Skip to main content

Help us improve the Digital Marketplace - send your feedback

Oxehealth Limited

Oxevision

Oxevision is a contactless patient monitoring platform for mental health. It comprises camera-based hardware and a suite of software modules including two class IIa medical devices. Oxevision enhances how clinicians observe, intervene and plan, and is proven to help providers deliver safer, higher-quality and more efficient care.

Features

  • Contactless pulse, breathing rate, movement and sleep monitoring
  • Automated risk based notifications
  • Automated live trend reports on vital signs
  • Personalisation of risk based notifications to meet patients needs
  • Incorporates two class 2A regulated medical devices
  • Infrared vision enables patient safety checks in all light conditions
  • Secure access through tablets and nursing station screen
  • Automated activity reports to review nighttime and daytime activity
  • Exportable reports to integrate into electronic patient records
  • Secure cloud and onsite data storage

Benefits

  • Enables patient safety checks without disturbing sleep
  • Releases time to care from quicker vital sign measurement
  • Enables staff to respond proactively to improve patient safety
  • Vital sign trend reports provides insight/identify physical health issues
  • Supports learning with enhanced data on incidents
  • Limited vision to support patient privacy
  • Supports staff to reduce assaults and self-harm
  • Supports reduction in use of restrictive practice
  • Enhanced physical checks even when patient is refusing observations
  • Intuitive, easy to use system supports effective staff training

Pricing

£30,240 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at karen.west@oxehealth.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

8 1 6 1 7 5 9 1 2 1 3 9 9 4 1

Contact

Oxehealth Limited Karen West
Telephone: +44 (0) 1865 900 599
Email: karen.west@oxehealth.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Private cloud
  • Hybrid cloud
Service constraints
Oxevision receives regular maintenance, updates, upgrades and patches without the requirements for system downtime. In the scenario where downtime is required for maintenance or upgrades, this will be communicated and agreed with the customer to ensure ample time and support for business continuity. The Oxevision system includes software and hardware. The provision of software, hardware and its maintenance, updating and upgrading is fully included in the service license.
System requirements
  • Wifi access throughout ward
  • Adequate, suitable space for local server
  • Suitable broadband connection for the local server to the cloud

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our customer support team is available 24/7, 365 days of the year to answer calls via our Support Line or, responding to feedback forms via the Oxevision system and emails. Response and resolution times are fixed as per the Service Level Agreement, which is comprised of 6 categories - with response and resolution options being 24 hours (7 days a week), 72 hours (7 days a week) and 96 hours (7 days a week). The Service Level Agreement is the same across all customers.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
All support is included in the contract as a standard service provided to all customers. Services include:
Where a reported issue requires an onsite visit (such as hardware replacement), Oxehealth provides this as part of the service agreement which also details their Service Level Agreement.

Additional training and support is available via OxeAcademy (our online portal) and in person via our Customer Success Team.

A dedicated Account Manager is also provided for support throughout.

We do not provide a dedicated Technical Account Manager or Cloud support engineer.
Support available to third parties
No

Onboarding and offboarding

Getting started
We provide and agree a training plan with every customer, specfic to their needs and the needs of their staff. Training can be delivered onsite, virtually or using our online training portal, OxeAcademy. Typically a mix of all three types of training is used to support customers with their training needs. In addition, we are on-site during the go-live and can support customers throughout the lifecycle of their product use with training needs.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Word
  • Online via OxeAcademy portal
End-of-contract data extraction
The Oxevision System produces eight types of data ("data categories"). Customers are the Data Controller of these data, and therefore determine what happens to these data when the contract ends. The retention and storage of this data is agreed with the customer and written into the contract in the Generated Data Guide and Description of Data Processing.
End-of-contract process
The Oxevision system is decommissioned by Oxehealth and the customer. Oxehealth removes the equipment from the customer's locations, seeking access and/or support when the equipment requires their Estates or IT teams (e.g. to access the server room, to access the ward). Customers remove the empty housing units, as these are part of the customer's physical building infrastructure, directly - customers can choose to leave or remove the empty housing units. No additional costs are charged by Oxehealth.

Using the service

Web browser interface
No
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Functionality is the same on Fixed screen displays and Tablet devices. Phones have a reduced subset of features
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
The Oxevision User Interface has been designed specifically for mental health care. Through this interface the following functionality is available:
- Activity Overview Dashboard - providing information and notifications to clinical staff about a patient’s location in their room.
Vital Signs - with this staff can:
- Measure a patient’s pulse and breathing rate completely contact-free
- View a short 15-second clear image into the room to verify patient safety at night without disturbing them
- View vital signs data over time with the Vital Signs Trends chart.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
None - the interface does not currently support third party assistive technology as it is a closed system.
API
No
Customisation available
Yes
Description of customisation
Oxevision can be configured at a ward-level. This means that individual wards can use the functionality that meets the clinical need of the patients receiving care on those wards. For example, alerts and warnings can be configured to be different by ward, and functionality can be switched on or off depending on the needs of the ward.

Scaling

Independence of resources
The Oxevision solution runs on-premise with a backup to AWS cloud and to a specification that is validated as meeting system and user demand.

Analytics

Service usage metrics
Yes
Metrics types
Oxehealth provides usage metrics on vital sign attempts, alert resets, alert reset response times, which devices are used and which rooms have been switched on and off.
Usage metrics are provided in a weekly and/or monthly report. Metrics are shown day by day, by time of day, and presented as trends over time.
Reporting types
  • API access
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
The GUI database and all personal data stored on the local server at customer site is encrypted at rest with AES-256bit encryption. All data stored on Oxehealth's 3rd party cloud services is encypted at rest with AES-256bit encryption.

When stored on local servers at customer site physical access control is the responsibility of the customer. When stored in Oxehealth's 3rd party cloud services the service provider has physical access controls which are compliant with ISO 27000 security series and they have a SOC2 type 2 certificate.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Reports are available for export via PDF
Data export formats
Other
Other data export formats
PDF
Data import formats
Other
Other data import formats
NONE

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Oxehealth provides support and maintenance for the Oxehealth Service as outlined in their Service Level Agreement details of which are included in the Service Definition document. Support is provided without additional charge and is covered within the overall service licence cost. The SLA describes 6 scenarios where support might be required and outlines the service and timing provided including for serious incidents access to 24/7 support. Service Level Failures are reported for resolution and remediation at the Partnership board (steering board comprising customer and Oxehealth) meeting.
Approach to resilience
Available on request.
Outage reporting
Direct communication with customer, via email or phone. Each customer's system is segregated /ringfenced.

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
There is no management interface. All changes are managed by Oxehealth following requests from authorised users.
Access restriction testing frequency
Never
Management access authentication
Other
Description of management access authentication
Not applicable. All changes are managed by Oxehealth following requests from authorised users.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
NQA
ISO/IEC 27001 accreditation date
8/9/2022
What the ISO/IEC 27001 doesn’t cover
The Statement of Applicability includes all controls with the exception of A.14.2.7 Outsourced development - Oxehealth do not outsource development.

The physical locations covered are the Oxehealth offices within Magdalen Centre North and Sadler building on the Oxford Science Park, and the Oxehealth inventory storage facility in Merlin House on Grove Business Park in Wantage. Oxehealth AB and Oxehealth Inc. exist at other physical locations which are not within the scope of the Oxehealth ISMS and PIMS, and any assets owned by these entities are treated as assets that are in transit outside the boundary of the Oxehealth security perimeter, and as such, only assets that are intended to be mobile or transported are used by Oxehealth staff in these locations.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
NHS Digital Data security and protection toolkit

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Plus, NHS DSPT, ISO/IEC 27701
Information security policies and processes
Oxehealth has implemented a top level information security and privacy policy, as part of our ISO 27001 /ISO 27701 certified information security management system (ISMS/PIMS). This is supported by other policies and procedures including: information and infrastructure assets security classification, risk management, incident management, management review, staff competence and training; access control, cryptographic and key management, media re-use and disposal, etc.
Oxehealth has appointed:
• A Chief Information Security Officer (board report) responsible for the operation of effective security and privacy information controls and chairs the Security Governance Review;
• An Information Security and Privacy Manager supports the CISO and is responsible for the maintenance/effectiveness of the ISMS/PIMS and ensuring that Oxehealth operations within the scope of the ISMS and PIMS are carried out accordingly; and
• A Data Protection Officer (board report) and is responsible for Oxehealth's privacy information handling regime and chairs the Data Governance Review.
All staff are trained on policies and procedures within the ISMS/PIMS and additional role specific security training prior to granting of access.
Compliance is monitored through monthly operational security reviews and non-conformances are reported at Security Management Reviews. Monitoring through internal audits and annual surveillance/recertification audits from the ISO 27001/27701 certification body.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Externally audited processes follow industry best practices to ensure reliability, security, and stability.
• Configuration management system tracks the components with version control systems tracking changes to configuration files
• Changes to services, infrastructure and tooling undergo change request processes and assessment of potential impacts and mitigations;
• Changes are tested in isolated environments. Automated testing, peer review and staged deployments minimise risks of introducing errors.
• Software components have their own version and tooling checks and alerts if wrong components are running.
• Production system business continuity plan ensures data and configuration back up and restore previous software versions.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Static analysis of source code.

Vulnerability scan of libraries and SOUP within the software against vulnerability databases. Critical/unacceptable high vulnerabilities cannot merge to master until addressed.

Grey box scan of the Oxevision system including the operating system, server build and application using industry standard tooling.

Biannual penetration testing by external CREST accredited security contractors.

Monitoring information feeds (NCSC/CISA/MS-ISAC) for threats/vulnerabilities to Oxevision/internal infrastructure. Vulnerability disclosure policy for customers to report vulnerabilities in end-points and network connected devices.

Vulnerabilities are assessed; rated for severity (CVSS scoring) and addressed within appropriate timeframes. All patches are tested and incorporated as part software releases.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Oxehealth has a vulnerability management process in place to identify, triage and mitigate vulnerabilities in all components of the service. Each component is scanned during development and again at release by vulnerability scanners, which adhere to NIST guidance. If a vulnerability is found, it is triaged using the CVSS score and risk management procedures. These vulnerabilities will be mitigated on a criticality based scale, any critical or high vulnerabilities will be mitigated within that release.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
The Security and Privacy Incident Management Procedure is used to ensure an effective approach to information security incident management, outlining how security weaknesses/events are identified, defining when a security incident/data breach has occurred, how to be reported/recorded, the requirement for immediate containment and protection of assets, risk analysis, incident management actions, verification of effectiveness requirements for reporting security incidents and data breaches. Customers are notified of incidents which directly impact them.

A Vulnerability Disclosure Policy for customers reports any vulnerabilities in the Oxevision system. Security incidents are reported via the 24/7 customer support line; email or the GUI feedback form.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Oxehealth customer facing staff conduct significant travel to and from customer sites as part of delivering the Solution to customers. This includes visits to conduct site surveys, install hardware into the ward environment, deliver face-to-face training sessions and
support go-lives. This travel is typically conducted by car, either in the company’s fleet vehicles (mostly Euro6 diesel vans) or by the employee’s own vehicles, which are mostly petrol or diesel driven. Oxehealth staff may travel a total of 2,200 miles during the
deployment phase of the contract, assuming a customer site to be 100 miles from our central office, and assuming a contract value of around £100,000 (4 wards)
Specific initiatives:
As part of delivering the contract, Oxehealth will commit to ensuring that at least 50% of the car miles driven by Oxehealth staff in the deployment phase of the contract will be in low or no emission vehicles (eg plug-in hybrid or fully electric vehicles).
Valuation of the offer equates to c. 3% of contract value
How we will deliver this offer:
This will require Oxehealth to lease or procure such low emission vehicles to replace our existing standard emission vehicles, which will then be deployed to other projects and generate further carbon savings. Oxehealth have an existing relationship with a leasing car company that have a hybrid and electric vehicle offering and therefore no additional new relationships will need to be developed to deliver this offer.
Oxehealth will then require its staff to input their low or no emission travel mileage against the contract into the existing expense management tool to ensure tracking against the target.

Tackling economic inequality

People who have suffered from mental ill-health may often find it more challenging to get a job or work experience. But jobs can provide a clear sense of belonging, purpose and friendship that are incredibly helpful to sustaining good mental health. Oxehealth will sponsor a work placement in support of the contract for a person who has struggled with getting work experience. The company will work in conjunction with the healthcare provider’s service user and carer representative (s) to identify an individual
who is local to the healthcare provider (potentially a past patient or carer) who would welcome the opportunity to gain valuable skills over a period of no less than 6 weeks. Oxehealth works closely with service user and carer representatives of each healthcare
provider as part of each engagement. The company also has a growing network of experts by experience who would be able to support identification of people who may benefit and be able to help advice on crafting personalised work experience that takes
account individuals capabilities, interests and acknowledging any reasonable adjustments that may be required.
There are a number of roles that would support the successful implementation of the contract including:
● Support engagement work with patients and carers;
● Project management
● Supporting customer success in training sessions
● Supporting on site installation teams
The work placement would be paid at no less than the real living wage and employment would be with Oxehealth Ltd over 6 weeks based on a 36 hour working week. As part of the work experience, Oxehealth will provide induction training and support at the end of the placement for the individual to create a CV and undertake interview training.

Equal opportunity

As a company working in science and technology, it may also be less attractive to women in general, exacerbating gender pay disparities. To further support the company’s aim to be an employer providing equal opportunity and pay for women, the company will measure and report on gender pay for the company and put in place a programme of initiatives to encourage and support interest in women applying for roles in healthtech. Contracts will
typically directly involve up to 20 employees of Oxehealth. These numbers may be unrepresentative for gender pay information, so figures will be based on the whole company. Contracts are usually of multiple year duration, so initiatives will be based on these longer term timeframes.
Specific initiatives:
1. The company will analyse and report on gender pay figures for the company on an annual basis.
2. Review our recruitment and promotion processes to ensure they are skills based, free from unconscious bias, use structured questions to ensure fairness and are transparent so everyone is clear about the processes, policies and criteria for decision making. Where any roles offered to women have been rejected, the company will look at the reasons behind the decision with a particular focus on any
reasons that have a disproportionate impact on women.
3. The company will promote the role of women in healthtech by providing platforms for women in Oxehealth to talk about their role and provide evidence of where Oxehealth’s policies, culture and ways of working support women in the workplace.
The analysis and reporting on gender pay gap will be done by the finance department. Recruitment and promotion processes will be reviewed by the company's HR lead. To promote the role of women in technology, we will encourage and support women in the business to share about their experiences.

Wellbeing

Oxehealth is a company that is focused on mental health and supports many initiatives to complement our core service of delivering technology to support diagnosis, care and treatment of patients with severe and enduring mental illness.
As part of this contract, Oxehealth will target for 25% of staff working on the contract to be mental health first aider trained. Mental health first aider training provides not only a broad
understanding of mental health, its causes and how it might present but also provides a framework for people to engage with those in need of help. This understanding helps to tackle stigma about mental health, often formed by lack of awareness and enable the
Oxehealth team to become mental health ambassadors. Oxehealth already has a relationship with Mental Health First Aid England and some staff have already undergone training utilising their own training budget. This option for training will be in addition to the
personal training budget.
This offer is valued at c. £1.5k per contract.
How we will deliver this offer:
The opportunity to undertake mental first aid training will be discussed both at company wide level and then highlighted in all personal development discussions as an opportunity. Key information about courses available will be posted on the appropriate company communications platform and training records will track individual attainment. Project leads for each contract will be responsible for encouraging individuals working on each contract to undertake the course and incorporate this into the overall project plan.

Pricing

Price
£30,240 a unit a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at karen.west@oxehealth.com. Tell them what format you need. It will help if you say what assistive technology you use.