Infix Virtual Pre-Operative Assessment
InFix offer clinician-led, cloud-enabled technology platform supporting virtual pre-op appointments. It can enable access from a range of users: patients; clinicians; pre-op teams; and administrators.
Incorporating high level security and privacy, InFix automate and harmonise existing NHS legacy systems within the NHS with an intuitive digital interface.
Features
- Real-time updates from electronic patient records
- Instant access web based application
- Cloud-based, machine learning processing
- Automated patient data in a controlled and secure environment
- Intuitive digital interface enabling fast and efficient onboarding
- Seamless integration with legacy healthcare systems
- Automated generation of operation lists
- Enable other legacy systems to link to one central dashboard
Benefits
- Maximize healthcare resources with significant cost savings
- Reduce time/pressure on administration staff and enhance their roles
- Digital platform will reduce paper and manual processes
- Improve the ability to work remotely over cloud-based application
- Allowing the implementation of social distancing within healthcare teams
Pricing
£10,000 a server a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
8 8 6 7 7 2 3 8 0 8 9 0 4 3 4
Contact
INFIX SUPPORT LIMITED
Katie Branigan
Telephone: 07905359957
Email: Katie@infixsupport.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- The service is based upon a very 'open' software stack and deployment model.
- System requirements
-
- Infix is a browser based solution. Compatibility is as follows:
- Web: Latest versions of Chrome and Edge
- Access to the internet
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Support is available on commencement of live service and we
offer a variety of support packages. Each support package
includes full details of call priority rankings and the corresponding
response times agreed with the customer. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Options to suit customer's need. Typically 9 - 5.30pm. 24/7 or other daily times possible subject to agreed SLA and commercials. Costings depend on the number of product and user licences required. Support engineers are supplied as part of the Service Desk provision as specified under the Service Level T&Cs for each customer.
- Support available to third parties
- No
Onboarding and offboarding
- Getting started
-
In a typical onboarding process we would identify the customer needs and demands to create a hospital admin account for each hospital to manage their onboarding process activities. This will allow hospital admin to log in to the system via a registration link shared with his office email address and the login process will be governed and controlled by the username/password credentials. The process will be self descriptive and easy to follow.
The onboarding process will include acquiring a certain percentage of personally identifiable hospital/ patient information and data which will be strictly governed and managed as per the GDPR guideline and healthcare domain best practises.
Scheduled audits will be conducted to validate the accuracy of the data with the respective stakeholders from the hospital. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
Infix’s will support automated customer offboarding as well. However as the first step of the process Infix will validate the contractual agreement with the customer to validate and close the loop on the services owed and rendered. As the next step the system will conduct a series of validation to verify the offboarding possibility, without leading to contractual obligation and data privacy issues. Once resolved, we clearly communicate any remaining services or amount owed to proceed with the offboarding.
Once the offboarding is successfully completed the data related to the customer will be encrypted and kept in a specially secured backup storage for a period of six month for auditory purpose before completely removing them from our system.
Additionally the offboarding also will include;
- Transfer data authority back to the hospital
- Removal of granted system related access privileges and rights
- Establish contract for additional offboarding assistance needed
We will remove the data on end of contract after our own retention period for liability purposes has expired. - End-of-contract process
-
Infix’s will support automated customer offboarding as well. However as the first step of the process Infix will validate the contractual agreement with the customer to validate and close the loop on the services owed and rendered. As the next step the system will conduct a series of validation to verify the offboarding possibility, without leading to contractual obligation and data privacy issues. Once resolved, we clearly communicate any remaining services or amount owed to proceed with the offboarding.
Additionally the offboarding also will include:
- Transfer data authority back to the hospital
- Removal of granted system related access privileges and rights
- Establish contract for additional offboarding assistance needed
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Chrome
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- REST based API
- Accessibility standards
- None or don’t know
- Description of accessibility
- N/a
- Accessibility testing
- N/a
- API
- Yes
- What users can and can't do using the API
-
Integrators with our API can access the API
documentation free of charge and also access the API free of
charge. Our API access falls within the identified usage model due
to the nature of the data being accessed, there would need to be
identified access by this consuming system i.e. identified usage of
the API - API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- No
Scaling
- Independence of resources
- Initial set of resources will fit the average user traffic while the increase or decrease of the active user base will automatically scale the underlying service infrastructure smoothly and noticeably without any impact to the connected users.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Custom tailorable the metrics to based on the requirements such as
Analytics of surgeries, Surgeon login analysis, Patient analytics,
Usage stats etc. - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- We don't import data. We don't routinely export data but can provide this in a CSV format when required. Ensure we also adhere to any information security and data protection guidance.
- Data export formats
-
- CSV
- Other
- Other data export formats
- Azure Backup
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- Azure Restore
- MDF/LDF
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Infix services are highly available with the service level agreement of 99.95% availability which are powered by the underlying Azure cloud platform.
- Approach to resilience
-
Underlying leading Microsoft Azure cloud platform is highly secure, robust, highly available.
Azure inherently provides a number of mechanisms for resilience and fallback options to continuation of the services. Infix uses multi region (availability zones) with automatically scaling infrastructure to meet the varying user demands. Any service failure will be automatically handled by spinning off new services to take that place with silently routing the users to the functional services.
Since Azure cloud services comply with UK G-Cloud standard it is an evidence of trust. - Outage reporting
-
All outages are recorded as part of the incident management
process and should a problem be detected, the service desk will
inform the customer as required.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- 2-factor authentication
- Access restrictions in management interfaces and support channels
- Infix administration interface is only accessible by a defined administrator account. Administrator account has the ability to set roles to invited users which defines the functionality available to them.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- No audit information available
- Access to supplier activity audit information
- No audit information available
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Bsi / 27001:2013 - IS 614375
- ISO/IEC 27001 accreditation date
- 18/04/2019
- What the ISO/IEC 27001 doesn’t cover
- We do comply with our business operations with ISO27001 without exclusions or exceptions. We have third party coverage for processing and storage of data.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- ISO 9001
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- N/a
- Information security policies and processes
-
We comply with NHS standards and best practice guidelines, including NHS Information Governance standards (NHS Confidentiality Code of Practice and Caldicott Principles). Standards / accreditations include compliance with;
• ISO27001:2013 ISO9001:2015
• Data Security and Protection Toolkit
• GDPR
Further the cloud infrastructure service provider (Microsoft Azure) is compliant with large number of standards and controls stated in https://docs.microsoft.com/en-us/azure/compliance/
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Infix uses an Agile process end-to-end from the business requirements to post go-live support. An extensive list of business features and known bugs are maintained in a task backlog where regular reviews are undertaken by business and technical leads to prioritize the order they are handled. Following is the process to define the release cadence and deployments..
Source code is organised into multiple streams to independently develop, test, bug fix for releases for new application versions and fixes.
Monitoring mechanisms in place for production environment behaviours. Feedback channels optimize the application in forthcoming agile releases depending on past/present behaviours. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Regular source code analysis (daily) to identify vulnerabilities. Infix uses a “Shift-Left” approach to identify any vulnerabilities sooner than later. There are various controls and processes in place to detect vulnerabilities before a change is released to the live environment. Further there are regression tests run regularly and automatically to test the overall performance and security of the application.
Infix leverage industry leading tools (example Azure Security Center) to identify not only vulnerabilities but also any other bugs at various quality gates which are regularly checked. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Infix system is being monitored both proactively and reactively at various points such as infrastructure, application, firewall, database and network etc. to cover all over monitoring aspects to provide the best protection to the service continuity.
In case of a production incident there are monitoring records available for a period of time to narrow down to the root cause of the issue to provide a faster resolution.
AGILE support and development approach enables rapid triaging and bug resolution. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Incidents handled through Infix Support Desk. Use of an ITIL compliant practice and tools to manage end-to-end incident lifecycle.
Fully skilled support team is aware of inside-out of the application
is capable of handling first line support to collaborating with the development teams to get application source code level fixes.
Supporting monitoring systems are in place to leverage incident triaging as well as staging environments available to independently test bug fixes.
All incidents will be prioritized based on the criticality and business/user impact and resolved within the agreed SLAs.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Tackling economic inequality
-
Tackling economic inequality
The following key principles apply to The Company's business and supply chain: Child labour must not be used. Any form of forced or compulsory labour must not be used. Workers must be free to leave employment or work after reasonable notice. Passports, visas and other personal documentation should not be taken from employees unless requested to be held by the employee for safekeeping purposes (and, if held for safekeeping purposes, they should be returned to the employee on request). All forms of debt bondage are prohibited. Workers should not be subject to contracts that tie them into repaying a loan (other than small loans to cover items such as transport costs), excessive accommodation expenses or other costs that they have no or little opportunity to repay. Compensation and benefits must comply with local laws relating to minimum wages, overtime hours and other benefits. The formation of trade unions and powers of collective bargaining should be respected - Equal opportunity
-
Equal opportunity
Infix Aims to prevent, reduce and stop all forms of unlawful discrimination in line with the Equality Act 2010. To ensure that recruitment, promotion, training, development, assessment, benefits, pay, terms and conditions of employment, redundancy and dismissals are determined on the basis of capability, qualifications, experience, skills and productivity. - Wellbeing
-
Wellbeing
Infix Aims: To ensure the physical and mental health of all employees; To promote a healthy, safe and friendly working environment and control and reduce risks to mental health; To help provide and maintain a supportive and non judgmental working environment; To provide effective support to all employees in managing stress and other mental health problems, and to encourage better recognition of mental health issues; and To recognise that the prevention of stress is easier than dealing with it once it has arisen.
Pricing
- Price
- £10,000 a server a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Time limited trails may be available on request