DOOLE HEALTH S.L.

Virtual Ward

Doole Health provides a sophisticated virtual ward solution for the NHS, featuring secure, real-time patient monitoring, personalized telehealth experiences, streamlined team communication, and data-driven insights. We also include caregiver management for better patient care. Their adaptable technology enhances patient care efficiency and supports the NHS's virtual ward goals.

Features

• Video consultation
• Instant messaging
• Remote monitoring
• Shared Care Plan
• Gamification
• Forms
• Alerts and alarms
• Processes Automation
• AI for health literacy
• Multiple sources of information integration

Benefits

• Video calls enhanced usability
• Coordination between different levels of care.
• Patient empowerment through stratification
• Process automation triggered by external or internal data
• Gathering information from multiple sources
• Omnichannel remote monitoring system
• Low code needed to adapt platform behavior

£8 to £50 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jmruiz@doolehealth.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

894496571461437

Contact

José María Ruiz
0034626669105
jmruiz@doolehealth.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: There are no constraints
• System requirements: Internet access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard Service Level Agreement (working hours):; - Urgent: First response 1h, resolution 4h; - High: First response 4h, resolution 12h; - Medium: First response 8h, resolution 1d; - Low: First response 2d, resolution 5d; ; Weekend support is contracted at extra cost.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: The support service is included in the SAAS price.; The weekend support is provided at an extra cost.; No technical account manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There is an online training before you start working with the platform. It is an introductory overview.; Then there is specific training for users depending on their role: personal, professional, configuration or platform administration.; The training is aimed at "training the trainers" or "champions". These people will have the capabilities to train anyone who needs to work with the platform.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All information is in a database, so an export of the database will be provided to the client and the database will be removed.; Customer can request other options, at an extra cost, as archiving of database or maintaining the database up and running, in "read only" mode.
• End-of-contract process: The tool is a SAAS (Software As A Service). Once the contract ends the user can get an export of the data if required before to be information be archived and the infrastructure (servers) be removed.; As at extra cost, the customer can request to maintain the platform "frozen" for future consultations.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Professionals access the BO from a browser, patients access from the app
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Professionals can access to the platform within a web browser. Patients can interact with the platform using an app, downloadable from Apple Store and Google Play
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: We've tested the platform interface using some automatic test in order to get some recomendations for improve accessibility, and applying them
• API: Yes
• What users can and can't do using the API: There's an API with more than 500 endpoints, where the system can interact with all of the data and models of the platform. There's also implemented an role and permissions based system, to limit the actions that every API user can do
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The core functionalities of our backoffice platform remain consistent across all clients, but we personalize each one by integrating the client’s unique URL and logos. Additionally, the patient-facing app offers extensive customization options, allowing clients to tailor the logos, colors, and navigation to create a user experience that aligns with their specific branding and functional requirements. Level of interoperability is also customizable

Scaling

• Independence of resources: Each client has it's private infrastructure (private servers, databases, etc). The resources are monitorized closely and can be resized (both vertical and horizontal) to adapt to the current demand

Analytics

• Service usage metrics: Yes
• Metrics types: Access to BO is monitorized with google analytics; Metrics of the use of the app is monitorized with Firebase analytics
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export their data using:; ; * export directly from the BO, into excel; * using provided APIs; * accessing directly to a clone of the production database; ; Users can import data:; * import using CSV or excel; * using provided APIs; * using any interoperability platform (we usually use Mirth Connect)
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We will provide with an ITIL® V3(AGPL) certified ticketing platform, a 24x7x365 critical helpdesk, and a corrective maintenance system. These services will be delivered on a suitable SLA, ensuring the utmost reliability of our system.; The classification according to the type of occurrence is as follows (hour means working hours):; Priority 1: In a critical incident, an essential function cannot be used, and as a result, the ordinary course of the function cannot be continued. Response time 1 hour – Resolution time – 4 hours.; Priority 2: High incident. An important function cannot be used, which has caused severe inconvenience but does not prevent you from continuing with the ordinary course of the function. Response time 4 hours – Resolution time – 12 hours.; Priority 3: This is a medium incident. A function cannot be used, which has caused you some inconvenience but is not severe. Response time 8 hours – Resolution time – 24 hours.; Priority 4: Low incidence, a reported problem with minimal impact. Response time 48 hours – Resolution time – 40 hours.; Comprehensive reports will be generated to create a scorecard corresponding to the provision of the support service.
• Approach to resilience: The platform is hosted on AWS, and it's designed with built-in redundancy for all critical components, ensuring no single point of failure. Our network infrastructure is designed to automatically reroute traffic in the case of a device or connection failure. Regular backups are an integral part of our strategy. Load balancers distribute traffic across servers to optimize resource use and maximize performance, ensuring the system remains responsive under heavy loads. Our incident response team operates 24/7, with sophisticated monitoring systems in place to detect and respond to threats or anomalies swiftly.
• Outage reporting: Public Dashboard: We provide a real-time public dashboard that can be accessible to specific users. This dashboard displays the current status of all major service components, updates during incidents, and historical uptime data.; Email Alerts: We also provide email alerts to notify users of any critical incidents or maintenance events

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: LDAP, custom API provided for the client
• Access restrictions in management interfaces and support channels: We implement stringent access controls on management interfaces and support channels to ensure only authorized personnel have access. This involves using multi-factor authentication (MFA), role-based access control (RBAC), and strict verification processes. Access is granted based on the principle of least privilege, ensuring individuals receive only the permissions necessary for their role.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: LDAP, custom API provided for the client

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Applus
• ISO/IEC 27001 accreditation date: 13/12/2024
• What the ISO/IEC 27001 doesn’t cover: NA
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Nationa Security Scheme High level (Spain)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: ENS alto (Esquema Nacional de Seguridad); ISO 27001 on going
• Information security policies and processes: Our organization adheres to robust information security policies designed to protect data and systems. Key policies include Data Protection, Access Control, Incident Response, Business Continuity and Disaster Recovery, and Employee Security. These policies define the management of data sensitivity, access permissions, incident handling, operational continuity, and employee responsibilities.; ; We enforce these policies through regular audits, continuous monitoring, and mandatory security training. Our security operations center (SOC) operates around the clock to detect and respond to threats. Regular internal and external audits are conducted to ensure compliance and identify vulnerabilities.; ; The governance of these policies is overseen by our Chief Information Security Officer (CISO), who reports directly to the CEO and the board, ensuring high-level visibility and accountability. The security team, under the CISO, collaborates closely with the IT department to implement and manage security measures.; ; Compliance is ensured through technical controls like access management and encryption, administrative measures such as training and policy reviews, and regular updates to policies to address new threats or business changes.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our organization upholds rigorous configuration and change management processes to ensure the security and integrity of our services throughout their lifecycle. Each component, whether software or hardware, is meticulously logged in a centralized inventory from the moment of acquisition to decommissioning, detailing version, configuration, and compliance status. ; ; Our Change Advisory Board, consisting of security and IT experts, rigorously reviews and approves each proposal based on stringent security criteria. Changes are first tested in a controlled staging environment.; ; We also maintain comprehensive documentation and audit trails for all changes.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Our vulnerability management process is designed to proactively identify, and mitigate threats to maintain robust service security. We employ a multi-faceted approach for threat assessment, which includes gathering intelligence from reputable sources like vendor advisories, security forums, and industry groups. Our systems undergo continuous scans with automated tools and periodic penetration tests conducted by external experts to detect vulnerabilities. Regarding patch management, we prioritize and deploy patches swiftly—critical vulnerabilities are addressed within 24 hours, while others are resolved within a week. Patches are first tested in a controlled environment to ensure they do not disrupt operations or introduce new vulnerabilities
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Our protective monitoring processes are integral to our security framework. We utilize a combination of real-time monitoring tools and anomaly detection systems to continuously scan our network and system activities. These tools are tuned to recognize signs of unusual behavior or deviations from established patterns, which could indicate a security breach. Upon identifying a potential compromise, our incident response team is immediately alerted. This team assesses the severity and scope of the incident and executes a predefined response protocol. This includes isolating affected systems, conducting forensic analysis to understand the breach, and implementing corrective measures to mitigate damage.
• Incident management type: Undisclosed
• Incident management approach: Our incident management process is structured around pre-defined protocols for common events, ensuring a swift and systematic response. Users can report incidents via dedicated channels. Once an incident is reported, it's assessed by our incident response team who follows a standard procedure to address and resolve the issue. We maintain transparency with affected parties by providing detailed incident reports which outline the nature of the incident, actions taken to resolve it, and steps implemented to prevent future occurrences.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Telemedicine, the practice of providing healthcare services remotely through digital platforms, plays a significant role in fighting climate change by reducing the need for physical travel. By allowing patients to consult with healthcare professionals via video calls, telemedicine diminishes the carbon footprint associated with traveling to medical facilities. This reduction in travel not only decreases greenhouse gas emissions from vehicles but also lowers the demand for constructing and maintaining large healthcare infrastructures, which have substantial energy and resource demands.; Moreover, telemedicine facilitates more efficient healthcare delivery. It can prioritize and streamline appointments, reducing the need for unnecessary in-person visits. This efficiency contributes to a decrease in energy consumption within healthcare facilities, further mitigating climate change impacts.; Telemedicine also supports environmental sustainability by enabling remote monitoring of patients with chronic conditions. This reduces the frequency of hospital visits and admissions, leading to lower energy consumption and fewer resources used in patient care. Additionally, digital health records and telemedicine consultations decrease the need for paper, contributing to reduced deforestation and waste.; In areas with limited healthcare access, telemedicine bridges gaps without the environmental cost of building new facilities or the carbon emissions from patient travel. This global reach extends the environmental benefits of telemedicine beyond urban centers, offering a sustainable healthcare model for remote and underserved communities.

  Covid-19 recovery

  Telemedicine has played a crucial role in the COVID-19 recovery process, demonstrating its value beyond immediate healthcare delivery to support broader public health and economic recovery efforts. During the pandemic, telemedicine emerged as a critical tool for maintaining continuity of care while reducing the risk of virus transmission. This was achieved by minimizing in-person contact for non-urgent consultations, thereby protecting both patients and healthcare workers. ; One of the key contributions of telemedicine to COVID-19 recovery has been its role in monitoring and managing long COVID symptoms. Patients suffering from persistent symptoms have benefited from remote follow-ups and rehabilitation programs, allowing for personalized care without the need for frequent hospital visits. This approach has not only facilitated efficient resource allocation but also supported patient recovery in the comfort of their homes.; Furthermore, telemedicine has enabled the broader healthcare system to adapt to increased demands and changing patient needs during the pandemic. By providing a platform for remote consultations, telemedicine has helped alleviate the strain on healthcare facilities, ensuring that critical resources are available for patients with severe COVID-19 symptoms. It has also been instrumental in mental health support, offering a lifeline for individuals dealing with anxiety, depression, and other psychological impacts of the pandemic.; Telemedicine's scalability and flexibility have supported public health initiatives, including vaccine education and distribution efforts. Healthcare providers have utilized telemedicine platforms to disseminate information about COVID-19 vaccines, address vaccine hesitancy, and coordinate care for post-vaccination side effects.; In the economic realm, telemedicine has contributed to the recovery by enabling healthcare providers to continue offering services during lockdowns and restrictions, thus sustaining operations and employment in the healthcare sector.

  Tackling economic inequality

  Telemedicine has the potential to address economic inequality in healthcare by making medical services more accessible and affordable to underserved populations. By eliminating the need for physical travel to access healthcare, telemedicine reduces the time and financial burden on patients, especially for those living in remote or economically disadvantaged areas. This accessibility is crucial in countries or regions where transportation costs or the distance to the nearest healthcare facility can be prohibitive.; Furthermore, telemedicine can lower healthcare costs by reducing the demand for physical healthcare infrastructure and the associated operational expenses. This can lead to lower healthcare prices and potentially more investment in preventive care, which is often more cost-effective in the long term. The ability to provide early and preventive care through telemedicine also helps in reducing the severity of diseases, which can be more expensive to treat at advanced stages.

  Equal opportunity

  Telemedicine significantly contributes to equal opportunity in healthcare by bridging geographical, socioeconomic, and systemic barriers that traditionally hinder access to medical services. This technology-based approach to healthcare delivery democratizes access, ensuring that high-quality medical advice and treatment are available to people regardless of their location, income, or social status.

  Wellbeing

  Telemedicine significantly enhances wellbeing by making healthcare more accessible, personalized, and efficient. By enabling remote consultations, telemedicine reduces the stress and inconvenience associated with traditional healthcare access, such as travel time, waiting periods, and exposure to illnesses in medical facilities. This convenience contributes to a more positive healthcare experience, encouraging individuals to seek timely medical advice and follow-up care, thereby promoting preventive health practices and early intervention for health issues.; The ability to receive care in the comfort of one’s home supports mental and emotional wellbeing. For patients dealing with chronic conditions, mobility issues, or mental health concerns, telemedicine offers a less daunting way to access care, reducing anxiety and improving treatment adherence.

Pricing

• Price: £8 to £50 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We offer a free trial to evaluate how Doole addresses telemedicine and to assess our CIMA Concept (Communication, Information, Monitoring, and Adherence). This trial grants professional and patient users access to our standard platform without any customization or integration. The duration of the trial is flexible.

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jmruiz@doolehealth.com. Tell them what format you need. It will help if you say what assistive technology you use.