Helicon Health Ltd.

Hailie Smart Inhaler

Hailie is an intelligent device that can be easily attached to your inhaler and it effectively monitors your medication usage, offers timely reminders and delivers feedback on your inhalation technique. The system consists of a compact cradle equipped with Bluetooth-enabled sensors, an Smartphone app and a secure cloud-based clinicians portal.

Features

• Real time medication adherence monitoring and feedback
• Real time inhalation technique monitoring and feedback
• Reminders to take medication

Benefits

• Adherence data shown on App and clinician portal
• Inhalation technique shown on Clinician portal
• Adherence data is evidence for Biologics pathway

£135 to £135 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@heliconhealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

817230620548641

Contact

Tony Bowden
+44 (0)7850 905538
info@heliconhealth.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Maintenance and updates are provided. Announcements of down time to do this are sent to users in advance and are always of short duration.
• System requirements:
  • Windows
  • Apple OS

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Normally same day or next day. No support during weekends and bank holidays
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Training for staff; Creating user accounts; Trouble shooting and technical support; Support is free
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We can do on-site training and on-line training for new customers as well as refresher training. We also have training materials available to share with users
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Access to data remains available to users. A CSV or Excel file can be downloaded.
• End-of-contract process: A customer purchases a smart inhaler and in the purchase price, portal access is included. The device has a working life of one year and the user has portal access for an unlimited time. This data will remain accessible also after the device stops working.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Portal access is the same for mobile and desktop service. The patient App can be used on Apple and Android phones and Tablets.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: They would need to build a rest API interface based on our protocol.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: We have a contract with Microsoft Azure that scales as new users are added.

Analytics

• Service usage metrics: Yes
• Metrics types: We have a timer that shows how much time has been spent on reviewing patient data.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Adherium - Hailie Smart Inhaler

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Excel file or CSV
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: None
• Approach to resilience: We contract the service out to Microsoft Azure. The Microsoft network connects more than 60 Azure regions, 200 Azure datacenters, 190 edge sites, and over 175,000 miles of terrestrial and subsea fiber worldwide, which connects to the rest of the internet at strategic global edge points of presence.
• Outage reporting: Users get e-mail notification of any outages and planned updates.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: The system is based on a role based access control model. L2 users can see all patients from all users within their group whilst L1 users can only see their own patients.
• Access restriction testing frequency: Never
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ASCB Accreditation services worldwide
• ISO/IEC 27001 accreditation date: 02/07/2020
• What the ISO/IEC 27001 doesn’t cover: We are certified for "THE DELIVERY OF TECHNOLOGY­ ENABLED CONSULTANCY SOLUTIONS AND ASSOCIATED HEALTH & CARE SERVICES"
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001 Certification: This standard guides Adherium’s comprehensive information security management system (ISMS), ensuring a systematic approach to managing and securing company and customer data.; Risk Management: Adherium follows ISO 14971 for medical devices, emphasizing risk analysis, evaluation, and control, as well as ongoing monitoring.; Data Protection and Privacy: Compliance with GDPR and other data protection laws is critical, involving processes for secure data handling, storage, and transmission.; Incident Management: Adherium has established processes for incident response and management, ensuring quick actions to mitigate risks associated with security breaches.; Access Control and Encryption: Policies to control access to sensitive information and use strong encryption for data at rest and in transit.; Regular Audits and Reviews: Scheduled reviews and audits of security practices and infrastructure to identify vulnerabilities and ensure continuous improvement.; has context menu

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Adherium strictly adheres to configuration and change management processes to ensure secure and controlled system modifications. These include formal change control procedures for overseeing changes within development cycles, rigorous review and testing phases before deploying to production, and strict segregation of development, testing, and production environments. This systematic approach minimizes risks associated with unauthorized access and accidental changes, maintaining operational security and functionality. These practices are outlined in the "Information Security Procedure QP-059" and related documents, aligning with industry best practices for IT management and security.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Adherium complies with several types of vulnerability management, including regular penetration testing and static and dynamic application security testing (SAST/DAST) for applications. The company also implements log aggregation and anomaly detection to protect against anticipated threats. This comprehensive approach is documented in the "Information Security Procedure QP-059," which details the mechanisms for recording and examining activity in information systems that maintain or use electronic Protected Health Information (ePHI).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Adherium's protective monitoring processes are documented in the "Information Security Procedure QP-059," focusing on maintaining robust security over systems handling sensitive data like ePHI. The company implements hardware and software monitoring to record and review system activities. It regularly conducts vulnerability assessments and applies mitigation strategies. Additionally, Adherium uses anomaly detection tools for early threat identification and conducts regular penetration and application security testing. These combined measures ensure effective monitoring, quick threat detection, and the protection of information systems against unauthorized access and security threats.
• Incident management type: Supplier-defined controls
• Incident management approach: Adherium complies with a structured incident management process that encompasses handling, responding, and learning from security incidents. ; ; Reporting: Staff and contractors report observed or suspected security weaknesses.; Assessment: Incidents are assessed to determine if they qualify as security incidents.; Response: Documented procedures guide the response, involving containment, communication, and resolution.; Learning: Information from incidents is analyzed to reduce the likelihood or impact of future incidents.; Evidence Preservation: Procedures ensure the identification, collection, acquisition, and preservation of information that can serve as evidence.; This approach ensures that incidents are managed effectively, minimizing their impact and improving security posture over time.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Helicon Health is committed to sustainability and is certified to the ISO 14001:2015 standard. Helicon Health is fighting climate change by doing the following:; Our ISO 14001:2015 environmental management system enables us to enhance our environmental performance and helps us to manage our environmental responsibilities in a systematic manner that contributes to the environmental pillar of sustainability.; Our ISO 14001:2015 environmental management system sets out objectives and procedures to enable us to provide value for the environment, the organisation itself and interested parties.; Consistent with the organisation's environmental policy, the outcomes of our environmental management system include:; 1. enhancement of environmental performance;; 2. fulfilment of compliance obligations;; 3. achievement of environmental objectives.; Helicon Health are committed to achieving Net Zero emissions by 2030 as detailed in our Carbon Reduction Plan and we have adopted the following carbon reduction initiatives:; 1. The use of video conferencing and remote working; 2. The use of more environmentally acceptable vehicles; 3. Recycling and reuse of waste paper; 4. Recycling of Toner cartridges; In the future we hope to implement further measures such as:; 1. Continue remote working practices to reduce emissions from commuting wherever possible; 2. Develop plans to encourage more sustainable commuting practices; 3. Digital Technologies – we plan to increase the use of virtual reality techniques and technologies for site visits, fieldwork and audits; 4. Be aware of and follow the NHS net zero supplier roadmap

  Covid-19 recovery

  Helicon Health is an SME working in the field of healthcare technologies. As a company, we developed a recovery plan focused on sustainability and adaptability. Our plan includes measures to ensure the safety and well-being of our employees, such as supporting remote working. From a financial perspective, we successfully diversified our revenue streams by expanding our range of products for online consultation in specialist areas such as cardiology and neonatology enabling us to enter new markets. Financially, we optimized our cash flows by actively and successfully seeking out government support programs to bolster our liquidity. Through these measures we believe we have emerged stronger from this crisis and better equipped to continue serving our customers and community effectively.

  Tackling economic inequality

  Helicon Health is an SME committed to fostering economic equality. We have developed a policy aimed at addressing disparities within our organisation and beyond. Internally, we prioritise fair levels of pay. We provide equitable opportunities for career development. We foster a diverse and inclusive workplace culture. Helicon Health (Helicon) pay our bills quickly. Helicon is a signatory to the Prompt Payment Code (“Code”) administered by the Small Business Commissioner on behalf of The Department for Business, Energy & Industrial Strategy. Helicon has adopted the principles of the Code, which are followed by our accounting staff and communicated to, and endorsed by, its other members of staff. Helicon is committed to pay suppliers in accordance with the terms of their contract with them which is usually 30 days from receipt of a valid invoice or from receipt of the goods/services (whichever is the later). Externally, we support local community initiatives, invest in education and skill-building programs, and prioritize sourcing from suppliers that uphold ethical practices. By championing fairness and opportunity, we strive to contribute to a more equitable economic landscape for all.

  Equal opportunity

  Helicon Health has developed a policy aimed at addressing disparities within our organisation and beyond. Internally, we prioritise fair levels of pay. We provide equitable opportunities for career development. We foster a diverse and inclusive workplace culture. Helicon Health is committed to driving out acts of modern-day slavery and human trafficking within its business and that from within its supply chains, including its sub-contractors and partners. The Company acknowledges responsibility to the Modern Slavery Act 2015 and will ensure transparency within the organisation and with suppliers of goods and services to the organisation. These as well as the suppliers of services make up the supply chain within Helicon Health Ltd. As part of the company’s due diligence processes into slavery and human trafficking our supplier approval process will incorporate a review of the controls undertaken by the supplier. Imported goods from sources from outside the UK and EU are potentially more ‘at risk for slavery/human trafficking issues. The level of management control required for these sources will be continually monitored. Our company will not support or deal with any business knowingly involved in slavery or human trafficking.

  Wellbeing

  Helicon Health is dedicated to supporting employee well-being. We prioritize mental and physical health by offering flexible work arrangements and promoting work-life balance. Additionally, we provide resources for professional development and encourage open communication to support the well-being of our team members.

Pricing

• Price: £135 to £135 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: One sample; Portal training

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@heliconhealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.