Telstra Health UK Limited

Telstra Health UK Cloud Based Software

This service provides for our specialist staff to assist you in using the Telstra Health Cloud Based Software toolsets which will allow you to visualise and analyse the data collected from within your organisation or domain.
This is done in line with GDPR regulations. Patient data is always protected.

Features

• Dashboard tool customisable to monitor sets of outcomes measures
• Dashboard tool allowing financial position to be tracked by provider
• Risk Stratification tool assesses patients’ risk of adverse outcome
• Risk Stratification tool ranking risks according to severity
• Delivers an understanding of a patient’s history
• Provides early warning of potential quality of care issues/safety
• Highlights areas of outlying performance compared to peers
• Broad range of analysis - mortality, long stay etc
• Supports planning and decision making
• Delivers easy to navigate visual representation of market share

Benefits

• Financial position to be tracked by Provider
• Customisable to monitor any set of outcomes measures
• Allows estimate potential use of population healthcare services
• Enabling in-depth analysis of performance issues within health economy.
• Enables in-depth analysis of inefficiencies within health economy.
• Delivers in-depth analysis of multiple datasets
• Enables providers to explore own and competitors activity
• Evaluation of current and historical trend Provider performance
• High level dashboard makes complex clinical/operational information easily accessible
• Provides a simple overview of consultant level activity

£500 to £1,500 a unit a day

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at liam.forde@health.telstra.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

835342454803001

Contact

Liam Forde
+44 (0)2073328800
liam.forde@health.telstra.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: There will be times when the system is unavailable for scheduled maintenance. These times will be agreed in advance with the client.
• System requirements:
  • Access through the HSCN
  • End user devices capable of running Internet Explorer or Chrome
  • Software licences for each end user
  • Suitable Firewall
  • Customers will require appropriate network connectivity
  • Customer responsible for data security over their connectivity method

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are 0800 to 1800 Monday to Friday excluding Bank Holidays
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard - 9am to 5pm, Monday to Friday, excl. Bank and Public Holidays; Yes we provide a technical account manager
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: For implementation and service delivery, we use a programme delivery methodology based on Scaled Agile Framework robust governance controls wrapped around iterative lean-agile delivery principles. This balanced approach provides agility to flex, ‘fail fast’, deliver programme value quickly, whilst providing essential controls ensuring the programme is delivered on time, to budget and in collaboration with you. ; ; As part of our standard Cloud Support Analysis Managed Service, we deliver regular education and training to customers to help them become more information-literate. We will develop a training programme to train a minimum number of analysts per year. This will include direct training, with established training manuals that we use both internally for new Telstra Health UK analysts and externally when upskilling customers. ; ; Examples include training on advanced skills e.g. machine learning, and programming skills such as SQL, R and Python.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: The customer has complete autonomy of how data is stored and managed within their virtual environment.; ; We will undertake certificated destruction of any datasets hosted on our systems.
• End-of-contract process: We will return all your data and materials which cannot be deleted or exported by you, and securely destroy all copies of your data on your written instruction. We will return any pre-paid sums for services not delivered to you. We will not penalise you for terminating your contract with us unless specifically stated in the Service Definition. We will also return all of your confidential information, unless there is a legal requirement that we keep it.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • IOS
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The differences are in the screen size available for viewing the system. This is taken into account for mobile access. The technology used is different between mobile and desktop.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: We provide our services via a web browser based portal which has the same level of conformity as our other web browser based services.
• Accessibility standards: None or don’t know
• Description of accessibility: Whilst not formally confirming to accessibility standards, Telstra Health UK has extensive experience in applying, adapting and improving access to healthcare data, as well as developing its own models that are tailored to the aim of the study and the end users of the information.
• Accessibility testing: None.
• API: Yes
• What users can and can't do using the API: With access to 10 years’ worth of historical English hospital data, in addition we can offer risk prediction, risk stratification and clinical decision-making model development and deployment – including machine learning techniques applied to data – to support forecasting, planning and monitoring. We are investing in flexible ways to deploy our algorithms directly to your organisation’s systems – utilising APIs, FHIR and Cloud technology. We can optimise system data (including electronic patient record data) processes and linkage to improve the way increasingly accurate models can be applied.
• API documentation: Yes
• API documentation formats:
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Dashboards can be customised to display different sets of information as required; Reports can be customised to display different sets of information as required. ; Both the above is made available to nominated users

Scaling

• Independence of resources: We provide a guaranteed service delivery and system response time for each user. We also provide Guaranteed resources that are a stated minimum of memory, CPU and disk size or space for each customer. The service is not affected by the demands of other users. We do have resource reservations and shares on our connectivity services that are not dedicated to our customers - such as internet bandwidth. In addition, the capacity planning team ensure that connectivity usage in terms of all resources are constantly monitored and increased accordingly to demand

Analytics

• Service usage metrics: Yes
• Metrics types: Due to the specific nature of our service metrics are provided on a per customer basis during scheduled reviews which are agreed at the outset of the contract.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: There is an SQL extract routine to export data via CSV files.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: Other
• Other protection within supplier network: Our hosting partner offers the choice of connecting: • Via the internet using additional encryption such as TLS 1.2 • IPSec VPN tunnels • Via private networks such as leased lines or MPLS • Via public sector networks such as PSN, N3, Janet

Availability and resilience

• Guaranteed availability: We provide a guaranteed service delivery and system response time for each user. The SLA details the hours of cover as well as the target response and resolution times for each Incident Severity. Reports can be generated at any time for any given time period. We confirm that the application can be hosted within an environment that provides full disaster recovery services.
• Approach to resilience: Multiple Servers will be configured as a cluster of VMs across these hosts and, should one of these servers fail or be taken out of service for maintenance work, then the remaining servers in the VM cluster will take up the additional workload. With the rapid recovery features in VMware your preferred method for resilience may be to dynamically provision new servers as and when a failure occurs. Your local preferences will dictate your approach to resilience and availability but be assured that the solution can be configured to meet your needs. A number of options enable you to build resilience into your applications. We offer Private Cloud Compute from two geographically distinct sites, both located in the UK and separated by over 100km for excellent geo-diversity.
• Outage reporting: All outages will be reported via the Service Status page and the notifications service within the Cloud Portal. Outages are identified as Planned maintenance, Emergency maintenance, and platform issues. In addition, the designated Technical Account Manager will proactively contact customers as appropriate.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Username and strong password/passphrase enforcement
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 09/09/2015
• What the ISO/IEC 27001 doesn’t cover: Nothing.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: NHS Digital Data Security and Protection Toolkit (DSPT)
• Information security policies and processes: Telstra Health UK’s Information Security Management System (ISMS) includes an Information Security Policy Manual (ISPM) which includes policies for IS relevant to the service, and associated processes. IS and DP is by design and default, so individual team processes refer back to the core ISPM as well as providing more detailed procedures based on best practice. As well as the Information Security Policy the ISPM includes, among others, the IT Acceptable Use Policy, Data Protection Policy, Security Incident Event Reporting Policy, Information Governance Training Policy, Information Asset Classification Policy, Supplier Security Policy, Information Security Continuity Policy, and the Change Control Policy.; ; Policies are approved via the Information Security Management Forum (ISMF) with representation from across the organisation including the SIRO, Head of Governance and Risk, and the DPO. The ISMF reports up to the Senior Leadership Team. All staff commit via contract to following policies, and are provided with copies at induction, and regular reminders and updates provided by email and training sessions. Compliance with policies is also ensured through internal and external ISO27001 audits, and the work of the organisation’s SecOps group and ISMF. Failure to follow policy and processes may result in penalties under the Disciplinary Policy.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: System changes, including enhancements and defects, will be managed via Change Management Process implemented within Governance Framework administered by the Programme Director. ; ; As part of programme governance framework, we create a Joint Design Authority will be led by the Programme Director. The Joint Design Authority includes representatives from across the programme and membership will be finalised during mobilisation. This group take responsibility for identifying, reviewing and prioritising requests for change to services and solutions.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential new threats, vulnerabilities or exploitation techniques which could affect customer service are assessed and corrective action is taken. The severity of threats and vulnerabilities is considered within the context of the service and this information is used to prioritise the implementation of mitigations. Our change management process ensures known vulnerabilities are tracked until mitigations have been deployed.; ; We monitor threats by using scanning tools that scan our network estate such as AppCheck and Crowd Strike, Qualys for internal penetration testing.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We take prompt and appropriate action to address incidents. Incidents are categorised by laid down priorities which each have response times for remedial action. Following best practice from National Cyber Security Centre, our service has enhanced protective monitoring, including checks on time sources, cross-boundary traffic, suspicious boundary activities, network connections and backup status etc.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management processes are in place for the service and are actively deployed in response to security incidents. Pre-defined processes are in place for responding to common types of incident and attack. A defined process and contact route exists for reporting of security incidents by consumers and external entities. Security incidents of relevance to you will be reported in acceptable timescales and formats

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  As Australia’s leading telecommunications and technology company, Telstra has a role to play in helping our customers and society adapt to technological change and the opportunities it brings. We want everyone to thrive in a digital world and our Environment Strategy is key to achieving this. Telstra’s Environment Strategy focuses on using technology to address environmental challenges while also helping our suppliers, customers and the communities we serve to do the same. Telstra’s previous Environment Strategy (2014) provided a foundation for responsibly managing our environment risks and opportunities. The updated strategy takes this to the next level. It goes beyond simply managing our own environmental footprint and encourages innovation in digital products and services that create environmental solutions to monitor, protect and improve the environment. Telstra’s Environment Strategy is comprised of five strategic priorities:; Managing Carbon Emissions – Reducing carbon emissions intensity by 50% by 2020.; Climate Change Resilience – Ensuring climate change risks are embedded in our Networks for the Future program.; Low-carbon Economic Growth – Enabling a low carbon economy by helping reduce our customers’ carbon emissions. ; Resource Efficiency – Reusing or recycling 60 tonnes of old mobile phones and increasing Telstra’s waste recycling rate to 42% by 2020.; Environment Management – Achieving best practice environmental management.; Accountability for the delivery of our Environment Strategy is shared across Telstra. Progress against the Strategy is overseen by the Chief Sustainability Officer and relevant project sponsors, and is reported to the Board twice a year.
• Equal opportunity:

  Equal opportunity

  We recognise the value of having diverse employees who represent unique perspectives and experiences and we’re passionate about creating an environment that’s inclusive and supportive, where everyone can truly be themselves. We know that diversity and inclusion fosters greater innovation and better customer connection, and helps us attract, engage and retain talented people. ; ; Our various internal Diversity, Inclusion and Wellbeing Employee Engagement Groups are also responsible for driving significant initiatives that provide opportunities to support and represent the diverse identities and passions of our people.
• Wellbeing:

  Wellbeing

  We’re committed to providing our employees with a working environment that promotes and fosters positive health and wellbeing, supporting the mental health and resilience of our workforce through services such as Thrive - our mental health and resilience program - and other support and resources through our EAP provider, Benestar.

Pricing

• Price: £500 to £1,500 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at liam.forde@health.telstra.com. Tell them what format you need. It will help if you say what assistive technology you use.