APT (Healthcare)
APT Healthcare is a secure, collaborative Cloud-based (SaaS) platform for healthcare management. It supports assessment and case management of patients, tracking care pathways to build better outcomes, enhance safety, optimise resources and serve as an information hub for patients, providing them with access to healthcare options within their communities.
Features
- Collects and evaluates information relevant to patients through customised assessments.
- Creates a recovery plan for users through intervention scheduling.
- Shows Patients, Professionals and Carers their recovery by tracking interactions
- Content Management System (CMS) and Learner Management System (LMS)
- Case Management supports Outcomes including Patient Recorded Outcome Measures (PROMS).
- Supports remote consultations through video calling and messaging.
- Customisable dashboards providing data such as patterns in patient demand.
- Artificial Intelligence and Chatbot that personalises the Patient's journey.
- Secure messaging among Patients and health professionals.
- Makes content recommendations based on the Patient's health profile.
Benefits
- Provides Patients' resources to implement better preventive and recuperative care.
- Improves communication among Patients and health professionals.
- Coupled with assessments, the system’s Artificial Intelligence engine signposts resources.
- Feedback mechanisms enable Patients to raise queries through surveys.
- A GDS and WCAG-compliant, accessible and inclusive platform.
- An interactive interface for health professionals to track patient treatments.
- Comprehensive reporting allows healthcare administrators to detect patterns in demand.
- Enables healthcare team collaboration to reduce strain on critical resources.
- ISO27001 and GDPR-complaint platform that protects Patients’ data.
- Video-conferencing for remote consultations.
Pricing
£20.00 a user a year
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
8 8 5 3 8 8 0 2 6 0 6 0 8 5 0
Contact
MegaNexus Ltd
Daniel Brown
Telephone: 020 7843 4343
Email: solutions@meganexus.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No
- System requirements
-
- Internet connectivity
- Modern browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Within 1 hour.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
-Meganexus agrees upon exact Support Levels during contract signing. However our standard support levels are typically:
Urgent issues - Response time of 1 hour, Resolution time of 1 day
High priority issues - Response time of 4 hours, Resolution time of 2 days
Normal priority issues - Response time of 2 days, Resolution within the next software upgrade cycle
Low priority issues - Response time of 5 days, Resolution depending on the availability of Meganexus support team.
- The support costs are included in the license costs.
Additional costs for onsite support are detailed in the pricing document, rate card.
-Meganexus will provide a technical account manager to oversee service delivery. - Support available to third parties
- No
Onboarding and offboarding
- Getting started
- We have a dedicated onboarding team that supports users through the transition to our solution.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
- Video
- End-of-contract data extraction
- Once the contract is completed, all user data is extracted and downloaded to a secure drive. The drive is then handed directly to the client once the license has expired. Once the data has been transferred to the secure drive, all data is deleted.
- End-of-contract process
- All off-boarding services and any associated costs are agreed on initial contract. Any complex or third-party services will be discussed with additional costs according to the standard professional services rate card.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The mobile and desktop services are similar in features and functionalities, the platform is fully responsive across all mobile devices.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 A
- Description of service interface
- A support portal that allows application users requiring support to raise and track queries raised. This portal additionally has a self-service feature.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Not Applicable
- API
- Yes
- What users can and can't do using the API
- Microservices Architecture - our solution is comprised of multiple APIs which can be utilised to retrieve and publish data depending on the business need.
- API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
-
The APT (Healthcare) application can be customised across the modules such as Assessments, Plan, Tracking, workflows, reporting, content access and metadata. Branding including logos, colours, layout, etc can be tailored to organisation needs.
Users have access to configuration tools in the application and following initial agreement if required Meganexus can add or customise further features in the APT tool through professional services.
Permissions to the application are based on Role-Based Access Controls. Client administrators can be given elevated rights to create the customisations needed.
Scaling
- Independence of resources
- Meganexus applications operate on a hyper-scale platform and an architecture/implementation that allow us to auto-scale and contract in line with changing business demands.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Includes but not restricted to Traffic Analysis (status of all tickets), Average Ticket Response times, Customer Satisfaction ratings, SLA (Met Vs Breached), Created Vs Resolved, Average Resolution time
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- The reporting module provides an option to export data.
- Data export formats
-
- CSV
- Other
- Other data export formats
- Excel
- Data import formats
-
- CSV
- Other
- Other data import formats
- Excel
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
- Access to endpoints and applications is controlled by whitelisted known IP addresses.
Availability and resilience
- Guaranteed availability
-
Meganexus commits to 99% availability for the APT application.
Our SLAs are as follow:
Urgent Issue: renders core functionality inoperative. No workaround exists. Problem impacts service to Licensee’s customers
Response/Resolution time- 1 hour/1 day
High Issue: renders part of the core functionality inoperative but does not stop the remaining Software Modules' functioning. Issue impacts service to Licensee’s customers
Response/Resolution time- 4 hours/ 2 days
Medium: An issue which has little impact on productivity, for which a workaround exists
Problem/Fault, User Education, Documentation, Query, Training, Product Enhancement Request
Response/Resolution time- 2 days/Next Software Upgrade
Low issue: Cosmetic issues, Manual/instruction/training problems, Enhancement requests, Training requests
Problem/Fault: User Education, Documentation, Query, Training, Product Enhancement Request
Response/Resolution time-5 days/At Meganexus' discretion
Refund policies are available on a case-by-case basis. - Approach to resilience
- Geographically resilient deployment with data being replicated between 2 geographically separate onshore sites and available for recovery in the event of an outage or that data is required to be restored from a backup. We use the replicated data as our source for restore, with resilience of components in each data centre.
- Outage reporting
- Both email messages to customers and notifications on the application front page.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Whitelisted IP addresses and 2-factor Authentication for escalated privileges.
- Access restriction testing frequency
- At least once a year
- Management access authentication
- 2-factor authentication
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- The Certification Group
- ISO/IEC 27001 accreditation date
- 20/04/2022
- What the ISO/IEC 27001 doesn’t cover
- Data centre physical controls which are covered by our third party data centre management.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
We follow the processes defined within our ISO 27001 Information Security Management System (ISMS). Our implementation team develops, defines and refines ongoing tasks through an identified security baseline, applying the agreed risk management process, and implementing the risk treatment plan to ensure that controls applied are effective. We measure, monitor, and review these policies and controls on a month-by-month basis.
Our support technicians report to the Head of Customer Success who reports to the Chief Technology Officer who in turn reports to the CEO.
Adherence to policies is ensured by evidencing actions driven by the process, reviewing procedures at least annually and again evidencing this to the ISO auditor.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
The Configuration and Change Management process is designed to facilitate the introduction of changes quickly and with minimal disruption to live services, ensure that changes adhere to agreed service levels/contractual agreements and do not introduce additional risk of disruption, error or security. A Request for Change (RFC) is required for any modification. All changes must be approved by the Change Advisory Board (CAB).
The CAB approval process serves as a risk analysis activity, ensuring any risk associated by the Change has been accepted by the appropriate stakeholders.
All changes are maintained in the RFC tracker. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
All vulnerabilities are prioritised through risk assessment, monitored through notifications and assessed and actioned through change management or incident response procedures.
Available patches are risk-assessed and vulnerability control decisions are audited.
The ISO Steering Group receives regular reports on the vulnerabilities, any additional controls in place and outstanding issues.
Compliant with ISO27001, annual IT-health checks enable remediation within 3-6 months. Additional vulnerability assessments are informed by any changes to our security framework.
We are advised of threats/vulnerabilities through a range of distinct channels including The National Cyber Security Centre, Vendor Channels(e.g. Microsoft), Government customers such as Ministry of Justice. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Our protective monitoring controls are based around the legacy GPG13 guidelines (deter). Alarms are automatically raised to our service team on suspicious behaviour. Any suspicious behaviour is treated as a priority 1 incident and will be dealt with within 4 hours. We have analysis tools that are constantly scanning our solutions to identify curious patterns of behaviour that may identify potential compromises and alert system administrators accordingly.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Incidents raised by users or detected by Meganexus support professionals are categorised and assigned to the appropriate team. Incidents involving security, high-significance or business-critical systems are immediately addressed by the CTO and technical teams.
We investigate the cause and resolution of the incident and restore the service while providing notifications to the client.
Solutions for common events are documented in the Known Error Database and available to support teams.
Incidents are reported through emails, the service portal or phone.
All incident details are recorded in the service portal.
Incident reports requested by the client are extracted from the service portal.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
1) Meganexus has established recycling points in its London office.
2) Meganexus is committed to reducing printing/paper usage and discourages employees from printing documents wherever possible
3) Meganexus encourages its employees to participate in the "Cycle to work" scheme to reduce carbon emissions. - Covid-19 recovery
-
Covid-19 recovery
Meganexus is committed to 1)Support 4 local start-up businesses with its areas of professional skills in IT / Software development.
2) Senior Staff will support voluntary and community organisations. We will be available for them if they need speakers at events or advise them in the best of our area of expertise (software development)
3) We will provide 6 hours of meeting room/event space for use by community and voluntary organisations. - Tackling economic inequality
-
Tackling economic inequality
1) Meganexus provides 2 work placements per year focusing on ex-offenders and young people leaving the looked after system.
2) Levelling up- All Meganexus employees are paid a minimum of LLW regardless of where they live in the country. - Equal opportunity
-
Equal opportunity
1) Meganexus supports Ban the Box for ex-offenders 2) It pays the London Minimum wage for all UK new employees regardless of where they live or work (Levelling up). - Wellbeing
-
Wellbeing
Meganexus promotes the well-being of its employees by providing:
1) Gym membership for employees working in the Tavistock office
2) Employee support service
3) Encouraging fitness activities like the
"Cycle to work" scheme
4) Providing free health check-ups annually
Pricing
- Price
- £20.00 a user a year
- Discount for educational organisations
- Yes
- Free trial available
- No