MyWay Digital Health Ltd

MyWay Clinical

MyWay Health is an evidence based self-management platform for people living with long term conditions, diabetes, CVD, NDH; reducing complications and delivering cost savings with a 5:1 return on investment. MWH provides patients with secure access to their medical records with tailored advice, eLearning, data uploads, goal setting, reminders, alerts.

Features

• Data driven decision support complying with national and local guidelines
• Data presented at population level, to drill down to individuals
• Population profiling for risk prediction
• Predictive Analytics - identifying those at higher risk of complications
• Data driven tracking of compliance with targets and KPIs
• Remote patient monitoring support

Benefits

• Saves clinician time
• Reduces healthcare costs
• Improves compliance with national and local guidelines
• Supports reporting to National Diabetes Audit and service improvement
• Supports achievement of QOF targets and reporting
• Supports personalised medicine
• Reduces unscheduled care and supports remote and self management
• Supports service improvement
• Improves individual and population patient care and diabetes outcomes

£1 to £2 a user a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.betts@mwdh.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

925342816565982

Contact

Chris Betts
+44 (0)7546 670874
chris.betts@mwdh.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The platform is designed around one common set of products (website, app, resources, eLearning etc) that can be configured or 'localised' to each site as required. Further details available on request.
• System requirements:
  • Information Governance requires local approval, typically by the ICB
  • Data Sharing Agreements required with each GP practice
  • Links to all relevant third-party data providers to be agreed
  • Patients need to opt-in to the service
  • [we can help with all of the above]

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The support service operates during Business Hours only, in accordance with our SLA
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Support is available for all registered users of the system; costs for this are included within existing costs of providing and supporting the platform; we include a technical account manager as part of each deployment.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Getting started.; We ensure that the website is complete, functional and is configured with local content and according to local stylesheets. We provide the customer with a Content Management System (CMS) to allow them to modify content. Full training is provided via online tutorials, documents and training manuals. Use Acceptance Testing (UAT) and sign-off criteria are clearly agreed up-front and completed as part of project acceptance. Online training, user guides and online tutorial videos are made available for site users to ensure they achieve maximum benefit from the service.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Online videos
  • ELearning
• End-of-contract data extraction: This would currently be done via a bespoke request. To set this in context: a) we have never been asked for this since the existing My Diabetes My Way service was launched in NHS Scotland in 2008; b) we will look to automate this if/when requests are made; c) any data extract/supply would be done in a fully secure and appropriate manner and in accordance with the consent given and information governance standards.
• End-of-contract process: Clinician access to data would be switched off. Notices would be prominently displayed on the home page and emailed out to Users to explain the situation with due warning given. Data would be securely exported/delivered or archived or deleted as requested and according with consent.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Website has been designed to be 'responsive' and will scale and function on a wide range of devices and screen sizes
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Our platforms are accessed via a web-based interface using modern browsers and users may also download and use our mobile app on Android and Apple devices. In addition, we provide a FHIR-based API to allow data integration with third-party data providers. Service accounts are available to approved organisations. Other interfacing components are primarily designed to draw data into the system (e.g. from Primary Care, Secondary Care, Labs etc, plus from Glucose Monitors and other devices).
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Accessibility tools have been run against the website, results available on request
• API: Yes
• What users can and can't do using the API: We provide a FHIR-based API to allow data integration with third-party data providers. Service accounts are available to approved organisations. Other interfacing components are primarily designed to draw data into the system (e.g. from Primary Care, Secondary Care, Labs etc, plus from Glucose Monitors and other devices).
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Look and feel, inc. colours, logos, Local content, Resources Dataset. A content management system is available to procurers to support local customisation

Scaling

• Independence of resources: We conduct performance monitoring of our software and systems, and resources are reviewed/updated/expanded as necessary, in order for us to conduct our business in a manner that matches or exceeds our SLA. In addition, our service is largely automated and the technology is scalable so there is limited human resource required to maintain normal service

Analytics

• Service usage metrics: Yes
• Metrics types: Exact details TBC with each customer, but includes metrics such as % System Uptime, number of registered users, website hits etc..
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: This is not currently part of the system. Please see the answer to 'Onboarding and offboarding / End of contract data extraction'
• Data export formats: Other
• Other data export formats: As per 'Onboarding and offboarding End of contract data extraction'
• Data import formats: Other
• Other data import formats:
  • Diasend
  • Fitbit
  • Apple Health
  • Google Fit
  • Others TBC

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We guarantee that our service matches or exceeds a 99.5% system up-time during business hours and we offer a pro-rata refund (upon request) for any breach of this target. The refund will be applied as part of the next billing cycle.
• Approach to resilience: Available on request
• Outage reporting: This is currently setup with email alerts. We are looking to provide a public dashboard in due course

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Management & support interfaces use a role based approach to limit the access given to individual accounts to the minimum required to fulfil the job role. Privileged accounts are regularly reviewed and disabled, both as part of the employee exit process checklist, and a periodic review process to check that all access privileges are current.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register QA
• ISO/IEC 27001 accreditation date: 07/08/2021
• What the ISO/IEC 27001 doesn’t cover: TBC
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • DSP Toolkit
  • EU GDPR compliant
  • MHRA Registration - Class I Medical Device (working towards IIa)
  • DTAC

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: DTAC. DSPT. CyberEssentials.
• Information security policies and processes: As detailed within our ISO 27001 policies and procedures, available on request

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All change requests, both external from customers and internal from improvement processes are logged centrally for assessment and if approved, action. Items are allocated to individual team members and work carried out is then tested before being committed into the central repository and published into a test environment where a peer or management code review is carried out before considering the change for inclusion into a subsequent live release. Security is assessed internally throughout the development life cycle, but also audited via regular internal and external auditing to ensure robustness as both the software and external threat landscape changes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We work closely with our Managed Hosting Provider to assess, monitor and protect against vulnerabilities. Our IaaS provider regularly patches all our hardware, together with industry-standard anti-virus and firewall protection etc. Our platform undergoes independent Penetration Testing to ensure it is as safe as we can make it.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: As per previous answer
• Incident management type: Supplier-defined controls
• Incident management approach: As per previous answer (email alerting now, user dashboard to follow)

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  There are documented benefits of remote monitoring and telemedicine versus face-to-face consultations through reduced greenhouse gas emissions from travel by patients attending appointments; https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8966787/; ; MyWay Digital Health have signed up to SME Climate Hub where we have made a pledge to do our part for climate change and work towards net zero by 2050. We are currently carrying out our baseline where we can measure our carbon footprint improvements going forward.

  Covid-19 recovery

  Patients receiving care standards for diabetes have dropped following Covid. MyWay platforms offer reminders to patients to receive the appropriate care measures that are proven to improve health.

  Tackling economic inequality

  MyWay Digital Health We are part of The Real Living Wage Foundation where we have signed up to pay our staff not only minimum wage, but to go above this and promise to pay our staff the real living wage. We are mindful and always work towards closing the gender pay gap.

  Equal opportunity

  MyWay Digital Health work under an equal opportunity policy which is available upon request, and includes the equal opportunity statement to employees; MyWay Digital Health is committed to promoting equal opportunities in employment. You and any job applicants will receive equal treatment regardless of age, disability, gender reassignment, marital or civil partner status, pregnancy or maternity, race, colour, nationality, ethnic or national origin, religion or belief, sex or sexual orientation (Protected Characteristics)

Pricing

• Price: £1 to £2 a user a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.betts@mwdh.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.