UST Global Pvt Ltd

Datos (Remote Automation Patient Monitoring)

Customize automated workflows for patients and clinicians with our ai-driven
no-code Design Studio and instantly deploy remote patient CareApps.

Any clinical domain. Any workflow.

Features

• A Design Studio for remote CareApps
• Personalization and automation of care pathways
• Integration to any device
• PROMs/PREMs
• Virtual visits
• Content (based on pathway/schedule)
• RPM
• Survey designer
• Clinician Dashboard
• AutomatedTriage

Benefits

• Personalization and automation of care pathways
• Support of any clinical domain
• Integration to any device
• RPM | virtual-visits | ePRO | content | communication
• Multiple workflows. Multiple clinical specialities
• transforms workflows into remote care apps.
• Automated assisted self-care becomes the everyday reality.
• One app, increasing adoption and patient engagement.
• immediately updated with every tweak and change.
• platform centered around clinicians and patients.

£120,000 to £500,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukpublicsectorsales@ust.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

795894038734059

Contact

Patrick Marren
07544102103
ukpublicsectorsales@ust.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Any EMR, scheduling systems, calendar, messaging systems
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Ability to deliver urgent and immediate responses tied to mutual SLA requirements.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Datos’ support personnel standard hours of operation are Monday to Friday, 9am-5pm , except for national holidays (the “Service Hours”). Datos support representative(s) shall be available to receive Client's Problem reports during the Service Hours. Client will provide Datos with a detailed explanation of the issue including any information that will assist Datos to reproduce the issue as well as any other activity taken by Client with respect thereto. ; ; Datos’ support email: support@datos-health.com. ; ; Client support emails received outside the Service Hours will be considered delayed within 8 hours as of the time the Client's Problem report.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Datos provide with onsite\online trainings sessions and Self-learning materials. We offer training of care team on the clinical dashboard and patient onboarding, as well as training specific individuals on remote care plan design using the Care Pathways Design Studio. When applicable, we suggest using the ""train-the-trainer"" approach, where we train a dedicated Digital Health Training Team which will then train users as needed across the organization. ; Training manuals and users guides can be provided.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Technical documentations
• End-of-contract data extraction: All the data belongs to the customer. Upon termination the database can be exported and subsequently destroyed.
• End-of-contract process: At the end of the contract, all user access will be removed and the system will be shut down. All data will be exported to the client, if required

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Desktop services- for medical staff; mobile App for patients
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Authentication: Users must authenticate using a bearer token to interact with Datos’s APIs; Patient Enrollment: Users can enroll a new patient in the system or activate a deactivated patient by providing mandatory and optional patient information; Video Meetings: Users can schedule one or more video calls and get a URL to join a video meeting. However, APIs for deleting or changing scheduled meetings are out of scope; Data Transfer: Users can transfer patient data for storage in Datos and receive back a status of acceptance; SMS Notifications: Users can activate an API to send SMS notifications and receive a status of acceptance through Unicell
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: In the Design Studio, drag and drop your way to customized, automated remote patient monitoring plans.

Scaling

• Independence of resources: To support dynamic scaling we will employ Kubernetes Horizontal Pods Scaling. This scripts will be developed to monitor events in queue and increase the number of Kubernetes Pods (workers) when the load reaches certain levels. There will be a corresponding scale down when the load decreases. Managed Kubernetes services such as GCP automatically scale up/down the number of Nodes in the Kubernetes Cluster to adjust for the demand in nodes as scaled by the Horizontal Pods Scaling.

Analytics

• Service usage metrics: Yes
• Metrics types: Excel-based reports​; ; Cohort reports​; ; Time tracking reports for reimbursement​; ; Dashboard Reports​; ; PDF-based reports​; ; Patient outcome reports (Can be exported to patient record in the EMR)​; ; Customized reports on outcomes and value metrics​; ; Data export to any location​; ; Real time or scheduled​
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: We can export the database and provide you the data in SQL or CSV or another format supported by a client. Also for raw data of patients it's possible to export the raw data in Excel spreadsheets.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • SQL
  • A format that supported by the customers
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Our cloud provider also encrypts network traffic on the private network.

Availability and resilience

• Guaranteed availability: The Service will be Available to Client no less than 99.5% (ninety-nine and a half percent) of the time, measured on a monthly basis, excluding during previously scheduled maintenance time and Emergency Maintenance. ; ; The Service is considered “Available” when the care team's portal and the Patient's application is accessible to the care team and Patient (as applicable). For the avoidance of doubt, if the Service is accessible, but there is a specific Problem, the Service shall be considered Available and the above Problem resolution procedure set forth in Section ‎2 above will apply. ; ; "Emergency Maintenance" means unscheduled maintenance to the Service which must be performed on an immediate basis where failure to do so is likely to result in an imminent and/or material Service deficiency.
• Approach to resilience: It’s available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: The access to patients is by role. The location of the caregiver in the hierarchy will provide inherited access to the patients.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Intertek
• ISO/IEC 27001 accreditation date: 25/09/2023
• What the ISO/IEC 27001 doesn’t cover: The certification includes application development, application management, infrastructure management services, engineering services, business process, outsourcing services, support functions such as human resources, finance, workplace management, sales & marketing, information services, information security management system, covering on-premises and cloud environments within UST.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 22301
  • SOC1 SOC2 type II

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: HIPAA; GDPR
• Information security policies and processes: ISO27017 ; GDPR; ISO27018 ; HIPAA Compliance ; ISO27799 ; ISO27001

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Incoming business requirements from customers are described in "story" documents inside our change management system. The stories are them implemented by developers and then verified by QA. The developed code is created in a feature branch of the source control system. After development and initial testing the code is merged into the release branch and dispatched to QA for full control tests.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: At the PaaS level we run Google Security Command Centre to identify vulnerabilities. penetration tests, At the software layer we run scans with Snyk to detect vulnerabilities. a policy of attempting to use the latest versions of third-party software. When vulnerabilities are found, we . Most vulnerabilities can be applied in forthcoming releases. In the event of a severe vulnerability we may release a hotfix of the system. In the event of severe security vulnerability in the PaaS - once detected the patches are applied by GCP immediately. for employees to re-iterate the importance of being aware of security attacks
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have internal locks from tracking failed authentication attempts, as well as illegal access attempts to data, On a system level, we operate the Google Security Command Center that tracks threats and detects intrusions at the software and infrastructure level.
• Incident management type: Supplier-defined controls
• Incident management approach: Employees, suppliers, and third parties interacting with Datos' information/systems must report any potential incidents to the CISO. Reported incidents are categorized into types such as data loss/theft, breaches, or suspicious activity. Each incident type requires updating relevant attack methods like denial of service or social engineering. The CISO notifies necessary individuals for follow-up. An incident summary is created with details like date, time, and sensitivity. The CISO analyzes causes, initiates containment, involves teams for corrective action, communicates with stakeholders, and escalates to senior management as needed, determining alert levels based on gathered information.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  UST engages in numerous initiatives for tackling economic inequality, these include: ; • Working with local Combined Authorities and training providers to build training courses (focussed on digital skills) for economically disadvantaged citizens. ; • People who engage in these courses can then be hired by UST into full-time roles and begin their career in technology. ; • UST support closing skills gaps in key technology areas e.g. UST have developed a mobile application to support the development of skills in Artificial Intelligence for 3 key user profiles – those looking to start a career in AI, those looking to move into an AI role, and citizens who are interested in AI.; • UST are keen to support local SME’s and can agree with a buyer as to how many local SME’s will be utilised in an engagement. ; • UST invest significant sums into innovation aimed at delivering more productivity at lower cost e.g. we have developed our own Generative AI Testing platform.

  Equal opportunity

  UST engages in numerous initiatives for promoting equal opportunities, these include: ; • Working TechSheCan to enable great access to women within the world of tech careers. UST also invested in building the training platform for TechSheCan.; • UST work with numerous partners to support veterans who want to start a carer in Tech once they have left the military.; • UST are an equal opportunities employer and do not discriminate on the basis of age, sex, gender, disability, or religion. We can share our policies and process for this to support discussions. ; • UST have published a detailed Modern Slavery statement and have processes in place to support this. More details can be found at: https://www.ust.com/content/dam/ust/documents/modern-slavery-statement-2022.pdf; • UST works with local skills development partners to support the development of tech skills amongst numerous societal groups.

  Wellbeing

  • UST have developed a Digital Inclusion Community App to support the development of essential digital skills amongst digital excluded people. This enables citizens to be able to use digital services, from both Public and Private organisations, driving a more integrated digital community.

Pricing

• Price: £120,000 to £500,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukpublicsectorsales@ust.com. Tell them what format you need. It will help if you say what assistive technology you use.