EARL Health Technology Ltd

EARL

EARL offers health systems of all sizes the ability to make, manage and receive informed, safe, closed-loop, internal and external referrals electronically, with automated recommendation of referral routes.

EARL is made by clinicians, for clinicians, and is therefore well received by clinical teams.

Features

• Electronic referrals to ANY other service(s)
• Optimise patient flow through emergent and unscheduled care
• Integration with ANY other system(s)
• Automated patient communication by SMS, email or automated phone call
• Integration with NHS Spine, GP Connect, PDS etc
• Clinical guidance and education portals with integrated governance tools
• Offline mode for iOS/Android
• Real time clinical performance / reporting / escalation tools

Benefits

• Decreased hospital admissions
• Reduced time to treatment by up to 95%
• Automatically identify and prevent care delays
• Reduced / removed referral administration burden
• Improved clinical safety
• Improved patient experience
• Improve
• Reduces clinical supervision burden
• Increased clinician confidence and satisfaction
• Distributed clinical workload across health ecosystems

£35,000 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@earl.health. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

941234726563721

Contact

Leigh Rogers
01785908002
contact@earl.health

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: A modern web browser such as Google Chrome

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: High priority tickets = under 1 hour, 24 hours a day, 7 days a week.; Others = within 24 hours, 7 days a week.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We have only one core support level, which inclues 24 hour availability of our technical team by web ticket or phone. Priority issues are dealt with 24 hours a day. Routine questions and tickets are dealt with during office hours. This support level is included within the cost of the core product. We provide a technical account manager and a customer success manager as part of this.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide; Onsite training; Online learning content such as videos and user guides; Online user documentation
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: Our applications are intended to regularly return data to a primary EPR and the requirement for an end of contract data exchange is therefore unlikely. ; ; However, we can provide data via secure download, direct database access or via physical media such as USB or portable hard drive.
• End-of-contract process: We will work with the client to create a clinically safe end-of-service process, subject to our standard professional services costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We have native iOS and Android applications for use on mobile devices, but users can also access the application via a web browser on a mobile device. The application is fully responsive. That is to say, there is no reduction in functionality by using a mobile device.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Users can self-maintain the vast majority of the configuration, content and application behaviour, without a requirement for intervention from our technical team.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Our API enables users to send/receive patient details and events, and receive referral information including binary data, in order to insert it into an EPR or other document management solution.; ; We offer a bespoke API service, amongst other techniques, to ensure that our application can interact with any other system.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Any user with the "Service manager" permission can enable/disable every single function within the application. IE, can turn on or off the ability to make referrals, send SMS, show patient leaflets, show clinical support, record observations etc.; ; Any user with the "User manager" permission can enable/disable any of the functions described above based upon user permissions.; ; Any user with the "Content manager" permission has have full control over their own content, including learning materials, clinical support documentation such as guidelines, policies and patient information leaflets etc.; ; Any of these users can use the web based service portal to make any of these changes without intervention from our technical team.

Scaling

• Independence of resources: Our platform is regularly stress tested against 10x the number of current and expected users and there has been no reduction in performance or service availability.; ; In addition, the cloud-first nature of our platform means that our capability can expand dynamically both vertically and horizantally in order to cope with expected and unexpected demands.; ; We provide a 99.5% minimum uptime guarantee as standard, with other resilience services available at extra cost.

Analytics

• Service usage metrics: Yes
• Metrics types: We have extensive analytical and reporting tools that provides metrics such as attendances; patient wait times; statistics around viewing of clinical support documents; referral pathway usage; service performance times (time to read/action referrals etc); patient engagement - number of SMS and content read; feedback responses etc; statistics around user devices; OS, device, software etc.; ; Referrals, pathways and services can be reported against pre-defined SLA's.; ; Our clinical safety tools can also provide recommendations for improved pathway utilisation by making recommendations to pathway / service eligibility criteria.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Our applications are intended to integrate with other EPRs and clinical systems, though, users can export data via the user interface in PDF or CSV formats.
• Data export formats: CSV
• Data import formats: Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We offer a 99.5% uptime SLA as standard.; ; A 99.95% uptime guarantee, with a range of additional resilience and assurance tools such as multi-zonal redundancy is available at extra cost.
• Approach to resilience: Available upon request.
• Outage reporting: We have a public dashboard available here https://status.earl.health/.; We can also provide this information via API, email alerts or even SMS alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces and our production application and database environments is restricted to a handful of authorised individuals, with a well defined and specific need. This is reviewed annually as part of our DSPT reviews.; ; Enforced Multi Factor Authentication, IP whitelist, and certificate based VPN access is in place.; ; Passwords policy follow NHS Digital, Cyber Essentials and National Cyber Security Centre best practices.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • DCB1592 - NHS Digital Secure Email Standard
  • Our hosting provider has ISO 27001 Certification
  • Our hosting provider has ISO 22301 Certification
  • Our hosting provider has ISO 27017 Certification
  • Our hosting provider has ISO 27018 Certification
  • Our hosting provider has ISO 9001 Certification
  • Our hosting provider has HIPAA Certification
  • NHS Digital DSPT
  • NHS Digital Digital Technology Assessment Criteria

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our security governance methodology and processes have been defined primarily by standards within ISO27001:2013, Cyber Essentials Plus and from the NHS Digital DSPT. We are actively working towards ISO27001 accreditation and expect to have this before December 2024. We can provide services accredited to SOC-2-Type II, ISO 27001/22301/27017/27018/9001 and also with HIPAA and CSA. Should you have any questions relating to security governance, please reach out to us at security@earl.health
• Information security policies and processes: Information security policies and process are drawn primarily from those defined within ISO27001:2013, Cyber Essentials Plus and from NHS Digital DSPT, as such we have implemented an Information Security Management System. To support this initiative comprehensive Information security policies serve as overarching guidelines for the use, management, and implementation of information security throughout the EARL eco-system. Internal controls provide a system of checks and balances intended to identify irregularities, prevent waste, fraud and abuse from occurring, and assist in resolving discrepancies that are accidentally introduced in the operations of the business. EARL's Information Security Management Plan and Policies reflects commitment to stewardship of sensitive personal information, clinical information and critical business information, in acknowledgement of the many threats to information security and the importance of protecting the privacy of EARL constituents, safeguarding vital business information, and fulfilling legal obligations. The plan is reviewed and updated at least twice a year.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We use an accelerated application lifecycle (ALM) engine with AI powered automation including dependency analysis, exception and edge case testing to deploy changes to database, architecture and application through isolated development, testing and production environments. ; All changes are fully logged and reviewed using industry standard tools such as JIRA.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: As a fully cloud based provision, EARL utilise third party IaaS tools, and constant, static code analysis tools to find vulnerability and weak security practices. When a patch for a critical vulnerability is available that directly impacts runtime applications, it is automatically installed without any downtime.; ; Information about threats is gathered from various sources including: developer bulletins, security mailing lists and other internet sources.; ; Internal vulnerability scanning is conducted at least every six months and an independent penetration test at least every 12.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use a multilayered protective posture to include enforced encryption, a WAF (Web Application Firewall), intrusion detection and stage isolation. Our event-driven architecture facilitates the detection of anomalous patterns and activities that might indicate potential security threats. Events are processed and analyzed. Deviations from normal behavior triggers alerts for further investigation.; ; We routinely commission external review & testing.; ; Potential compromises are graded and assessed and appropriate plans made. Actual compromises are prioritised for immediate resolution.; ; At additional cost, we can also provide a dedicated SecOps and 24x7 CSIRT with SOC2 Type II, PCI DSS and HIPAA compliance.
• Incident management type: Supplier-defined controls
• Incident management approach: EARL has a pre-defined Incident Response Plan (IRP) for managing incidents. The IRP and our Business Continuity Plan (BCP) are aligned to the National Cyber Security Centre (NCSC) response and recovery planning toolkit, and NHS Englands’ business continuity toolkit.; ; Users can report incidents by web ticket, email or phone. ; ; Our IRP/BCP commit to providing written (email) post-incident reports to key stakeholders within 72 hours of the incident conclusion, and updates every four hours during ongoing incidents.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are providers of digital services. Our organisation is cloud-based and fully remote.; ; We do not have an office, have no requirement to travel and our SMT already utilises 100% renewable electricity within their homes.; ; We do not have traditional supply chains,waste to dispose of, or a manufacturing process of any sort.; ; We assert therefore, that there is limited opportunity for us to meaningfully increase our green position.; ; However, we would welcome the opportunity to demonstrate our ‘green credentials’ and are happy to commit to measure and disclose Scope 1,2 and 3 carbon emissions.; ; We also commit to achieve and evidence NZC before 2030.; ; We will publish the outcomes of both activities, publicly, in our compliance and governance portal, with our NZC 2030 action plan.

  Tackling economic inequality

  NT10. There is a significant UK skills gap in our specific area of industry that represents a; risk to supply chain resilience and capacity.; The team on this contract will work with our partner organisation, PC-Paramedics, to; jointly support the recruitment of at least one full time advanced or higher apprenticeship,; for a technical role, for the full duration of the contract. We will also seek to jointly recruit; at least one full time administration based apprentice, making the total 2 FTE between the; two organisations.

  Equal opportunity

  We will register with the Government’s Disability Confident programme and will liaise with their teams to become a Disability Confident Employer (Level 2).; ; We will work with the Jobcentre Plus to offer people with disabilities:; ● Work trials for every role advertised; ● Job shadowing opportunities at three times per year (2 days each); ● Apprenticeships (At least 2 FTE per year, as per Q2); ● Paid internships (2 x 2 months each); ● Student placements

  Wellbeing

  NT29a; Volunteering has long been part of our sense of social value with both of our directors and founding members having a long history of volunteering. We feel passionately about supporting our local community and offer a ‘matched hours’ supported volunteering agreement for all of our employees who wish to volunteer for health-care related charities such as Community First Responders, Search and Rescue, Lifeboat or health education charities and community projects.; ; This means that we will support employees who volunteer for these kinds of charities to; be available to the emergency service charities on an on-call basis during their employed; working hours.; ; We will also provide a matched hours scheme, up to 10% of the employees FTE; equivalent. This means that if a full time employee volunteers for 3.5 hours per week; outside of their working hours, we will provide them with 3.5 hours per week, paid time, to; further support the charity.; ; Assuming that at least 4 new FTE’s are recruited, this means that employees from our; organisation will provide a minimum of 56 hours per week (1.6 FTE) of support to local; charitable causes.

Pricing

• Price: £35,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@earl.health. Tell them what format you need. It will help if you say what assistive technology you use.