Patients Know Best - Patient Engagement Platform via a Personal Health Record/Patient Portal
The patient engagement platform is used by healthcare providers across the system to securely share data and interact with patients/carers to better support/manage patient's health and wellbeing. This includes patient outpatient and PIFU prgrammes supporting elective recovery as well as perioperative and acute care episodes.
Features
- Patients/carers accessing data from multiple providers in one record
- NHS login NHS App integration for secure consistent access
- Tools supporting Patient Initiation Follow Up and outpatient transformation
- Integration with trusts systems (FHIR, HL7, REST) and apps/devices
- A library of questionnaires and a local questionnaire builder
- Real time graphical test result sharing with optional delay filter
- Collaborative shared careplans and library of resources for personalised care
- Waiting list resources for patients to help prepare/waiting well
- Fully supported implementation, transformation and supporting services
- Ongoing product development focused on user-centered design
Benefits
- Improving patient empowerment/engagement through access to information resources
- Improving health outcomes by remote monitoring including self management programmes
- Preventing unplanned hospital admissions through patient awareness and management tools
- Reduction in unnecessary appointment, phone calls and DNAs
- Reduction in waiting list times through removal of unnecessary appointments
- Supporting patients waiting/preparing for appointments for better outcomes
- Better utilisation of clinic time through activated/prepared patients
- Cost savings on print and post sending letters/documentation digitally
- Supporting sustainability and green agenda by reducing the carbon footprint
- Accessibility: supports 23 languages, screen magnifiers/readers, speech recognition
Pricing
£30,000 a licence
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
8 7 6 8 0 4 3 5 5 3 5 9 8 8 8
Contact
Patients Know Best
Tom Gausden
Telephone: +44 1223 790708
Email: nhsbids@patientsknowbest.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- Modern Internet browser equivalent to IE11 or later.
- System requirements
-
- Internet browser equivalent to IE11 or later.
- Internet connectivity.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Service level agreement (SLA) targets are set within the support desk portal which anyone can have access to.
1-URGENT Response time:15 minutes Resolution objective: 4 hours
2-HIGH Response time: 30 minutes Resolution objective: 12 hours
3-MEDIUM Response time: 1 hour Resolution objective: 3 days
4-LOW Response time:1 hour Resolution objective:7 days
“Response time” shall mean the time between a fault being reported to PKB and PKB notifying the Customer of the actions being taken to rectify the fault between the hours of 8 am to 8 pm Monday to Saturday (based on UK time zone). - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
- All support is included in PKB’s fixed Software-as-a-Service licence fee. Support has a defined Service Level Agreement as described at https://deploy.patientsknowbest.com/support/service-level-agreement. Support includes project management, technical assistance, integration and end user support. PKB uses a service desk solution called 'Freshdesk' that has ticketing of all service queries with a single point of access. Each ticket is assigned one of four levels of priority (as explained in the above link), depending on the nature of the query. For each level there are target response and resolution times. Each organisation will have an assigned technical account manager, where necessary and overseen by the PKB Solutions Architect.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
A dedicated project manager (Success Team member) will be assigned to the Customer immediately and they will act as the single point of contact throughout the contract. At the beginning of the project the Success Team will create and share a Project Initiation Document (PID) that covers the technical, configuration, integration, and on-boarding tasks to complete, including Information Governance and technical due diligence - many of these tasks are completed prior to contract signature to ensure the customer gets the most value and time out of their licences.
The Success Team member will assign milestones to every task and these can be tracked via the project management software, 'Teamwork'. The customer can interact and add to the project from within Teamwork. Training is ongoing and includes face-to-face workshops, e-learning platform, video resources and online help manual, as well as full technical assistance during initiation and ongoing BAU queries via our support desk. Each account also has a dedicated Account Manager to oversee the strategic objectives and alignment of the project teams to ensure customer satisfaction. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Data extraction can be undetaken at any point via the REST API. At the end of the PKB service provision contract Controllers ordinarily instruct PKB to retain data for a minimum 8 year period.On the instructions of the Controller, PKB shall ensure that the Personal Data that are Processed under the Agreement by Patients Know Best in its capacity as a Processor are returned to the Controller, within 30 days in a manner mutually agreed between the data controller and data processor, transferred to a third party or destroyed in accordance with the Controller’s reasonable instructions.
- End-of-contract process
- PKB is committed to providing a long-term complete record, a record that customers and patient can rely on. PKB will maintain the record for the patient for at least 8 years from last known access. PKB will produce a detailed Termination Plan for the cessation of services at the start of any new contract. All data is available throughout the life of the contract via available APIs. At the point of cessation the integration will be switched off and no further data from the clinical systems will come into the PKB patient record. The professional login will be ‘deactivated’, meaning they will no longer be able to access specific patient records. However, to maintain the full medico-legal record of interactions, professionals will still be able to log as before and be still be able to access their own ‘discussions’. This is the medico legal record of their interactions with the patients and will not be deleted. Professionals will also retain access to any survey and care plan exports that that may have been requested to this point. Patients will still be able to log in, access data and continue to record any data that is useful to them.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- PKB works on any mobile optimised device. The user interfaces are identical as the website is designed to scale dynamically across all size screens (mobile, tablet, laptop, computer), and accessible with both mouse and touch screen devices. More information can be found here - https://manual.patientsknowbest.com/patient/using-pkb-on-a-mobile-device. Patients are also able to access jump off points (messages, ADT information, documents/letters, appointments, care plans, library of resources, symptom tracker, measurements, journal, test results) into their PKB record via the NHS App which has been app optimised.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- PKB is accessed via a web application, on any device connected to the internet with a web browser. PKB has been built with the patient in mind, using a ‘tile’ design that allows quick access to core features. Due to the clean design, a patient is able to access any part of their PKB record within 2 clicks. PKB has a timeline view, so that a professional can easily see essential information on a single page and grouped. PKB also consolidates data into meaningful areas, such as grouping test results or medications together.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- PKB confirm with the meet Equality Act 2010 Compliance - Accessibility. PKB meet level AA of the Web Content Accessibility Guidelines (WCAG 2.1), work on the most commonly used assistive technologies - including screen magnifiers (up to 300%), screen readers and speech recognition tools and include people with disabilities in user research. Due to the clean design, a patient is able to access any part of their PKB record within 2 clicks and has been tested for those with ambulatory, visual and auditory impairments, and is available in 23 languages. The usability of the PKB software consistently means that patient require no training and interact with professionals quickly and efficiently. This has been independently verified by Cancer Research UK who conducted a usability test (UX testing) of the solution, resulting in a score of 76 out of a 100, with the industry average being 68. The record can be accessed on any device connected to the internet with a web browser and can also be access via the NHS App where usability testing has also taken place with findings acted upon - https://manual.patientsknowbest.com/user-research/pkb-in-the-nhs-app-usability-testing-with-patients.
- API
- Yes
- What users can and can't do using the API
-
PKB publishes a details on all available Open API at http://dev.patientsknowbest.com/home/.
These include REST, FHIR compliant REST and HL7 APIs.
These APIs allows for 2-way push and pull of data from the PKB repository, enabling integration to third party apps and solutions. Users can make calls against the REST API via GET, PUT and POST operations.
PKB also publishes a Single Sign On API allowing for direct log in to the PKB environment from third party solutions.
There is a sandbox environment that is accessible to all customers. A full summary of data available to pull, push or update can be viewed via swagger: (https://sandbox.patientsknowbest.com/api/index.html)
PKB is also committed to external interoperability by making all our data available via FHIR compliant REST APIs - https://dev.patientsknowbest.com/home/fhir-api with a number of resources already available and a roadmap to continue provision of additional resources throughout the year. - API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
PKB can be customised to the organisations requirements which is included in the cost of PKB’s SaaS model. PKB is white labelled to support branding requirements of organisations where the solution is deployed, enabling you to apply your own look and feel whilst inspiring user confidence. You can customise the platform with your chosen header, footer and colour scheme. You will also be able to customise email footers for notifications which patients will receive when there is an update in their record.
In addition to customising the look and feel, many aspects within the platform are configurable based on the organisations requirements, including:
* Welcome message which will feature on the patients homepage
* Care planning templates which can include videos and images
* Symptom tracking
* Questionnaire templates
* Configuration around messaging functionality/team-based messaging
* Information available in the Library of Resources
Scaling
- Independence of resources
- PKB is cloud hosted and can be scaled as needed. As of April 2022, over 1.67 million patients have registered to use the platform, expanding by 150,000 new registrations per month.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Team aggregated usage data including login activity (all user types), file and data activity (messages sent, HL7 sent, files uploaded, symptoms tracked etc), and users created (created, registered, ID verified, email set). This data is also aggregated to organisation level, so that the data van be viewed and understood at multiple different levels. Data is curated into a selection of graphs to present the data in a downloadable intuitive and easy-to-digest format These graphs are delivered via an interactive and visually pleasing online dashboard service, updated weekly. Guides on the metrics and dashboards are available publicly at https://deploy.patientsknowbest.com/sustainability/statistics
- Reporting types
-
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data points in PKB are available via real-time 2-way REST APIs with OAuth 2.0. Data is extractable from PKB via REST API for data warehousing and reporting. PKB is committed to external interoperability by making all our data available via FHIR compliant REST APIs (some of which are already available) which is part of our development roadmap.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- JSON API
- FHIR API when adhering to FHIR standards
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- HL7 API
- JSON-formatted PUT and POST commands via API
- FHIR API
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- PKB commits to 99.9% uptime, which can be monitored at www.pkbstatus.com. Customers can see uptime and response levels and subscribe to receive automatic notifications of upgrades and disruptions. Service credits for failure to meet agreed SLA are associated with response and resolution times. Service credits are cumulative over each month and offset against any future payments, typically the next quarters charges. Service levels can be tracked on a continuous basis at www.pkbstatus.com. Full SLA information can be found at: https://deploy.patientsknowbest.com/support/service-level-agreement
- Approach to resilience
- PKB commits to 99.9% uptime including scheduled downtime, recovery time objective is 60 minutes, recovery point objective is 10 minutes. Infrastructure resilience is provided by GCP – standards compliance information can be found at https://cloud.google.com/security/compliance/. All of our services are containerized run on redundant, resilient clusters. Data and backups are stored across multiple data centres. Infrastructure software and hardware upgrades are done automatically and gradually without service interruption. We use the infrastructure-as-code approach that ensures we can re-provisioned automatically in disaster scenarios. PKB carries out disaster recovery rehearsals every 6 months.
- Outage reporting
- PKB commits to 99.9% uptime, and can be monitored at www.pkbstatus.com. Users can automatically be informed of any changes to service levels by subscribing to www.pkbstatus.com. This provides details of outages, uptime, response rate of solution (transaction times) and maintenance schedules and overview of upgrades/changes. Additionally, reports to organisations can be provided on a frequency requested basis, but typically PKB provides a weekly report detailing the service and any disruption to the service levels. PKB can also provide more detailed reports specific to the organisation and can customize a weekly SLA fulfilment report as needed.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Privileged access to PKB’s production environment is highly restricted where only designated and suitably experienced Senior Production Support Engineer have direct access to PKB’s production environment. Circumvention of security measures is minimised through the use of 2-Factor Authentication and certificate based VPN access. Support Engineers with access to the database, decrypting of clinical data is only possible with the requisite per-user keys. Administrative system passwords have a minimum of 10 characters with 4 complexity classes (special, uppercase, lowercase, number). Passwords are cycled every 30 days (force change) for all administrators. Administrative passwords are blocked after 3 failed attempts
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Identity federation with existing provider (for example Google Apps)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- EY CertifyPoint
- ISO/IEC 27001 accreditation date
- 03/05/2021
- What the ISO/IEC 27001 doesn’t cover
- PKB's hosting partner, Google Cloud Platform is ISO27001 certified. All aspects of the hosting service and all locations (Google Cloud Platform data centres) are in scope.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- NHS Digital DSPT
- DTAC
- Our hosting partner has GCP - ISO 27017 certification
- Our hosting partner has GCP - ISO 27018 certification
- Our hosting partner has GCP - ISO 27701 certification
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- Information security policies and process are drawn primarily from those defined within ISO27001:2013, Cyber Essentials Plus and from NHS Digital DSPT, as such we have implemented an Information Security Management System. To support this initiative comprehensive Information security policies serve as overarching guidelines for the use, management, and implementation of information security throughout the PKB eco-system. Internal controls provide a system of checks and balances intended to identify irregularities, prevent waste, fraud and abuse from occurring, and assist in resolving discrepancies that are accidentally introduced in the operations of the business. PKB’s Information Security Management Plan and Policies reflects commitment to stewardship of sensitive personal information, clinical information and critical business information, in acknowledgement of the many threats to information security and the importance of protecting the privacy of PKB constituents, safeguarding vital business information, and fulfilling legal obligations. The plan is reviewed and updated at least twice a year or when the environment changes.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All changes to our database, application, architecture and environment are authorized, reviewed and fully logged. We use a combination of JIRA and internal development Wiki to document bug fixes, releases, upgrades, maintenance and other elements that might impact our production environment. Additionally, database schema management is via Liquibase.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Server security patching is conducted monthly or as required when a patch is released by a manufacturer. Information about threats is gathered from various sources including: developer bulletins, security mailing lists and other internet sources. PKB maintain a InfoSec/OpSec team that monitor new threats. Scanning is both externally commissioned/conducted and internally conducted - for internal vulnerability scanning we use Tenable Labs / Nessus. Additionally, internal information security and information asset audits are regularly conducted, threats are evaluated, registered, graded and assigned for mitigation.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- PKB maintain a InfoSec/OpSec team that monitor new threats. Scanning is both externally commissioned/conducted and internally conducted - for internal vulnerability scanning we use Tenable Labs / Nessus. Additionally, internal information security and information asset audits are regularly conducted, threats are evaluated, registered, graded and assigned for mitigation - the speed of mitigation/resolution or patching depends on the likelihood and severity of the threat/compromise. Actual compromises are prioritised for immediate resolution. Identification may take places via a number of pathways; malware scanning, internal security audit, internal vulnerability scanning, external vulnerability scanning or reporting.
- Incident management type
- Supplier-defined controls
- Incident management approach
- PKB’s IG Incident Response Plan (IRP) establishes full incident management alignment to the guidelines established and published by NHS Digital, specifically: ’Checklist Guidance for Reporting, Managing and Investigating Information Governance and Cyber Security Serious Incidents Requiring Investigation. PKB’s IG Lead will assess the severity of all incidents based on the sensitivity and the scale of the incident. The IG Lead will use NHS Digital’s IG Scoring Matrix to establish an accurate grade of the incident. The full plan can be found https://ig.patientsknowbest.com/policies/incident-management
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- NHS Network (N3)
- Health and Social Care Network (HSCN)
Social Value
- Fighting climate change
-
Fighting climate change
Patients Know Best (PKB) is committed to developing pioneering health and care technology that is sustainable for generations to come. By reducing the impact for patients, professionals, health economies and the environment, while altogether saving money, we’re well on our way to supporting the NHS to achieve the ambition ‘for a greener NHS’ with net carbon zero.
Replacing in-person patient appointments, attendances and communication with remote interactions reduce carbon emissions and the air pollution emitted from trips to the hospital or GP. It also increases the savings potential for patients and health and care providers. Better remote management and monitoring via PKB also has been shown to reduce A&E attendances and surgical procedures which have high carbon emissions. By digitising health records and informative/educational materials, PKB also helps reduce the amount of paper waste health organisations find themselves contributing towards.
To estimate the average carbon saving per registered patient across four hospitals using the Patients Know Best platform, we partnered with the Sustainable Healthcare Coalition and the Yorkshire and Humber Academic Health Science Network (AHSN).
The findings show that the deployment of PKB across four services has avoided approximately 127,000 kg CO2e being emitted each year.
More information can be found here - https://patientsknowbest.com/green/ - Covid-19 recovery
-
Covid-19 recovery
The biggest challenge for the NHS in relation to covid-recovery is the management of the backlog and waitlists for many patients, including those waiting for elective procedures and programmes. Patients Know Best are actively supporting with the 'elective recovery' from covid programme in multiple ways:
The PKB patient engagement portal/patient portal via a personal health record supports healthcare providers securely share data with patients and facilitate digital interactions.
These can be used ar various stages in the healthcare delivery pathway to free up resource, and ensure this is offered to those most in need/facilitate better management of those on waiting lists.
Some of the key features enabled through the platform to facilitate this include:
- sharing of data with those on wait lists to help them prepare for their interaction 'waiting lists to preparation lists' and make best use of their interactions when the appointments are scheduled
- remote monitoring of those on wait lists to track/traige those most in need and those who may no longer need their appointments for more effective waitlist management
- streamline ongoing interactions with patients to remove unnecessary appointments through to enablement of patient initiated follow up programmes 'PIFU' and digital outpatient delivery to remove waste and duplication
- this can free up resources for those most in need - Wellbeing
-
Wellbeing
Patients Know Best (PKB) provides a personal health record solution which empowers individuals to better manage their health and wellbeing. The overall mission of Patients Know Best, is not only to support active patients with better management of their conditions, but to work in partnerships with healthcare providers and local/government authorities to proactively improve citizens health and wellbeing, to reduce the prevalence of illnesses through healthier lifestyle and wellbeing choices.
Where patients are actively being cared for by healthcare providers due to existing health needs, PKB also supports improvements to the management of these needs, aiming to reduce or spotting of deterioration earlier to support proactive care, to facilitate reduction of unnecessary interactions when patients are stable and overall improved wellbeing and experience via educated and empowered patients, and the right data being available at the right time.
Through the platform patients can:
- Access data shared by their healthcare services (primary care, secondary care, social care, community care, mental health, voluntary care) including upcoming appointments and digital correspondence.
- Use digital tools with professionals to support remote management (messaging, symptom tracking, questionnaires, care planning and device integration) to negate the need for a face to face appointment and to support the delivery of Patient-Initiated Follows Ups.
- Utilise various tools to help manage their care including to self-care and wait well.
Pricing
- Price
- £30,000 a licence
- Discount for educational organisations
- Yes
- Free trial available
- No