2T SOLUTIONS LIMITED

SpiritEHR

2T Solutions delivers Integrating the Healthcare Enterprise (IHE) based services that enable Healthcare Organisations to provide lower cost access to higher quality care. The SpiritEHR data exchange solution enables the sharing of citizen information between existing systems across the whole of public sector services, both within and across regional boundaries​

Features

• Standardise, connect and exchange information between multiple healthcare systems
• Orchestrate, process, transform and pseudonymise information for analytics purposes
• Security services, that provide confidentiality, integrity, non-repudiation and availability
• Management and exchange of Digital Imaging and Communications in Medicine
• Provide bi-directional mobile access to healthcare information
• Clinical Portal and Integration
• Health Information Exchange Workflow
• Compliance with healthcare data privacy regulations.
• Audit trails for tracking data access and usage.
• Interoperability for seamless data exchange.

Benefits

• Securely exchange healthcare information
• Easily interface and integrate health care and social care systems
• Provide lower cost access to high quality care
• Provide integrated health records for primary access and analytics
• Facilitates Cross-Regional data exchange
• Enables Cross-Community interoperability
• Optional presentation of patient information and clinical data
• Publishing/Consuming Workflow to and from a Health Information Exchange
• Adherence to healthcare data privacy laws.
• Protect confidentiality with restricted entry

£35,500 an instance a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian.press@2tsolutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

890490795076381

Contact

Ian Press
07582929614
ian.press@2tsolutions.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: 2T Solutions’ services are provided as Java Enterprise Edition software deployed on WildFly (formerly JBoss) Enterprise Application Platform. The WildFly Enterprise Application Platform is deployed on Red Hat Enterprise Linux-based virtual machines such as Rocky Linux, or Amazon Linux.
• System requirements:
  • CentOS or Red Hat Enterprise Linux
  • Any compatible hypervisor Wildfly or JBoss Enterprise Application Platform

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard Support is Mn/Frid, excluding Public Holidays; P1 = 1 Hour; P2 = 4 Hour; P3 = 2 Business Days; P4 = 5 Business Days; ; Optional Out of Hours Support Package Available
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: No
• Web chat support: No
• Onsite support: Onsite support
• Support levels: 2T Solutions works with each Spirit Service customer to define the specific service level required and the subsequent costs to provide the agreed-upon service level. Service customers are allocated a technical account manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: 2T Solutions provides onsite and web-based training and shares user documentation. 2T Solutions also provides access to a wiki for both partners and end-users.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Once customer service access has been revoked and all service credentials assigned to the customer have been invalidated. The customer's service instance will be archived and kept for three months following the contract termination.
• End-of-contract process: The subscription service allows the use of the 2T Solutions software solution for the period of the subscription. If the customer no longer wishes to use the software solution they have the right to not renew the subscription service. As 2T Solutions do not store customer data the customer has no requirement to extract and migrate their data from 2T Solutions

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: 2T Solutions portal services may be accessed using mobile devices via a mobile web browser. Mobile users may also use the 2T Solutions iOS based application to provide bi-directional access to healthcare information.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Standards based AP’s that supports the following interfaces and standards; ; SOAP & REST; IHE Transactions; HL7v2, HL7v3, HL7 FHIR, DICOM,; ITK, Oauth, OpenID Connect, XACML
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: The 2T solution facilitates data-sharing broadly via three mechanisms; - IHE Profiles - For systems that conform to the IHE profile interface and content specification; - Medical global standards - For systems that do not support any IHE profiles, but do still support interfacing via globally agreed interface and content standards; - 2T Solutions API - For systems that cannot offer IHE or other recognised standards interface or content support 2T Solutions provides an API for integration options; ; The 2T solution includes flexible and configurable data forwarding, processing, pseudonymisation, transformation and query services for an integrated system.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Buyers can perform 2T Solutions integration via a supported mechanism and then deliver the integrated capability as part of the Buyer's product or solution.

Scaling

• Independence of resources: 2T Solutions’ architecture facilitates both vertical and horizontal scaling. Vertical scaling, on a per-virtual-machine basis, ensures precise service provisioning, maintaining predefined performance standards. Meanwhile, horizontal scaling involves deploying services across multiple load-balanced virtual machines. This approach not only enhances reliability but also optimises resource utilization, accommodating varying demands efficiently. By supporting both scaling methods, 2T Solutions’ architecture offers flexibility and scalability to adapt to evolving requirements, ensuring robust and reliable service delivery across different usage scenarios.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of duplicate patients; number of documents published per org; number of users authenticated per org; number of document queries per org; number of documents retrieved per org; number of patients fed per org; hard disk usage per org; ; Other data available if required
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
• Other data at rest protection approach: 2T Solutions support IHE Document Encryption (DEN). Hosting providers that host 2T software support Physical access control, complying with CSA CCM v3.0, Physical access control, complying with SSAE-16 / ISAE 3402 and Physical access control, complying with other standards.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The 2T solution facilitates broad data-sharing through three mechanisms:; ; IHE Profiles: Designed for systems adhering to the IHE profile interface and content specification.; ; Medical Global Standards: These are intended for systems lacking support for IHE profiles but still compatible with globally agreed-upon interface and content standards.; ; 2T Solutions Ltd API: Provided for systems unable to offer IHE or other recognized standards interface or content support, offering integration options.; ; The 2T solution incorporates flexible and configurable data forwarding, processing, pseudonymization, transformation, and query services for an integrated system.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML (eXtensible Markup Language):
  • JSON (JavaScript Object Notation):
  • HL7 (Health Level Seven) FHIR (Fast Healthcare Interoperability Resources):
  • DICOM (Digital Imaging and Communications in Medicine):
  • PDF (Portable Document Format):
  • HTML (Hypertext Markup Language):
  • XLSX (Microsoft Excel Open XML Format):
  • TXT (Plain Text):
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML (eXtensible Markup Language):
  • JSON (JavaScript Object Notation):
  • HL7 (Health Level Seven) FHIR (Fast Healthcare Interoperability Resources):
  • DICOM (Digital Imaging and Communications in Medicine):
  • TXT (Plain Text):
  • PDF (Portable Document Format):
  • HTML (Hypertext Markup Language):
  • XLSX (Microsoft Excel Open XML Format):

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: If 2T fails to achieve a Service Level Target in a Service Measurement Period and then fails to achieve the same Service Level Target in a subsequent Service Measurement Period, the failure in the subsequent Service Measurement Period shall be a “Repeat Failure”. The Repeat Failure count shall increment by one (1) for each additional failure. Repeat Failures shall apply to Service Level Targets for Availability, Incident Resolution and Quality. Repeat Failures shall not apply to Service Level Targets for Provisioning. The Repeat Failure count shall be reset to zero (0) once there have been two (2) consecutive Service Measurement Periods in which the Service Level Target has been met. Service Credits are required to be paid in the event that the Achieved Service Level falls below the Service Level Target in a Service Measurement Period. The Service Credit (£) is calculated by Service Credit (£) = Service Credit (%) x Service Charge for the Service Measurement Period. The Service Charge shall be the Charge for the Service Measurement Period.
• Approach to resilience: 2T's architecture supports vertical scaling per virtual machine, which enables specific services to provide a defined and tested level of support. 2T's architecture also supports horizontal scaling across multiple virtual machines, which enables specific services to be delivered from multiple load-balanced virtual machines.
• Outage reporting: Via the hosting service provider's services. Via 2T's Gatekeeper and email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: O restrict access in management interfaces and support channels for an IHE-based Shared Care Record, 2T employ Role-Based Access Control (RBAC) and strong authentication methods like multi-factor authentication (MFA). Enforce strict authorization controls, encrypt communications, and provide comprehensive staff training on data security. 2T implement access logging and monitoring, regularly review permissions, and conduct audits to identify and address security gaps. Develop an incident response plan specific to these channels to respond promptly to security incidents. These measures ensure that only authorised personnel access sensitive functionalities, maintain data confidentiality, and comply with privacy regulations.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: DSPT

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials; DSPT
• Information security policies and processes: The Data Security and Protection Toolkit: ; The NHS Data Security and Protection Toolkit follows a reporting structure where staff report incidents to their managers or Data Protection Officers (DPOs), who then assess and escalate as needed. Internal reporting channels, including IT and compliance departments, handle incidents, while significant breaches may require external reporting to bodies like the Information Commissioner's Office (ICO). Regular staff training, clear policy documentation, and ongoing awareness campaigns are essential to ensure policy adherence. Monitoring mechanisms, such as audits and access controls, enforce compliance, with non-compliance addressed through disciplinary actions. Clear accountability at all levels of the organization fosters responsibility for data protection. Continuous improvement involves regularly reviewing and updating policies based on incidents, regulatory changes, and technological advancements, while feedback mechanisms enable staff input for refinement. This comprehensive approach safeguards sensitive data and maintains compliance within the NHS Data Security and Protection Toolkit.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: 2T meticulously track components with unique identifiers and maintain software version control. Changes undergo thorough risk assessments and security reviews. Testing ensures functionality and adherence to security policies. Only approved changes pass through an approval workflow. Post-implementation, changes are monitored for unexpected security issues, and reviews are conducted for future improvements.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: 2T's vulnerability management process begins with a continuous assessment of potential threats through threat intelligence feeds, security advisories, and industry reports. Upon identifying vulnerabilities, we conduct risk assessments to prioritise remediation efforts. Patches and updates are swiftly deployed, prioritising critical vulnerabilities, with emergency patches implemented immediately. Our sources of information about potential threats include industry-specific forums, security vendors, government agencies, and internal security research. Regular scanning and monitoring complement proactive measures to ensure timely detection and mitigation of vulnerabilities, maintaining the security posture of our services.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Supplied by the respective Hosting Provider
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: 2T's incident management process is structured to swiftly respond to and swiftly mitigate any disruptions to our services. Pre-defined processes for common events streamline responses, ensuring efficiency and consistency. Users report incidents through dedicated channels, including a centralized helpdesk, email, or an online incident reporting portal. Upon receipt, incidents are categorized, prioritized, and assigned to appropriate response teams. Regular updates are provided to stakeholders throughout the incident lifecycle, ensuring transparency and effective communication. Once resolved, incident reports detailing the incident’s nature, impact, and remedial actions are generated and shared with relevant parties for review and learning purposes.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  2T Solutions Limited has recognised the impact that business has upon the environment, and we strive to reduce all 2T’s employee’s carbon footprints.; ; Significantly, 2T has taken the stance not to have a corporate UK office, and all employees now work remotely from home. This policy of reduced environmental impact has now been extended to ensure that at least 98% of all business engagement is undertaken virtually. This has significantly reduced collective business travel, and we believe it contributed to reduced toxic emissions and unnecessary use of environmentally damaging services and products; ; By launching these policies, we have also encouraged our sub-contract base and our client base to mirror our activities wherever possible. This continues to expand across our business, and we are benefiting from productivity improvements and improvements in both customer satisfaction and employee wellbeing.

  Covid-19 recovery

  In response to the current coronavirus (COVID-19) outbreak in the UK, 2T would like to share our current response with our valued customers. Please be assured that we continue to monitor and follow Government advice daily.; ; 2T takes the health, safety, and well-being of our team, subcontractors, and customers very seriously. We want to reassure you that, as a responsible employer, we continually update our precautionary measures to protect our staff and our ongoing services, especially during these uncertain times.; ; Due to the development of the COVID-19 outbreak, we have introduced a secure, digital, remote working platform for our office teams. This provides a credible business continuity plan, ensuring that we continue to support our customers without interruption whilst protecting our staff. Our team will continue to work regular office hours.; ; We have been working hard throughout the outbreak and continue to introduce the latest Government guidance. We are pleased to advise that our expert team will continue to work in accordance with current recommendations.; ; Having decided to have employees work remotely, the transition during this COVID outbreak was minimised. However, we continue to engage with customers on a virtual basis to ensure everyone’s safety is at the top of the agenda

  Tackling economic inequality

  2T Solutions Limited has consistently recognised that there is economic inequality in most companies and institutions throughout the world.; ; When 2T was incorporated, the Senior Management team and Board of Directors vowed to remove this barrier to equality.; ; All employees are rewarded equally in remuneration and benefits and have an equal voice in the company's decision-making process and direction.; ; Each employee has the capability and is empowered to contribute at all decision-making process levels.

  Equal opportunity

  2T Solutions Limited is committed to encouraging equality and diversity among our workforce and eliminating unlawful discrimination.; ; The aim is for our workforce to truly represent all sections of society and our customers and for each employee to feel respected and able to give their best.; ; 2T is also committed against unlawful discrimination of customers or the public. The policy’s purpose is to provide equality, fairness and respect for all in our employment, whether temporary, part-time, or full-time.; ; 2T recognises and agrees with all aspects of the Equality Act 2010 and, therefore, will not unlawfully discriminate because of protected characteristics of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race (including colour, nationality, and ethnic or national origin), religion or belief, sex (gender) and sexual orientation.; ; 2T will oppose and avoid all forms of unlawful discrimination. Tiani will continue to strive for equality and ensure that all sub-contractors or third-party suppliers conform to the same high standards.

  Wellbeing

  2T Solutions Limited has a duty of care requirement to look after the health and safety of all employees, including their wellbeing. And we recognise there are many factors that influence the health and wellbeing of staff. Understanding and overcoming these issues can result in a range of benefits for both individuals and the wider business.; ; 2T will address mental health issues by Integrating Health, Safety and Wellbeing considerations into all aspects of the work we do. We will improve the general well-being of employees, reduce absenteeism, lower staff turnover and increase productivity.; ; Our employees will receive suitable and sufficient information and training to carry out their duties and will be aware of their specific and general responsibilities. 2T will continue to allocate suitable resources to embed and continually improve our management system, policies, minimum standards and frameworks to allow us to build a safe and healthy workplace and prevent work-related injuries, ill health and diseases.; ; 2T will monitor our performance and practices to identify opportunities for improvement and adopt a leadership role with our subcontractors, continually assisting them to improve their own Health, Safety and Wellbeing performance.; ; We will set challenging targets and objectives and regularly audit our Health, Safety and Wellbeing management system and performance.

Pricing

• Price: £35,500 an instance a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 2T Solutions provides a proof of concept phase in which one use case is provided at no subscription cost to test the software. This is dependent upon non-live citizen data being transferred and not being used in a clinical live environment.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian.press@2tsolutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.