Upstream Secondary Care suite

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: Upstream Intelligent Interventions
Upstream Insights Studio
Cloud deployment model: Public cloud
Service constraints: Mobile applications are limited to Android and IoS support. No Microsoft phone platform support.

Internet explorer version 11, firefox or chrome required to use analytics components.
System requirements: OS : Android 5.0 upwards / iOS 8 upwards

Network : 3G/4G/Broadband internet

Enterprise owned devices / BYOD with OTP device authorisation

Apple app / Google Play Store (Enterprise accounts)

Minimum mobile screen size 5.0 inch (Android)

Minimum mobile screen size 4.7 inch (Apple iPhone)

Edge / Chrome / Firefox / Safari (Desktop only)

1024 x 768 Resolution (Desktop only)

User support

Email or online ticketing support: Email or online ticketing
Support response times: Depends on severity.

SEV 1 is 24 / 7 response
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: No
Onsite support: Onsite support
Support levels: Details included in the Service Definition Document.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: End Users :

Our workflow solution applications have an intuitive design and do not require structured training to use. Once downloaded and installed any user that is familiar with either Android or iOS apps can start using our solution and be effective.

System Administrators :

We do provide onsite training on the configuration tools used to setup and use our solution. For example, the ability to setup users, menus, local workflows or forms.

We supplement our on-site training with electronic user guides and videos which are shared as part of our classes.
Service documentation: No
End-of-contract data extraction: We provide
1 - A copy of the database which can be interrogated in future by the client utilising SQL queries.
2 - A full data extract of the solution into various different formats through the included data extract and reporting module.
End-of-contract process: Within contract price:

At the end of the contract the following steps are taken.
1 - Application network connections closed.
2 - Applications removed from google play store and apple store (iOS).
3 - Replica of Healthplug workflow and Healthplug clinical databases are taken.
4 - Replicas are issued to client via a secure mechanism (e.g. secure FTP), with client signature of handover/acceptance.
5 - Extracts of reports / templates are created by customer via reporting solution and stored locally.
6 - Server and database architecture is decommissioned.
7 - Access to any proprietary content is revoked (user guides / training materials etc)
8 - Support processes are updated to remove client from supported service.

Additional to contract price:

The following option is available for a limited cost post contract closure

1 - Reporting application access and database hosting - We can host the DB containing all historic data and provide access to it for the purpose of reporting / audit through our reporting module. Only 3 user accounts will be maintained and supported as part of this.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Chrome

Safari
Application to install: Yes
Compatible operating systems: Android

IOS
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: The difference is minimal. However, our Collaborate and Citizen apps are mobile first and use mobile technology which is not available via the desktop browser. e.g. Instant notification, GPS location services, IoT phone integration etc.
Service interface: No
User support accessibility: WCAG 2.1 AAA
API: No
Customisation available: Yes
Description of customisation: End users - End users can configure the information that is displayed to them in the patient record, the menu options, the alert frequencies and the notification protocols

Config users - We provide a configuration toolset to allow users to create their own forms, workflows and reports.

Analytics users - Our analytics users get the full set of functionality available from Power BI to create new reports, dashboards, and interrogate data.

Scaling

Independence of resources: Each client has a dedicated architecture hosted on the Azure cloud which can be scaled up in line with demand.

Environments are actively managed and scaled up automatically in line with need. Any escalations / issues appear in our Azure service portal for immediate resolution.

Analytics

Service usage metrics: Yes
Metrics types: Following stats are broken down by mobile and desktop users:

Logged in users, and session durations.
Total transactions. Transactions over time.
Average response times. Response over time.
SLA mapping/breaches.

Other metrics available on request
Reporting types: Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest: Physical access control, complying with CSA CCM v3.0
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Workflow Reporting
Upstream offers a flexible reporting solution that allows you to create your own tabular or graphical reports over the information that is captured over our platform.
Key features include:
1. Design custom reports using our data dictionary
2. Design as various formats including as graphical charts or as tabular reports
3. Export to excel for further analysis or as PDF for document distribution
4. Simple reporting dashboard with widgets like interface
5. Automatic reports that can be scheduled to run at regular intervals
Data export formats: CSV

Other
Other data export formats: PDF
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: 99.9% service availability is guaranteed via Microsoft as part of our Azure hosting solution.

If these SLAs are missed by Microsoft then Upstream will pass through any reduction in that we receive again the infrastructure costs. (Currently, if Microsoft fail to hit SLA they apply a 10% discount).
Approach to resilience: We include Microsoft Site Recovery as a recommended option for our deployments.

This reduces application downtime during IT interruptions, without compromising compliance. Microsoft disaster recovery provides comprehensive coverage across our Linux and Windows servers.
Outage reporting: Any outages trigger an email alert to our customers and are managed through our robust service management processes.

Based on the outage type our Business Continuity and Disaster Recovery plan would be triggered.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Limited access network (for example PSN)
Access restrictions in management interfaces and support channels: The primary interface to raise requests into the service is online via Jira.

An agreed list of service users is maintained with the client with the responsibility of raising service requests / issues. This includes a list of specific names and email addresses which we use to create the Jira accounts and ensure that only users authorized by the client raise requests.

If a call is received to the service desk then the users credentials are checked to ensure that they are authorised, and the user must provide the Jira details for us to discuss.
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: No
Security governance approach: Security activities are part of our core organisation’s goals and priorities.
We are a small company and our CEO takes the lead on security decisions
We track security decisions and ensure accountability.
We emphasise security with our subcontractors / partner including as agenda item on standing meetings.
We are an active member of the Humber Business Resilience Forum to stay up to date on new threats and actions needed , and attending key conferences. (https://www.hbrf.co.uk/)
Information security policies and processes: We are an SME organisation so have a simple reporting structure. Our policies are shared with all employees, included in our induction process, and enforced through our reporting structure, personal objectives, and checkpoints.

We have formed our policies from the NHS Digital data and cybersecurity templates to ensure that our approach aligns to that of our NHS partners.

Examples of the policies we adopt include (but are not limited to):
Acceptable use - make all staff aware of the acceptable use of information systems and technology.
Antivirus and malware - protect properly against viruses and malware
Application security - software applications on all IT networks and equipment, including smartphones
Business Continuity - management of contingencies in the event of a business continuity scenario
Contract and supplier security management - We outsource therefore need appropriate controls and safeguards are in place to properly protect data and systems
Data handling - management of data flows and processing
IG Incident management - process for handling information governance incidents.
Patching policy - Approach to ensure that our servers remain up to date and secure (linking to Azure).

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: The Upstream Change Management Process provides standardised methods and procedures for the efficient and prompt handling of all changes, including those to the services provided, or the introduction of new clinical and support services.

All changes are logged and then processed through technical and clinical approval. This includes an assessment of the change impact to the technical infrastructure, applications, data model, supported processes,

Changes are then planned and executed with status tracked via the change management tools, with audit held within Azure.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Our solutions are hosted in Azure and we utilise the vulnerability assessment in Azure Security Center as a recommended option.
This provides vulnerability and health monitoring data back to Security Center and we can quickly identify vulnerable VMs on the Security Center dashboard.

Once a potential threat is identified we review recommendations and take appropriate action, prior to applying updates to the threat within the Security Centre to ensure they are tracked.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: We utilize the Azure Security Centre to continuously monitor the security of our servers, networks and Azure services using hundreds of built-in security assessments that are included in the Azure platform.

Security flaws are reviewed on a daily basis and resolved in line with suggestions. For example, critical suggestions will be fixed within the hour, whereas moderate threats may be scheduled into the next patch/policy update.
Incident management type: Supplier-defined controls
Incident management approach: We use Jira to manage our issues, development suggestions and changes.

We share our process with users as part of deployment.

Users can log issues directly within Jira. These are the triaged within our support function for resolution within our SLAs.

Users can view live status of raised issues within Jira and review updates / planned fix sprint.

Users can produce extracts from Jira of all issues raised by their organisation for the purpose of reporting.

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: Yes
Connected networks: NHS Network (N3)

Social Value

Wellbeing

Upstream Health enhances social value by improving well-being through several strategic approaches:

Focus on Preventive Care: By shifting the focus from reactive to preventive care, Upstream Health helps reduce the incidence of severe health issues. This proactive approach supports the well-being of the community by managing health conditions before they escalate, promoting a healthier lifestyle and reducing the burden on healthcare systems.
Integration of Healthcare Services: Their technology solutions integrate various aspects of health and social care, ensuring that patients receive comprehensive support. This integration improves the coordination of care, enhances the efficiency of healthcare delivery, and supports patient well-being by providing seamless access to necessary services.
Empowerment through Technology: Upstream Health employs mobile-first applications that empower both healthcare professionals and patients. These tools provide essential health information and resources at one’s fingertips, fostering better self-management of health conditions and enhancing the overall well-being of individuals.
Supporting Community-Based Care: By facilitating better collaboration among multidisciplinary teams, Upstream Health ensures that care is community-oriented and culturally sensitive, which is crucial for the well-being of diverse populations. Their systems enable tailored care plans that respect individual health needs and cultural backgrounds, improving patient engagement and satisfaction.
These strategies collectively contribute to Upstream Health's mission of enhancing the well-being of communities through innovative and preventive healthcare solutions.

Pricing

Price: £0.20 to £0.70 a unit a day
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Upstream Secondary Care suite

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents