RESPONSIVE HEALTHCARE SOLUTIONS LIMITED

CliniBooks Immunisation Management System

A clinical management solution supporting organisations to manage the national immunisation programme for school aged children. The system provides a complete pathway from the scheduling of school visits, to consenting by parents and guardians on line and recording and reporting immunisations as carried out in schools and clinics.

Features

• Online consent form which populates the individual child record
• Dashboards track school programmes, displaying child status and vaccines required
• Tablet and mobile phone compatibility
• Cloud based service with functionality to work off-line and synchronisation
• Schedules school visits and matching staff availability
• Individual child record inc. consent, triage and immunisation
• Real-time reporting, configured to national and local requirements
• Text confirmation for consent and immunisation
• Supports electronic consent for COVID-19 for 12-15 year olds
• Recording of childhood flu, HPV, MenACWY Td/IPV and MMR

Benefits

• Electronic consent - convenient for parents and saves admin/clinical time
• One immunisation record for each child in real time
• Dashboards and worklists - online tracking at programme/individual level
• Secure system, encrypted, password protected ensuring safe processing of data
• Electronic forms with mandatory fields improves patient safety/data quality
• Intuitive, colour coded forms support clinicians to manage workload
• Real-time analytics supports teams to meet their KPIs
• Controls that reduce vaccination errors
• Real time KPI's to increase vaccination uptake and reduce waste
• Portal to enable parents to book clinic appointments on line

£0.15 to £0.40 a transaction

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rose@responsivehealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

981232634528880

Contact

Rose Bolton
07979771262
rose@responsivehealth.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Planned maintenance would normally be undertaken outside of normal working hours within the contract.
• System requirements:
  • Supported web browsers include IE11, Chrome, Edge, Safari
  • Supported on Android (5.0+) mobile and tablet devices
  • Supported on iOS (8.0+) mobile and tablet devices
  • A PDF reader is required to open generated documents

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Technical and End user support for users - Monday to Friday, 08:00 to 18:00 excluding public holiday. Weekend support can be offered at an enhanced cost. Responsive Healthcare will use all reasonable endeavours to provide technical support services in accordance with the following services levels: (a) Critical issue resolution time – 4 business hours (b) Serious issue resolution time – 6 business hours (c) Moderate issue resolution time – 1 business day (d) Minor issue resolution time – 3 business days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support can be accessed through CliniBooks IMS which uses 3rd party software (Freshdesk). The service provider will use all reasonable endeavours to provide technical support services in accordance with the following service levels (a) Critical issue resolutions time - 4 business hours (b) Serious issue resolution time - 6 business hours (c) Moderate issue resolution time - 1 business day (d) Minor issue resolution time - 3 business days
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide onsite training and user documentation for all our systems. At deployment we offer floor walking on site for the first 1 or 2 days where appropriate. All our systems have a training module so staff have the opportunity to familiarise themselves with any new changes.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Word
• End-of-contract data extraction: As part of our contract we commit to working with our clients to ensure appropriate data transfer can take place.
• End-of-contract process: On termination or expiration of a contract RHS promptly purge and destroy all Customer Confidential Information, and Customer Data contained in the ASP Infrastructure and Applications within 3 weeks and give a written undertaking through an officer of the Service Provider stating that this has occurred. Should there be a requirement for data transfer the methodology would be discussed with the client. Depending on requirements there could be additional costs at £1000.00 per day

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile application offers the same level of functionality as the desktop service
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Workflows and forms are fully configurable to meet any specific requirements if any changes to the standard configuration are needed. Responsive Healthcare consultants will work closely with you during the implementation of the system to define and input these changes. Letter template, dropdown lists and KPI's can be configured by the systems administrator. In the pandemic we rapidly recreated the functionality to record the COVID-19 vaccination and create electronic consent forms for 1, 2 and booster vaccinations. Text confirmations e.g. to confirm that a consent has been received and a vaccination has been carried out. Content configurable to client.

Scaling

• Independence of resources: With our cloud partner, Microsoft Azure, we are able to scale up to large volumes with ease so that users are unaffected when demand is high. RHS technicians regularly monitor performance to identify any bottlenecks or issues that may affect performance.

Analytics

• Service usage metrics: Yes
• Metrics types: RHS work closely with the client to obtain key performance metrics and ensure that the system can produce the routine reports that they require. Where there are national returns we produce reports in the format that the client requires so that client effort is more about checking accuracy rather than report configuration to meet national/local needs. The system produces reports to meet the needs of commissioners and Public Health England.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be exported into CSV/excel spreadsheet
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • HL7 messaging
  • JSON
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Excel
  • HL7 Messaging
  • JSON
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Responsive Healthcare Solutions will use reasonable endeavours to make the Services available 24 hours a day, seven days a week except for: planned maintenance and unscheduled maintenance performed outside Normal Business Hours, advance notice of which will only be given where reasonably practicable. Through our cloud partner, Microsoft Azure, we are able to offer 99.95% up-time on our application services and 99.99% on our databases. All of our servers are geo-replicated across 2 data centres in the UK ensuring high availability. If an incident occurs which cannot be handled using normal procedures, a major incident will be declared and the Business Continuity Policy will be used to provide a framework for a response to the incident. An incident report will also be filed once the immediate situation is brought under control. There are currently no refund arrangements in place. Loss of service availability will be assessed on a case by case basis depending on the cause, extent and impact of the loss of availability. A root cause analysis will be performed, and practical steps to prevent further future service disruption will be put in place as part of policy.
• Approach to resilience: Databases will be hosted as an Azure SQL Server database. Patient documents (such as referral letters, histology reports) will be stored on Azure Storage Blob. Database backup files will be installed on a separate Azure Storage Blob. The authentication database for managing users will be on a separate restricted virtual network. Only the applications services listed above, and the Service Provider will have direct access to the database. Immunisation databases and patient documents will be stored on a separate restricted virtual network. Only the immunisation application service, the Service Provider and the Customer will have direct access to the network. The customer can connect and retrieve data from the network via a Site to Site VPN connection. All data will be geo-replicated across the 2 UK datacentres. All data will be AES256 encrypted at rest. Each database will have maximum of 250GB of storage. Each storage blob will have maximum of 250GB of storage. Microsoft Azure SQL Server SLA Monthly Availability 99.9% Microsoft Azure Blob Storage SLA Monthly Availability 99.9%
• Outage reporting: Responsive Healthcare Solutions utilises industry standard monitoring solutions which immediately alert our teams to a service outage. Contact with customers is made via telephone or email to agree contacts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: All users are approved by the organisation/clients. Users must use organisation specific email. Role based system, agreed with client. Client responsible for removing/informing RHS re individuals as users.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: NHS Digital Security Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Annually complete Data Security Protection Toolkit for NHS Digital
• Information security policies and processes: Responsive Healthcare Solutions is a small organisation and any variance from our information security policies is very evident. The Technical Director approves access to systems within the company and individual access rights to the systems themselves. Our overarching Information Policy includes policies on password management, individual system policies, introducing new systems, information governance and data protection, information risk management, monitoring access, information breaches, transmitting patient data, clear desk policy, mobile computing, disposal of equipment. This list is not exhaustive. New staff which would include contractors would be taken through the overarching policy and its contents and asked to sign their understanding. Policies are updated every year as part of the DSP Toolkit and staff are made aware of any changes. Where there is a change outside of the annual review, policy changes are made.The company holds Cyber Essentials.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All requests are logged via our support desk and issued with a unique reference number. This tracks the issue through to completion within the assigned team. Should the issue require software development effort, it is managed through our DevOps software. Servers and infrastructure are hardened in line with industry standard best practice. The environment and applications are tested for vulnerabilities, with any issues treated as faults and resolved appropriately.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Through our cloud partner, Microsoft Azure, our databases are scanned and technicians are alerted to any issues on a weekly basis. RHS are immediately notified if data is accessed from an unknown location. We annually perform penetration and security testing though an independent third-party. Results of the tests are resolved by making a development change or making configuration changes to the hosted platform. In either case, the fixes are made based on priority according to the nature of the software and hosting methods.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Potential compromises are identified immediately by our cloud partner, Microsoft Azure. In the event of a breach or security incident which relates to the customer or the infrastructure, the customer would be informed typically via phone call or via email. Remediation/action takes place immediately and all security incidents are logged.
• Incident management type: Supplier-defined controls
• Incident management approach: RHS does have systems in processes in place. Processes follow those set out by the Information Commissioner's Office. Depending on the severity of the incident, an individual would report to one of the directors. Incident would investigated. If the incident included data relating to a client (organisation using system) then the client would be informed. If the incident was serious then it could be reported to the ICO or through NHS reporting.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Wellbeing

  Covid-19 recovery

  Our system has the functionality to manage a COVID vaccination programme. Helping to manage health in the community.

  Wellbeing

  Our system supports the effective, efficient and safe delivery of a community immunisation service. All information is held securely in the cloud to Industry standard. The maximum uptake of school aged immunisation is a government target and extremely important for the health of the nation. Our System can easily highlight children that have yet to be consented and which enables school immunisation teams to actively call parents and guardians to encourage attendance by the child. Our electronic consent form makes it easy for parents to consent to their children vaccinated on line at any time of the day or night. There are links to further information which help parents to make an informed decision about the vaccination of their child. Not only does the system promote wellbeing for school aged children but it supports immunisation teams who need to provide this service in a safe and effective manner. At a glance clinicians can see if a patient has an "alert" on their file and should not be vaccinated. Its easy to follow process makes sure that all key information is entered on each child. This helps the immunisation to having the right tools to carry out such an important factor of their jobs

Pricing

• Price: £0.15 to £0.40 a transaction
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: RHS can provide access to a trial area on request. The trial area will have full functionality. Access to the trial area will be limited to 30 days and entering actual patient data into the trial area is strictly prohibited.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rose@responsivehealth.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.