Code

Question

Response

A1

Provide the name of your company

Informatica Systems Ltd

A2

Provide the name of your product

Skyline

A3

Provide the type of product

Software as a Service (SaaS)

A4

Provide the name and job title of the individual who will be the key contact at your organisation

Andrew Syme

Operations Director

A5

Provide the key contact's email address

Support@ishealth.co.uk

A6

Provide the key contact's phone number

03303353100

A7

Provide the registered address of your company

Aurora House, Deltic Avenue, Rooksley, Milton Keynes, Buckinghamshire, United Kingdom, MK13 8LW

A8

In which country is your organisation registered?

UK

A9

If you have a Companies House registration in the UK please provide your number

02866377

A10

If applicable, when was your last assessment from the Care Quality Commission (CQC)?

Not applicable

A11

If applicable, provide your latest CQC report.

Not applicable

Code

Question

Response

B1

Who is this product intended to be used for?

Diagnostics | Clinical Support

B2

Provide a clear description of what the product is designed to do and of how it is expected to be used

Skyline is a cross platform primary care software product consisting of a wide range of clinical analytical software solutions and clinical decision support tools for use in the primary care, commissioning and public health sectors.

It is a replacement product line on a cloud based architecture for Informatica’s existing iCAP Audit+ (and related modules) product suite.

Skyline is closely aligned with NHS Digital’s GPIT Futures programme and designed to support the Clinical Decision Support, Risk Stratification and Population Health Management capabilities.

Skyline acquires and processes patient clinical data from the principal clinical systems and analyses it against pre defined criteria to create cohorts of patients according to user defined sets of rules. This data is then presented in an interactive format.

Clinical decision support content is presented to clinical users to enable them to act on the results delivering high quality care for better outcomes. 

Skyline has the infrastructure to add the functionality to collect patient data from end users according to user defined set of rules and to call and re call patients to practices and clinics.

Skyline’s Clinical Decision Support capability consists of 5 core elements which are used to provide Solutions to customers:

1. Data Acquisition - This takes inputs from principle clinical systems and stores the data within our database in a common format.

2. Calculators - The calculators provide implementations of pre-existing algorithms used within solutions.

3. Logical Query Definitions - LQDs are used to codify the rules that identify cohorts; lists of patients, sometimes referred to as registers. They provide query, filter and simple logical and calculation functions as well as the ability to pass and receive data to calculators.

4. Analysis Engine - The Analysis Engine uses the LQDs and calculators to create cohorts based on the data available from Data Acquisition. Cohorts are displayed as actionable information to users.

5. Dashboards - Dashboards can be provided to provide overview displays to support review and management of cohorts.

Based on their requirements, Customers will be provided Solutions which include cohorts and, where necessary, dashboards. Solutions are not individually CE/CA marked but are assured to confirm the implementation does not adversely affect the overall assurance of the Skyline product.

Clinical Calculators and Tools

Skyline includes the implementation of various clinical calculators / tools and algorithms (referred to more generally as ‘calculators’). None of the algorithms have been developed by Informatica. The calculators are simply implementations of pre-existing algorithms. These calculators can be used to access the risk of a particular condition for a selected patient (eg. eRAT Cancer Calculators). They may use data that has been extracted from the patient's clinical records, or require the entry of data by a clinician.  Some calculators can be used on an ad-hoc basis by the clinician, and some are used within solutions with the data obtained solely from the patient's clinical record.  The results can be used to warn the clinician of potential areas of risk.  Where relevant the result of the calculator is written back into the patient's clinical record against a suitable clinical code (Read or SNOMED).

Intended Use

Skyline is intended to support GP practices and commissioners to improve the quality of patient care, increase efficiency, meet national and local targets and maximise practice income.

Skyline is a primary care data analysis tool that downloads and analyses patient data from the principal clinical system and presents the findings in a given way based on requirement or user specification. It has the ability to deliver clinical decision support in the form of patient cues and in future releases will support collection of patient data and patient recall. Skyline supports a range of third party patient tools and risk calculators.

B3

Describe clearly the intended or proven benefits for users and confirm if / how the benefits have been validated

Skyline is designed to help practices improve their data quality to help underpin the delivery of high quality patient care. It allows easy analyses of general practice clinical data for local and national service supervision and other primary care initiatives.  It also provides clinical decision support cues to influence GP behaviours at the point of consultation.

It is configurable to include a range of solutions to help deliver quality and productivity improvement initiatives, medicines optimisation and to support the implementation of and delivery against local or national guidelines, enabling the delivery of cost savings. 

The Public Health support suite of solutions aim to support Local Health Organisations who need to ensure successful delivery of public health programmes through primary care.  Examples include Immunisation programmes, virus monitoring and risk stratification, patient management and deployment of NHS Health Checks.

B4

Please attach one or more user journeys which were used in the development of this product

Where possible please also provide your data flows

Not available

Code

Question

Response

C1.1

Have you undertaken Clinical Risk Management activities for this product which comply with DCB0129?

Yes

C1.1.1

Please detail your clinical risk management system

Hazard and Risk Assessment

Skyline Development and Operation follows a systematic hazard identification exercise has taken place for Skyline, as outlined in the Skyline Risk Management Plan.  This included identifying the overall safety goal and performing preliminary and functional hazard identification.

All identified hazards and the subsequent risk analysis and risk management are documented and tracked in the Skyline Hazard Log which is held on Jira.  A summary of the entire hazard assessment is outlined in the following sections of this Clinical Safety Case and Closure Report. 

Foreseeable Misuse and Safety Hazards

Preliminary hazard identification has identified potential 14 potential foreseeable misuses, safety and data protection hazards which could arise associated with the Skyline system, if not sufficiently mitigated or controlled.

Safety Goal

The top-level safety goal for Skyline is to assure that Skyline is manufactured as acceptably safe for its intended use and indications of use.

The criteria for risk acceptability for Skyline are defined in the Skyline Risk Management Plan, however, the overall goal is to manage all residual safety risk as far as possible (AFAP).  This safety goal is achieved through demonstrable compliance to industry best practice safety standards, including ISO 14971 and DCB0129.

C1.1.2

Please supply your Clinical Safety Case Report and Hazard Log

Available on Request

C1.2

Please provide the name of your Clinical Safety Officer (CSO), their profession and registration details

Beverly Scott

Details available on request

C1.3

If your product falls within the UK Medical Devices Regulations 2002, is it registered with the Medicines and Healthcare products Regulatory Agency (MHRA)?

Yes

C1.3.1

If yes, please provide your MHRA registration number

6112

C1.3.2

If the UK Medical Device Regulations 2002 are applicable, please provide your Declaration of Conformity and, if applicable, certificate of conformity issued by a Notified Body / UK Approved Body

Provided

Open

C1.4

Do you use or connect to any third-party products?

No

C1.4.1

If yes, please attach relevant Clinical Risk Management documentation and conformity certificate

Not Applicable

Code

Question

Options

C2.1

If you are required to register with the Information Commissioner, please attach evidence of a current registration.

If you are not required to register, please attach a completed self-assessment showing the outcome from the Information Commissioner and your responses which support this determination.

Provided

Open

C2.2

Do you have a nominated Data Protection Officer (DPO)?

Yes

C2.2.1

If you are required to have a nominated Data Protection Officer, please provide their name.

See ICO Registration

Z1172626

C2.3

Does your product have access to any personally identifiable data or NHS held patient data?

Yes

C2.3.1

Please confirm you are compliant (having standards met or exceeded status) with the annual Data Security and Protection Toolkit Assessment.

Confirmed

8HK35

C2.3.2

Please attach the Data Protection Impact Assessment (DPIA) relating to the product.

Provided

See https://ishealth.atlassian.net/wiki/spaces/CSD1/pages/2465267744

C2.4

Please confirm your risk assessments and mitigations / access controls / system level security policies have been signed-off by your Data Protection Officer (if one is in place) or an accountable officer where exempt in question C2.2.

Confirm

C2.5

Please confirm where you store and process data (including any third-party products your product uses)

UK

C2.5.1

If you process store or process data outside of the UK, please name the country and set out how the arrangements are compliant with current legislation

AWS is an approved Cloud Provider for NHS

Code

Question

Response

C3.1

Please attach your Cyber Essentials Certificate

Provided

Open

C3.2

Please provide the summary report of an external penetration test of the product that included Open Web Application Security Project (OWASP) Top 10 vulnerabilities from within the previous 12-month period.

Provided

Available on Request

C3.3

Please confirm whether all custom code had a security review.

Yes - Internal code review

C3.4

Please confirm whether all privileged accounts have appropriate Multi-Factor Authentication (MFA)?

Yes

C3.5

Please confirm whether logging and reporting requirements have been clearly defined.

Yes

C3.6

Please confirm whether the product has been load tested

No

AWS capacity is elastic, though V&P testing is planned in our backlog.

Code

Question

Response

C4.1

Does your product expose any Application Programme Interfaces (API) or integration channels for other consumers?

No

C4.1.1

If yes, please provide detail and evidence:

Not Applicable

C4.2

Do you use NHS number to identify patient record data?

Yes

C4.2.1

If yes, please confirm whether it uses NHS Login to establish a user’s verified NHS number.

If no, please set out the rationale, how your product established NHS number and the associated security measures in place.

Patient Log-in is not supported in our application.

Data is extracted from the Principal Clinical System who are responsible for ensuring the correct establishment of NHS Number.

C4.3

Does your product have the capability for read/write operations with electronic health records (EHRs) using industry standards for secure interoperability (e.g. OAuth 2.0, TLS 1.2)

No because the product does not read/ write into EHRs directly

C4.3.1

If yes, please detail the standard

Not Applicable

C4.3.2

If no, please state the reasons and mitigations, methodology and security measures.

Skyline reads and writes into the Principal Clinical System through the NHSD Assured IM1 interface

C4.4

Is your product a wearable or device, or does it integrate with them?

No

C4.4.1

If yes, provide evidence of how it complies with ISO/IEEE 11073 Personal Health Data (PHD) Standards.

Not applicable

Code

Question

Response

Supporting information

D1.1

Understand users and their needs in context of health and social care

Do you engage users in the development of the product?

Yes

NHS Service Standard Point 1

D1.1.1

If yes or working towards it, how frequently do you consider user needs in your product development and what methods do you use to engage users and understand their needs?

All design and operational changes consider user needs. Changes are subject to user assessment prior to deployment where appropriate

D1.2

Work towards solving a whole problem for users

Are all key user journeys mapped to ensure that the whole user problem is solved, or it is clear to users how it fits into their pathway or journey?

Working towards it.

Skyline replaces an existing product and the company staff have extensive knowledge of the environment, pathway, uses and challenges. The company is working towards formally mapping all these journeys.

NHS Service Standard Point 2 and Point 3 are often dealt with by teams together.

D1.2.1

If yes or working towards it, please attach the user journeys and/or how the product fits into a user pathway or journey

No evidence available

D1.3

Make the service simple to use

Do you undertake user acceptance testing to validate usability of the system?

Yes

NHS Service Standard Point 4

D1.3.1

If yes or working towards it, please attach information that demonstrates that user acceptance testing is in place to validate usability.

Available on request

D1.4

Make sure everyone can use the service

Are you international Web Content Accessibility Guidelines (WCAG) 2.1 level AA compliant?

Yes

NHS Service Standard Point 5

The Service Manual provides information on WCAG 2.1 level AA.

The Government Digital Service provides guidance on accessibility and accessibility statements, including a sample template.

D1.4.1

Provide a link to your published accessibility statement.

To follow

D1.5

Create a team that includes multi-disciplinary skills and perspectives

Does your team contain multidisciplinary skills?

Yes

NHS Service Standard Point 6

D1.6

Use agile ways of working

Do you use agile ways of working to deliver your product?

Yes

NHS Service Standard Point 7

D1.7

Iterate and improve frequently

Do you continuously develop your product?

Yes

NHS Service Standard Point 8

D1.8

Define what success looks like and be open about how your service is performing

Do you have a benefits case that includes your objectives and the benefits you will be measuring and have metrics that you are tracking?

Yes

NHS Service Standard Point 10

D1.9

Choose the right tools and technology

Does this product meet with NHS Cloud First Strategy?

Yes

NHS Service Standard Point 11

NHS Internet First Policy.

D1.9.1

Does this product meet the NHS Internet First Policy?

Yes

D1.10

Use and contribute to open standards, common components and patterns

Are common components and patterns in use?

Yes

As detailed in (Internal Document)

NHS Service Standard Point 13

D1.10.1

If yes, which common components and patterns have been used?

Free text

D1.11

Operate a reliable service

Do you provide a Service Level Agreement to all customers purchasing the product?

Yes

NHS Service Standard Point 14

D1.12

Do you report to customers on your performance with respect to support, system performance (response times) and availability (uptime) at a frequency required by your customers?

Yes

D1.12.1

Please attach a copy of the information provided to customers

Available on Request

D1.12.2

Please provide your average service availability for the past 12 months, as a percentage to two decimal places

Available on Request