UFONIA LIMITED

Autonomous Telemedicine

Automated delivery of clinical conversations with patients.

Features

• Automated clinical calls
• Voice-based interactions
• Uses regular telephone
• Natural language conversations
• Real-time processing to manage care pathways

Benefits

• Increase clinical capacity
• Scalable to meet activity levels
• Consistent and standardised interactions
• Requires no technology literacy

£5 to £50 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ndep@ufonia.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

816731229519649

Contact

Nick de Pennington
01295788698
ndep@ufonia.co

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None known.
• System requirements: Electronic patient lists must be made accessible

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: The time depends on the SLA agreed in the contract signed between both the parties. It usually varies from 4 business hours to 40 business hours.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support levels and costs are as defined by SLA agreed between the parties and are provided by technical account managers.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Onsite and online engagement, and information sessions provided to client teams. Process mapping of existing pathways and preparation and agreed of new standard operating procedure.
• Service documentation: No
• End-of-contract data extraction: Secure file transfer will be made to a location of the client's choice.
• End-of-contract process: Transfer and deletion of all client data.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: All conversations are customised to the client site, clinical service and individual patient. This is established as part of the client on-boarding process.

Scaling

• Independence of resources: A micro-service infrastructure is used which subject to agreement can be deployed as an isolated single tenancy instance.

Analytics

• Service usage metrics: Yes
• Metrics types: Call delivery, connection and completion. Other metrics can be provided based on individual contractual agreement.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data is transferred to clients after each clinical interaction.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Based on SLA agreed for each client / clinical use-case.
• Approach to resilience: Use of third-party data centres with disaster recovery, high availability and fallback capabilities.
• Outage reporting: Email alerts are sent to clients.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: Internal role-based access control limits access to management interfaces. Support is provided via email.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials and NHS Digital Protection and Security Toolkit
• Information security policies and processes: Contractual requirement of all staff to follow policies.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and change management process are defined in Ufonia's Control of Software Design Changes Standard Operating Procedure (SOP).
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Automated monitoring is in place to identify vulnerabilities and the required remediation implemented to a defined plan. Code deployment pipeline includes automated vulnerability assessment. Required patches are deployed as hot fixes to all environments.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Internal monitoring is in place to identify compromises, if unauthorised changes occur the compromised system is isolated and restored.
• Incident management type: Supplier-defined controls
• Incident management approach: Ufonia's has a pre-defined incident management process adapted from “BS EN ISO 14971:2012 – Medical Devices: Application of Risk Management to Medical Devices”, the UK health and social care standard “DCB0129:2018 – Risk Management: it’s Application in the Manufacture of Health IT Systems”, “IEC 62304:2006 – Medical Device Software: Software Lifecycle Procedures” and best practice system safety engineering academia and principles.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  Supporting the delivery of a Net-Zero NHS by reducing carbon footprint of patient and staff travel and building infrastructure.
• Covid-19 recovery:

  Covid-19 recovery

  Increasing clinical capacity to manage post-COVID-19 backlog.
• Tackling economic inequality:

  Tackling economic inequality

  Providing access via any telephone removes digital exclusion from lack of technology.
• Equal opportunity:

  Equal opportunity

  Automation removes conscious and unconscious bias in delivery of services.
• Wellbeing:

  Wellbeing

  Reduces healthcare staff burnout from conducting repetitive, high-volume clinical tasks.

Pricing

• Price: £5 to £50 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ndep@ufonia.co. Tell them what format you need. It will help if you say what assistive technology you use.