HCI Governance and Compliance

HCI takes guidance from industry standards, external consultants, and in-house expertise to ensure that the HCI Video Library and CONNECTPlus adhere to the highest levels of governance and compliance.

This page provides an overview of HCI's governance and compliance to provide users and clients with a single place for all information governance based queries. However, if there is anything further that you require, please do reach out to our Compliance Lead.

Company Information

Company Name: Health and Care Innovations Limited (HCI)

Product Name: CONNECTPlus

Type of product: Software as a Service

Registered Address: 5 The Rocklands, Chudleigh, Newton Abbot, Devon, TQ13 0EA

Registered in England & Wales

Company No. 08955041

CQC Assessment: Not applicable

Corporate Governance

HCI utilises a 3 tier corporate governance structure to ensure the appropriate balance of power and effective decision making within the organisation.

The Board holds ultimate responsibility for the organisation, with the Executive Committee below and finally the Management Committee.

Each Committee and Board adhere to their own Terms of Reference with all meetings minuted.

A Register of Shareholders and a Register of Directors is maintained.

The Compliance Lead is responsible the management and organisation of the Board and Committees.

Risk Management

HCI operates a company-wide risk management matrix which is reviewed frequently and overseen by the DPO.

A business continuity test also takes place annually with the appropriate documents recording the process.

All policies, risk assessments and mitigation, access controls and more have been signed off by our DPO.

Data Protection

Data Protection Officer: David Birkinshaw
Kaleidoscope Consultants Limited

Email: dpo.hci-digital@kdpc.uk
www.kaleidoscopeconsultants.com

Data Security Protection Toolkit: Passed 2023/24 Standards Exceeded DSPT Certificate

CONNECTPlus Data Protection Impact Assessment: Available upon request

2024 ICO Registration Certificate

All CONNECTPlus data is stored and processed in the UK only.

Incident logs are also kept and these are reviewed with the DPO.

Cyber Security


HCI currently holds the following certifications:

May 2024 - Cyber Essentials Certificate

June 2024 - Cyber Essentials Plus

June 2023 - IASME Cyber Assurance Level 1

Additional testing:

CONNECTPlus undergoes annual penetration testing via our third party IT Consultants.

  • April 2024 was the most recent test.
  • The test reported only 2 Low Level issues and no Critical, High or Medium Level issues.
  • The testers stated "The application implemented robust access control checks, preventing other users from being able to retrieve or access the health and medical data of other users – which is one of the key security concerns.”

Vulnerability scanning, phishing tests and further education are all implemented within the organisation to ensure there is adequate protection in place.

Clinical Safety

Clinical Safety Officer: Charlotte Caws
Kaleidoscope Consultants Limited

Email: csoservice@kdpc.uk
www.kaleidoscopeconsultants.com

Clinical Director: Dr Matthew Halkes MB BCh MRCP FRCA

These reports for version 2.3.0 of CONNECTPlus include minor software fixes up to and including version 2.3.3:

April 2024 - Clinical Risk Management Plan

April 2024 - HCI Clinical Risk Management System

September 2022 - Clinical Safety Case Report - v.2.3

September 2022 - CONNECTPlus Hazard Log v2.3

Our clinical risk management activities comply with DCB 0129.

Incident logs are also kept and these are reviewed with the CSO.

If you have any clinical safety concerns or queries, please reach out to the Compliance Lead.

CONNECTPlus Digital Technology Assessment Criteria (DTAC)

The Digital Technology Assessment Criteria (DTAC) standard gives staff, patients and citizens confidence that the digital health technologies that they use meet the NHS minimum baseline standards.

The documents and additional information below provide details of how CONNECTPlus adheres to the DTAC requirements.

A full DTAC submission can be provided upon request by contacting our Compliance Lead.

G-Cloud 

HCI is a registered supplier on G-Cloud 13 (Lot 2: Cloud software) for both CONNECTPlus and our HCI Health and Care Video Library.  You can find our services by searching on https://www.applytosupply.digitalmarketplace.service.gov.uk/ for:

  • Patient education multiple conditions
  • Multiple treatment pathways single platform
  • NHS multiple long term conditions single platform
  • NHS care at home multiple conditions

Legal Documentation

September 2021 - HCI Framework Services Agreement

July 2021 - HCI Software Licence Agreement

October 2023 - Privacy Notice

November 2021 - CONNECTPlus EULA

May 2022 - CONNECTPlus Clinician Dashboard EULA

Interoperability Criteria

CONNECTPlus has a live integration with the PDS FHIR API. The app uses NHS Number and date of birth to validate a users identity.

CONNECTPlus has the capability to read/write with electronic health records using industry standards for secure interoperability.

Usability and Accessibility

Patients and clinicians have been involved throughout in ensuring that the functionality is easy to use. We have adopted an iterative approach, using feedback to develop multiple versions.

The methods we use during validation are:

  • Think alouds
  • Alpha testing
  • BETA testing

In addition, we have invested in specialist user experience consultancy advice to improve the interface. Our activities have included:

  • Think Aloud sessions with Torbay and South Devon NHS Foundation Trust Patient groups in user testing and feedback
  • UX Design - External consultancy advices on UX redesign of the app and functionalities
  • CONNECTPlus Alpha Testing - 20 patients and clinicians took part in alpha testing of all app functionalities.
  • CONNECTPlus Beta Testing - 300 open group of patients and users taking part in beta testing of all app functionalities. This has been followed up by a Mobile App Rating Scale questionnaire.

Knowledge Transfer Partnership

HCI and the University of Exeter are undertaking a Knowledge Transfer Partnership project which will focus on developing and embedding knowledge regarding long term health conditions management using CONNECTPlus.

The project aims to provide a method for identifying, selecting, and implementing behaviour change techniques for digital delivery, to better aid self-management of long term conditions using best available evidence, qualitative research, and stakeholder involvement.

CONNECTPlus Accessibility Statement

CONNECTPlus User Journey Map

Contact

If you have any queries, please contact our Compliance Lead

Last updated: June 2024