.a. at an institution/NHS Trust doing ~150,000 CT scans per annum.; That is because VNC was shown to safely facilitate ~20% reduction of unnecessary follow-up CT and PET/CT scans performed on benign-nodule patients. [https://pubmed.ncbi.nlm.nih.gov/33581913/] Each CT scan is estimated to generate ~1.1 of consequential (or 9.2 of attributional) kg of CO2 emissions, and PET/CT, under very conservative assumptions, is assumed to generate at the very least the same emission level as a CT scan [https://www.thelancet.com/journals/lanwpc/article/PIIS2666-6065(22)00074-8/fulltext]

  Covid-19 recovery

  Use of Optellum VNC is expected to support people (i.e., patients), communities, as well as organisations (i.e., NHS trusts) to manage and recover from the impacts of COVID-19.; Specifically, appropriate use of the LCP risk stratification capability is expected to help reduce the remainder of the Covid-related backlogs.

  Equal opportunity

  There is preliminary (inferred) evidence and customer feedback to suggest that the use of Optellum VNC can support in-work progression to help people. Specifically, that can be achieved by giving junior doctors training opportunities, and providing nurses with upskilling opportunities:; 1)It gives opportunities for career development / job enrichment to nurses - e.g., by enabling them to administer the nodule clinic; - Hence, it gives junior clinicians access to an additional diagnostic resource and training support: an "Artificially-Intelligent Diagnostic mentor", which enables them to catch-up to the diagnostic accuracy of most senior clinicians; 2)That is because the use of Optellum VNC was shown to improve the diagnostic performance of all readers, regardless of the experience level; ; 3)However, importantly, it was shown to improve the performance of junior readers the most

  Wellbeing

  There is preliminary evidence and customer feedback to suggest that the use of Optellum VNC is able to improve health and; wellbeing, specifically influence staff, suppliers, customers and communities through the delivery of the contract to support health and wellbeing, including physical and mental health.

Pricing

• Price: £22,500 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at disha.chopra@optellum.com. Tell them what format you need. It will help if you say what assistive technology you use.