ORCHA Health Ltd

ORCHA: Digital Health Data Insights and Research System

ORCHA has created the world's largest database on digital health technologies, that provides unique insights into all aspects of technologies that can be used in healthcare settings. ORCHA can deliver an on-demand data dashboard for live interrogation of data or deliver bespoke research programmes.

Features

• Data dashboards built around your specific needs
• Dashboards have drill down and segmentation functionality
• Data insights built in 'off-the-shelf' data visualisation packages
• Research programmes built for horizon scanning to inform best practice
• Digital reports/insights available for digital health technologies in specific conditions
• Data insights can be live and on-demand or asynchronous reporting
• Data available via API to power Buyer's dashboards

Benefits

• Data from 300,000+ products, 18,000+ assessments conducted on 7,000 products
• Includes native iOS/Google apps and also selected WebApps
• Combined data from multiple sources, including public and proprietary datasets
• Charging based on condition area or total market

£3,000 an instance a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tim.andrews@orchahealth.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

896375520815483

Contact

Tim Andrews
07798931630
tim.andrews@orchahealth.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Chrome v51
  • Firefox v54
  • Microsoft Edge v14
  • Safari v10
  • Microsoft Internet Explorer v11
  • Opera v38

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Online support management solution for end users and an online/telephone support solution for ORCHA ProAccount users, client assessors and client administrators. Operates between 0800 and 1800 (UK) on business days. We will respond to: Priority 1 tickets - six hours of receipt by US; Priority 2 tickets - twelve hours of receipt by Us; and Priority 3 tickets - 24 hours of receipt by Us
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: We will endeavour to ensure that the platform will be provided with a 99.7% availability rate (excluding scheduled maintenance slots which will be restricted to off peak times between the hours of 1800 and 0800 UK time). We provide an online support management solution for end users. The support function operates between the hours of 0800 and 1800 UK time on Business Days. The support function will look after all user and system related queries and bugs. The relevant platform elements will be available during the Contract term. It will be decommissioned within 4 weeks of the end of the Contract unless a further Contract has been agreed within 30 days of the contract end date. We will save all platform data for a period of three (3) months from the end of the Contract. This can be provided to You in csv.format upon request.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a comprehensive implementation support service, as set out in the service summary documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We provide users with csv. extracts of their data for up to three months following the end of their contract term.
• End-of-contract process: Customer data extract in csv. format

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The ORCHA platform is accessed via the web. Power users access their services via their My ORCHA account which hosts all relevant services.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The ORCHA platform is accessed via the web. Power users access their services via their My ORCHA account which hosts all relevant services.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have undertaken extensive end user testing through the multiple iterations and updates to the overall ORCHA platform.
• API: Yes
• What users can and can't do using the API: Users can access all data components of the hosted service through the ORCHA APIs.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The ORCHA platform is highly configurable with many elements that customers can tailor to their own requirements as detailed in the Service description document.

Scaling

• Independence of resources: We use standard load balancing solutions within our AWS hosting environment.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide a comprehensive set of Performance Dashboards and reporting as detailed in the services summary document.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Via a csv. extract upon request
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: We will endeavour to ensure that the Platform will be provided with a 99.7% availability rate (excluding scheduled maintenance slots which will be restricted to off peak times between the hours of 1800 and 0800 UK time).
• Approach to resilience: Available on request
• Outage reporting: Email alerts; SMS alerts; Slack alerts

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: All access is user-specific e.g. None-free to access.; Services are restricted to user accounts that require user names and passwords.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: It is ORCHA’s policy to maintain an Information Security Management System designed to meet the requirements of the ISO 27001:2013 Standards. Our ISMS manual contains details of the management system, processes and procedures in operation at ORCHA that are aligned to the requirements of ISO 27001:2013. Specifically, 1) How the standard is applied to all relevant activities within the scope of the management system 2) Procedures, policies and other documents used by the company 3) Accountabilities and responsibilities for the implementation and maintenance of the standard.
• Information security policies and processes: Our Information Security policies and processes are aligned to those outlined within the ISO 27001 standard. These policies and processes are overseen by our Head of IT who is a member of the organisation's Senior Leadership team, which reports to the Executive Leadership Team who comprise of Board level members.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We adopt a security by design methodology. All updates to core systems are rigorously tested through each stage of the testing cycle. This includes: - Unit Testing - Integration Testing - Regression Testing - User Acceptance Testing These elements are integral to the overall development process that follows an Agile methodology that is managed with a strict change control model underpinning it.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We undertake regular vulnerability and penetration testing. We regularly review our overall system security in preparation for these tests and we maintain a log of open source and third party software. We rely upon and monitor these elements for patches and updates on a regular basis.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We have an e-ticketing system and a prioritisation process within this that enables us to rapidly identify issues as they arise. We will respond to P1 incidents within 6 hours of notification and resolve these within 48 hours.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management approach is via our e-ticketing system or telephony support model. Incidents can be raised directly by end user via these channels or via our dedicated Account and Delivery management function. We maintain regular updates regarding live incidents and our Account and Delivery management team maintain regular contact with impacted users and monitor these issues on a monthly basis as part of the general client reporting and review processes.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Our solution prioritises access to and visibility of digital health products that will have a demonstrable impact on traditional service delivery and their environmental impact, through enabling: - Remote monitoring including multidisciplinary team working - Telecare and telehealth solutions - Effective demand management and capacity planning
• Covid-19 recovery:

  Covid-19 recovery

  Digital healthcare has been identified as a key enabler to healthcare systems Covid-19 recovery plans, including at a national level within the current NHS Operating Plan and 'Delivery Plan for Tackling the Covid-19 backlog of Elective Care'. Assessment of digital health products against NHS DTAC standards at scale and at pace will be crucial to achieving these strategic aims and objectives.

Pricing

• Price: £3,000 an instance a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tim.andrews@orchahealth.com. Tell them what format you need. It will help if you say what assistive technology you use.