Dem Dx

DemDx

DemDx is an award winning, CE marked and AI-enabled, clinical reasoning application. It empowers allied healthcare professionals (AHPs) to safely undertake clinical assessment. Evidence based with 1.5m clinical pathways and 2,800 diagnoses - AHPs can confidently undertake first point of contact clinical assessment supported by fully customisable guidance.

Features

• Clinical Assessment Guidance ( 1.5m clinical pathways)
• Flexible reporting for commissioning, clinical reporting etc
• Can operate standalone or be integrated within clinical workflow
• Bespoke capability for local guidelines and pathways
• Notebuilder: assessment notes automatically compiled for clinicians.

Benefits

• AHPs confidently carry out initial clinical assessment increasing clinical capacity
• Order investigations and make care recommendations according to local protocols
• Standardise care across teams and practices
• Improve best practice & reduce significant events
• Reduce administrative costs
• Upskill your workforce and increase productivity
• Deliver fully auditable clinical reasoning for governance and training purposes

£100 to £20,000 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lorin.gresser@demdx.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

869028712675960

Contact

Lorin Gresser
<removed>
lorin.gresser@demdx.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Clinical content customisations requires approval by a buyer's clinical lead.
• System requirements: Modern Web Browser required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1 hour for initial response. Targets for resolution time depend on nature of query and clinical impact.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support is included with purchase with a standard SLA (custom SLAs can be negotiated). A dedicated Customer Success Manager is available during working hours via email/phone. Support via a centralised system and an appropriate member of the technical staff or clinical content team can be assigned. ; ; Priority:; P1: 1h response time, 16h resolution time; P2: 2h response time, 26h resolution time; P3: 2h response time, 32h resolution time; ; Descriptions:; ; P1: ; Unavailability of core functionality by >=20% of users within one or more plans; Error w/ risk of data loss or degradation; Error w/ risk of patient harm; SLA: 12h from report to UAT; 16h from report to resolution; Unavailability of core functionality by <20% of users within one or more plans; ; P2:; Unavailability of non-core, supporting functionality by >=20% of users within one or more plans; Error resulting adverse UX of core functionality by >=20% of users within one or more plans; SLA: 18h from report to UAT; 26h from report to resolution; ; P3:; Unavailability of functionality supporting core by <20% of users within one or more plans; Unavailability of non-core functionality; Error resulting adverse UX; SLA (availability): 24h from report to UAT; 32h from report to resolution
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online user documentation. ; Online and onsite training.; ; Users will be on-boarded to the service using a simple but secure management process that ensures that users with legitimate access rights are issued with the appropriate access levels and roles.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: No data is saved other than basic user account information (email, password).
• End-of-contract process: At the end of contract, the customer is invited to renew their subscription. If the contract is ended without renewal, the customer and all 3rd party users – such as GP practices if the customer is a group - will lose access to all DemDX functionality.; ; However, customers at the end of the contract are supported as part of our offboarding process to provide a smooth transition. Customers can buy another licence for DemDx at any time.; ; None of our end-of-contract processes attract an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: End-users cannot customise, but buyer's can customised the clinical content and actions can be customised to fit the buyer's local service/system/team/regulations. Clinical content is customised and approved in partnership with a buyer's clinical team.

Scaling

• Independence of resources: Cloud infrastructure is scaled with service total service demands. Per user demand is very low and total registered (i.e. total possible users that can log in at any time), making scaling dynamically predictable.

Analytics

• Service usage metrics: Yes
• Metrics types: Users active per day (count + specified users); Assessments started and completed (total and per user); Pathways, media and calculators used (total and per user)
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: No user data is imported and can therefore be exported. Users are registered using only an email and password.; ; During temporary assessment sessions, notes can be copied/pasted out of the platform and, if a calculator is used, then the result can exported as a pdf. However, this information is not stored/associated with the users' account and so cannot be exported at a later date.
• Data export formats: Other
• Other data export formats:
  • Pdf (medical calulator results)
  • Plain text: copy paste of assessment notes
• Data import formats: Other
• Other data import formats: Users register via web portal. No other import required.

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99% availability. ; SLA agreement open to negotiation for refund model if guarenteed levels are not met.
• Approach to resilience: The service runs in a clustered configuration, and fails over to an alternate Regions data centre in the event of a failure.
• Outage reporting: Preventative monitoring is in place. We report any outages to our clients as possible, and within 90 minutes as a maximum. We alert via emails.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Administrative interfaces and support channels are limited within the Netlify and JIRA environment by role type.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • DTAC
  • CE Certification

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: CSA CCM version 3.0
• Information security policies and processes: ISO27001, internal security policy, regularly audited internally to ISO27001 standard. Board-level review and accountability. Open to client review.; ; We have a range of policies and procedures to support the security of our system. These are available to clients on request.; ; All of our staff are trained on security as part of their induction, and receive regular training updates to ensure continued compliance. For those with access to sensitive parts of software – for example our development environment – additional security training is carried out, as well as appropriate pre-employment checks.; ; Our reporting structure is in line with our security policy. Overall, our Chief Executive has overall responsibility for security, supported by individual product leads.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Prior to the delivery of new resources, a Clinical Safety Case Report (CSCR) is established. Once changes are deployed, the validity of any assumptions and the effectiveness of any controls made in the CSCR are monitored to ensure the perceived level of clinical risk remains representative and acceptable.; ; Should modifications be identified (e.g. defect fixes or new functionality) we review the CSCR to establish if modifications or updates impact on existing hazards or introduce new hazards. DemDx hold a log of all modifications delivered.; ; Our approach is strictly detailed in our Clinical Safety & Risk Management Policy (available on request).
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management approach is detailed in our risk management policy and risk register, which are regularly reviewed by our Board. We have an SLA with our web host. This covers regular security audits to assess potential threats, as well as any remedial actions. This is reported back to us on a regular basis.; ; Our development team rigorously tests our software for any vulnerabilities pre-release. If a vulnerability is identified post-release, then we deploy patches as quickly as possible. If necessary, we have processes in place to roll back to previous versions of the software.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All resources are built in a standardised design and go through the design, build and test approach. Our protective monitoring approach is compliant with the Data Security and Protection Toolkit. We work to monitor both our cloud deployment and our internal development systems. They immediately alert us to any potential compromises, which are escalated to our Board, who direct the development team as required.; ; Once submitted:; • Non-urgent fixes are implemented within 20 working days; • Urgent fixes are implemented within a maximum of 5 working days
• Incident management type: Supplier-defined controls
• Incident management approach: - Serious incidents such as practices not being able to access DemDx – acknowledged within 4 hours of occurrence and resolved within 2 working days; - Complaints such as a complaint about training quality – acknowledged within 3 days of receipt and response within 20 working days; - Urgent updates delivered within 5 working days of request; - Complaints are received via our support desk and regular update reporting provided to the customer. We are compliant with the Data Security and Protection Toolkit.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Covid-19 recovery

  Covid-19 recovery

  Looking after our people:; ; ● DemDx is a young business, however it recognises the value of health within its staff too. We are working towards an Employee Assistance Programme which is planned to be available to all staff, providing access to counselling, advice and support across a multitude of issues.; ; ● We recognise that paying attention to workplace Mental Health has never been more important and support the Mental Health at Work Commitment.; ; ● We are deploying an employee app to provide a focus on wellbeing and mental health, as well as providing a direct communications channel aimed at building engagement and a sense of belonging (Theme 5 – Wellbeing – Improve Health and wellbeing).; ; ● As an additional ‘thank you’ to our colleagues for their exceptional work during the COVID-19 pandemic, all colleagues have been given an additional three days of Annual Leave. This in part supports our commitment to Theme 1 – COVID-19 recovery.; ; ● Delivering annual pay increases, where possible and appropriate, across all levels of the organisation, helping our colleagues to deal with the rising cost of living.; ; ● Our flexible working model allows many of our colleagues to travel at times that are cheaper/less busy. Flexible working also supports colleagues from a wider set socioeconomic groups as it can help colleagues to balance caring responsibilities, health needs, etc.

Pricing

• Price: £100 to £20,000 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: DemDx are able to provide free trials of the full application. The length of trial period and support provided during the trial are negotiated on an individual case basis.
• Link to free trial: https://web.demdx.com

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lorin.gresser@demdx.com. Tell them what format you need. It will help if you say what assistive technology you use.