ALLIED HEALTH PROFESSIONALS SUFFOLK CIC

U Refer Patient Self Referral Web Portal

U Refer is a software package used to manage patient self referral to services in healthcare. Using an online, device agnostic, web portal, patients complete a health questionnaire which once clinically triaged within the portal, leads to the ability to manage care, appointments and patient communications seamlessly. Telephone alternative available.

Features

• Self-referral with safety netting for red flags
• Web application
• AI Language Translation
• Proxy referral
• Patient advice, guidance, self-care,
• Exercise prescription
• Image upload & redaction
• Document upload
• Clinical triage and striation of referrals
• Device agnostic

Benefits

• Reduced primary care workload, no need to see GP first
• Reduced time to conduct clinical triage through consistent presentation
• Enhanced patient experience, enabling patient-led care initiation
• Intelligent patient questionnaire enabling stratified care pathway
• 24 hour, 365 day referral availability online
• Reduced healthcare demand after self-referral with fewer follow up appointments
• Facilitates patient self-management by condition/customer customisable advice/guidance
• Cloud-based clinical triage function enabling remote working
• Clinical safety netting through embedded algorithms
• Reduced ongoing demand through conversion to self care

£12,500 a licence

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Jo.vertigan@nhs.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

861195680865795

Contact

Joanne Vertigan
01379 770445
Jo.vertigan@nhs.net

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: We have no identified constraints. Planned maintenance is carried out during off peak periods to limit operational downtime. There are no required specific hardware configurations.
• System requirements: Web browser access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday (excluding public holidays) - response within the same day within extended office hours 08:00 to 18:00.; Weekends - Next working day. ; A same day response at weekends would be negotiable on request.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Clinical support is available from a Clinical Account Manager during working hours (8am - 6pm Mon-Fri); Administrative support from a dedicated administrative team during working hours (8am-6pm Mon-Fri); Technical support from helpdesk by email or phone during helpdesk hours (8am-6pm Mon - Fri); These support levels are all included in our licence fees.; ; During implementation we support our customers intensively. We work with customers to customise and develop the system to meet their specific needs. We can offer staff training and patient guidance literature to ensure the success of their launch and post implementation we can support with advice and guidance in maximising throughput of the system. This support is costed to customer needs and included in bespoke implementation fees.; ; We will work with customers either during implementation or following that to develop new ways of working or features to enhance their success. This could include the development of new pathways and workflows or could include development of new code or applications to enhance functionality, (chargeable, depending on ability to roll out to the benefits of all URefer customers).
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding for new services will involve fact finding by the clinical account manager to support the implementation of self-referral into the service. This would involve engagement of a task and finish type group with the clinical and administrative teams to determine the correct questionnaire, referral outcomes, and workflows to match the local service. Following this, a build phase would construct the unit with user acceptability testing and optimisation and review. Onsite and online training would then be provided to clinical and administrative teams to support go-live and a training environment and user documentation will be provided to assist in this process.; ; Following go-live of the typical implementation the project team will be on-hand for intensive support in the initial weeks and would aim to speak to the wider project team weekly. There will be the opportunity within the first months to optimise set up before entering a business as usual approach. Changes to set up are possible at any further stage if required.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Word (.docx)
  • Excel (.xlsx)
  • PowerPoint (.pptx)
• End-of-contract data extraction: Data of completed referrals will be extracted to the customer's electronic health records continuously during the contract by URefer on the customer's behalf. This practice ensures compliance with best practice for data retention and is customisable to meet the specific requirements of the customer/clinical service. Ordinarily, data will be deleted from URefer 12 months after the latest entry by the specific patient assuming end of engagement episode by the patient. ; ; At the end of a contract, a data download will be provided to the customer ensuring all clinical information is transferred or deleted according to the customer's preference. Incomplete referral data can be provided to the customer at the end of a contract. Alternatively, incomplete data can be deleted. The cost for extraction and transfer will be notified once the scope of the action is determined and agreed with the customer. This choice will be made by the customer and implemented by URefer.
• End-of-contract process: Included in the price of service, at the end of contract the supplier will work with the customer to determine necessary steps for clinically safe shut down and support communication to relevant stakeholders if required. ; ; Extraction of data which is outside the ordinary process is chargeable and negotiated based on requirements; data deletion after contract end is the default position of the supplier.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: URefer includes the functionality of a scaleable user interface for mobile devices to optimise user experience. This allows the user interface to adjust to different display sizes, resolutions and ratios to ensure the interface is maximised and easy to use on various devices. As a web application there is no difference in the patient experience regardless of the operating system of the device used (eg iOS, Android, iPadOS, MacOS, Windows)
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: There are separate public facing and back-office user interfaces. They are designed to guide patients, clinicians and administrative support users to undertake referrals and triage respectively ensuring both sets of users have the best possible user experience, only seeing the application elements required for their interaction. ; ; The public/patient interface does not require any prior training or knowledge of the interface to enable full engagement. The back office interface is optimised for productivity to enable administrators and clinicians to make the most of their time showing them an uncluttered and easily searchable/sortable view of tasks required.
• Accessibility standards: None or don’t know
• Description of accessibility: URefer is highly accessible through the use of natively high contrast screens/graphics which are scalable to 400% on screen for visually impaired users. The public facing website is translatable to over 100 languages to allow users to answer health questions in their native language and receive advice and guidance similarly.; Technically, the website is device agnostic supporting viewing on any device and uses common coding languages and HTML formats to allow interfacing with accessibility middleware. We offer an equitable non-digital option through our telephone referral service and allow proxy referrals for those unable to complete referrals themselves.
• Accessibility testing: Nil
• API: No
• Customisation available: Yes
• Description of customisation: The user interface is customised to match the look and feel of the service implementing URefer. This includes colour scheme, logo, URL and textual content. The referral questionnaire is customised for each service pathway offered in the system and can make use of combinations of questionnaires which will adhere to business logic determined by the customer. Triage decisions, to be selected by clinicians, and the associated communications that are sent as a result are also customisable or can be linked to third-party sources. This extends to the look and feel of email communications which utilise full HTML to provide a high quality user experience of referring patients. These communications make use of dynamic fields to personalise the message to the user. For each communication the template can be added to by the clinician as they conduct triage to personalise the communication further.; ; Customisation can be completed by URefer's support team on the customer's behalf, (chargeable) or where available, the customers own administrative users are able to make changes too.

Scaling

• Independence of resources: The application is hosted in a dedicated environment where the infrastructure is scalable to demand, meaning user experience can be maintained during high demand. The resources dedicated to the application can be scaled both proactively and reactively.; As part of an ongoing architectural project, the application has migrated to a modular component architecture allowing for load balancing across the components of the system ensuring there is minimal scope for activity in one component affecting that of another. ; Certain scheduled tasks within the application are throttled to ensure there is no disruption to functionality as they run.

Analytics

• Service usage metrics: Yes
• Metrics types: Referral metrics are available at a service level to users with appropriate access rights. These include information on referral timing and productivity, patient demographic information, clinical decisions and pathway indicators. There are dashboards for individual users. Access logs are available on request. Custom queries of any of the data held are possible, however may incur a charge depending on complexity. Productivity metrics are available on our telephony service if chosen as part of the package purchased.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Patients can download a copy of the referral, advice and guidance from their account homepage in .pdf format. For patients not digitally enabled, our administration team will print and post hard copy information as requested by the patient.; Back office users can download individual referrals, advice and guidance in .pdf format and aggregate reports of data (.xlsx) for internal performance management and management information purposes.
• Data export formats: Other
• Other data export formats:
  • .pdf
  • .xlsx
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • HTML
  • .docx
  • .pdf
  • Image formats

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: During normal operations we deliver a 99.9% uptime approach, supported by our developers and IT specialists who similarly have these KPIs included within their contractual performance requirements. Planned maintenance is performed during off-peak times to minimise disruption. Planned maintenance is proactively notified to customers with 2 working days notice where reasonably possible. Planned maintenance is also proactively notified to all users through the user interface in the form of banners and reminders. User data is saved at each stage so if a connection is interrupted there is minimal data loss to users. Back ups are in place to minimise data loss in the event of unplanned outage or disruption and agreed recovery processes in place with our developers and IT specialists to reduce downtime.; Due to our high level of delivery, and pre agreed KPIs around uptime, we do not refund customers in the event of uptime KPI breaches.
• Approach to resilience: This is available on request.
• Outage reporting: The URefer helpdesk is alerted through automated email alerts to outages. Back-office users are also able to report outages directly to the helpdesk. Customers are informed of any outages by email as soon as practically possible, to the nominated representatives. Patients are notified of outages via our social media, our website and our customer call centre. No public dashboard or API is available for URefer.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Role based access controls in place for super-users
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials; Data Security & Protection Toolkit
• Information security policies and processes: URefer has a full suite of up to date policies and procedures in place in relation to Information Security and Governance which comply to NHS data security requirements. These policies/processes include access control (including role based access), authentication, business continuity, encryption at rest and in transit, asset management and system audit. ; ; We have a Data Protection Officer who oversees all elements of data protection and management including the management of change through Data Protection Impact Assessments (including assessing data security) and contracts (to include terms related to technical and organisational measures). ; ; The Information Governance Steering Group, as a sub-committee of the company Board, meets monthly and includes a standing agenda item for information security, supply chain management and incidents.; All staff complete an annual mandatory training module on information security and governance. Staff understanding of this knowledge is tested by our DPO who runs an annual audit and refresher courses as required. We are registered with the ICO and comply with guidance and best practice alongside the requirements mandated for NHS providers.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: At an application level, releases go through a release management process which scopes the development, ensures code is reviewed and releases include user acceptance testing prior to release. Any additional components added are checked for security or other issues. Regular maintenance releases use the same release management process, ensuring components are up to date.; Infrastructure changes are requested via the helpdesk and assessed by a technician. Following acceptance, they are peer reviewed and authorised and an implementation time agreed. As part of this process a security impact assessment is completed to highlight any vulnerabilities that may occur.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Software is maintained at the recommended stable release from the manufacturer. We undertake monthly reviews of software updates and deployed them depending on risk. Triage of threats takes place following the identification. Depending on the risk score, where a serious threat exists urgent (zero day) patches are deployed immediately, alternatively less urgent patches are applied as recommended by the relevant manufacturers at the next scheduled update/release.; We undertake at least annual penetration testing in line with Cyber Essentials and DSPT. We subscribe to industry databases eg National Cyber Security Centre, NHS digital which notify us of potential threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The system is configured with Microsoft Application Insights which gathers data about performance/usage of the application. Alerts notify the support team of unusual activity. Responses include analysis of server logs to review activity and monitoring of the firewall. Issues identified by monitoring processes are prioritised and actioned. The components of the application are reviewed monthly to confirm no security/issues are identified. There is regular review of activity/alerts/monitoring of Firewall/WAF, network traffic monitoring, XDR/MFA security logs.; We respond to incidents immediately in keeping with our business continuity plan. Both key subcontrators have target/required response times within the requirements of their sub-contracts.
• Incident management type: Supplier-defined controls
• Incident management approach: A business continuity plan/disaster recovery process exists describing actions to be taken in the event of significant incidents/common events.; Incident reports are submitted via a Microsoft Form or automated alerts. All URefer staff/customers can raise incidents which automatically deliver to a triager. The triager disseminates information for expert response; by the relevant helpdesk or the relevant third party. ; A risk management approach is embedded within this overall process and high risk incidents are debriefed with users immediately and during regular meetings. Senior leadership is prioritised to support incident and risk management.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The use of patient online self-referral portals result in patients making fewer journeys to clinical sites through the sharing of advice and guidance that can be followed at home without a face to face appointment in the first instance. The back office element of our product means that triaging and treating clinicians can work remotely either from home, or their remote clinical space, working with patients either online, or on the telephone. This means we can rota our clinicians to the most effective location, avoiding unnecessary travel and resulting in fewer emissions for both patients and clinicians. Lower footfall in clinical settings will lead to less wear and tear on our buildings, less need for intensive cleaning, and potentially in the longer term smaller clinical estate, which will further significantly reduce our carbon footprint.

  Covid-19 recovery

  We know that were patients can self refer online this results in a greatly reduced care burden on primary care, specifically GP practices. ; Patients no longer need to see a GP to request their referral to the range of clinical services using self referral. This supports covid 19 recovery by alleviating the need for first appointments within GP practices who are already stretched to the max.

  Tackling economic inequality

  The self referral web portal is available to citizens 24/7/365. Citizens can refer outside of standard healthcare hours; for those who may struggle to attend during working hours without financial detriment, the portal enables clinical advice and guidance to be issued without needing time off work. We have audited patient use of the portal and can see there are no significant access barriers to those within the areas of economic deprivation. This is supported in part by our telephone access route, for those who choose not to, or cannot, use a computer.

  Equal opportunity

  The online portal is available in over 100 languages both online and through our telephone customer service centre with translators. There are also mechanisms for third parties to complete a proxy referral for those unable to do so for themselves. The web portal is device agnostic to make it more accessible and scalable to 400% to aid those with visual impairment.

  Wellbeing

  The ethos of AHP Suffolk and URefer is one of patient empowerment and education. We recognise patients are experts in their own condition and care, and work with patients to set their own goals and inform their own care plans. As part of this, we enable conversations and share information about a patient's wider wellbeing, and use health coaching techniques to open conversations about healthy lifestyles, ie smoking cessation, moving more, healthy eating.

Pricing

• Price: £12,500 a licence
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Jo.vertigan@nhs.net. Tell them what format you need. It will help if you say what assistive technology you use.