HCI Governance and Compliance
HCI takes guidance from industry standards, external consultants, and in-house expertise to ensure that the HCI Video Library and CONNECTPlus adhere to the highest levels of governance and compliance.
This page provides an overview of HCI's governance and compliance to provide users and clients with a single place for all information governance based queries. However, if there is anything further that you require, please do reach out to our Compliance Lead.
Company Information
Company Name: Health and Care Innovations Limited (HCI)
Product Name: CONNECTPlus
Type of product: Software as a Service
Registered Address: 5 The Rocklands, Chudleigh, Newton Abbot, Devon, TQ13 0EA
Registered in England & Wales
Company No. 08955041
CQC Assessment: Not applicable
Corporate Governance
HCI utilises a 3 tier corporate governance structure to ensure the appropriate balance of power and effective decision making within the organisation.
The Board holds ultimate responsibility for the organisation, with the Executive Committee below and finally the Management Committee.
Each Committee and Board adhere to their own Terms of Reference with all meetings minuted.
A Register of Shareholders and a Register of Directors is maintained.
The Compliance Lead is responsible the management and organisation of the Board and Committees.
Risk Management
HCI operates a company-wide risk management matrix which is reviewed frequently and overseen by the DPO.
A business continuity test also takes place annually with the appropriate documents recording the process.
All policies, risk assessments and mitigation, access controls and more have been signed off by our DPO.
Data Protection
Data Protection Officer: David Birkinshaw
Kaleidoscope Consultants Limited
Email: dpo.hci-digital@kdpc.uk
www.kaleidoscopeconsultants.com
Data Security Protection Toolkit: Passed 2023/24 Standards Exceeded DSPT Certificate
CONNECTPlus Data Protection Impact Assessment: Available upon request
2025 ICO Registration Certificate
All CONNECTPlus data is stored and processed in the UK only.
Incident logs are also kept and these are reviewed with the DPO.
Cyber Security
HCI currently holds the following certifications:
May 2024 - Cyber Essentials Certificate
June 2024 - Cyber Essentials Plus
June 2024 - IASME Cyber Assurance Level 1
Additional testing:
CONNECTPlus undergoes annual penetration testing via our third party IT Consultants.
- April 2024 was the most recent test.
- The test reported only 2 Low Level issues and no Critical, High or Medium Level issues.
- The testers stated "The application implemented robust access control checks, preventing other users from being able to retrieve or access the health and medical data of other users – which is one of the key security concerns.”
Vulnerability scanning, phishing tests and further education are all implemented within the organisation to ensure there is adequate protection in place.
Clinical Safety
Clinical Safety Officer: Charlotte Caws
Kaleidoscope Consultants Limited
Email: csoservice@kdpc.uk
www.kaleidoscopeconsultants.com
Clinical Director: Dr Matthew Halkes MB BCh MRCP FRCA
Clinical Safety documents can be requested if required.
Our clinical risk management activities comply with DCB 0129.
Incident logs are also kept and these are reviewed with the CSO.
If you have any clinical safety concerns or queries, please reach out to the Compliance Lead.
CONNECTPlus Digital Technology Assessment Criteria (DTAC)
The Digital Technology Assessment Criteria (DTAC) standard gives staff, patients and citizens confidence that the digital health technologies that they use meet the NHS minimum baseline standards.
The documents and additional information below provide details of how CONNECTPlus adheres to the DTAC requirements.
A full DTAC submission can be provided upon request by contacting our Compliance Lead.
G-Cloud
HCI is a registered supplier on G-Cloud 13 (Lot 2: Cloud software) for both CONNECTPlus and our HCI Health and Care Video Library. You can find our services by searching on https://www.applytosupply.digitalmarketplace.service.gov.uk/ for:
- Patient education multiple conditions
- Multiple treatment pathways single platform
- NHS multiple long term conditions single platform
- NHS care at home multiple conditions
Legal Documentation
September 2021 - HCI Framework Services Agreement
July 2021 - HCI Software Licence Agreement
November 2021 - CONNECTPlus EULA
May 2022 - CONNECTPlus Clinician Dashboard EULA
Interoperability Criteria
CONNECTPlus has a live integration with the PDS FHIR API. The app uses NHS Number and date of birth to validate a users identity.
CONNECTPlus has the capability to read/write with electronic health records using industry standards for secure interoperability.
Usability and Accessibility
Patients and clinicians have been involved throughout in ensuring that the functionality is easy to use. We have adopted an iterative approach, using feedback to develop multiple versions.
The methods we use during validation are:
- Think alouds
- Alpha testing
- BETA testing
In addition, we have invested in specialist user experience consultancy advice to improve the interface. Our activities have included:
- Think Aloud sessions with Torbay and South Devon NHS Foundation Trust Patient groups in user testing and feedback
- UX Design - External consultancy advices on UX redesign of the app and functionalities
- CONNECTPlus Alpha Testing - 20 patients and clinicians took part in alpha testing of all app functionalities.
- CONNECTPlus Beta Testing - 300 open group of patients and users taking part in beta testing of all app functionalities. This has been followed up by a Mobile App Rating Scale questionnaire.
Knowledge Transfer Partnership
HCI and the University of Exeter are undertaking a Knowledge Transfer Partnership project which will focus on developing and embedding knowledge regarding long term health conditions management using CONNECTPlus.
The project aims to provide a method for identifying, selecting, and implementing behaviour change techniques for digital delivery, to better aid self-management of long term conditions using best available evidence, qualitative research, and stakeholder involvement.
CONNECTPlus Accessibility Statement
Contact
If you have any queries, please contact our Compliance Lead
Last updated: June 2024