Zesty Ltd
Induction Zesty is playing a key role in the NHS, supporting elective recovery and effective care provision. Integrated into most leading EPR platforms, our portal allows patients to view and manage their appointments, access appointment/clinical letters, record consent preferences, and complete patient questionnaires - all leading to enhanced patient engagement.
Features
- Rules engine to govern patient communication and interaction
- Remote authentication and identity management
- Integrated Appointments (including request-based)
- Clinical Letters
- Patient-Completed Questionnaires (PCQs)
- Messaging
- NHS Log-in integration
- NHS App integration
Benefits
- Cost savings from digital only letters
- Cost savings from a reduction of administrative overheads
- DNA reduction
- Increased patient satisfaction and engagement
- Improved triage of patients before they attend appointments
- Reduced CO2 through reduction in travel and paper correspondence
- Reduced number of appointments through PIFU/ CIFU
- Increased staff satisfaction
- Supporting NHS Elective Recovery Plan
£65,000.00 to £135,000.00 a licence a year
Service documents
-
Pricing document
PDF
-
Service definition document
PDF
-
Terms and conditions
PDF
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at zesty.bids@inductionhealthcare.com. Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 13
Service ID
9 5 9 2 6 2 6 1 2 6 9 2 1 2 8
959262612692128
Contact
Zesty Ltd Bid Manager
Telephone: 03339398091
Email: zesty.bids@inductionhealthcare.com
Service scope
- Software add-on or extension
- Yes
- What software services is the service an extension to
- The Zesty Patient Portal can be an extension to any PAS/EPR capable of supporting standard interfaces e.g. Cerner Millennium, Silverlink, DXC Lorenzo, EMIS CAMIS, System C CareFlow.
- Cloud deployment model
- Hybrid cloud
- Service constraints
- No known constraints
- System requirements
-
- Internet Browsers - we support all modern Internet browsers.
- Licensed on an annual Software as a Service basis.
- Enterprise license is inclusive of all costs, except SMS.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Business Critical Failures - Acknowledgment of receipt of a Support Request within 2 business hours. System Defect with Workaround - Acknowledgment of receipt of a Support Request within 2 business hours. Minor Error - Acknowledgment of receipt of the Support Request within 4 business hours.
The Zesty Support hours are Monday – Friday 0900 – 1700 except bank holidays. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Standard support response times - 4 business hours. With each deployment Zesty provides 2 person days of training time as part of the set up fee.
Further training days are available upon request at a rate of £750 per day + VAT.
Each deployment has a remote account manager assigned to deal with any day to day issues. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Onsite training - one to one or group training provided account director or technical support team as required.
Online training - web based training provided by account director or technical support team as required.
User documentation - user guides are provided.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- We are able to support users in extracting their data by providing a CSV extract upon request.
- End-of-contract process
- Included in the overall price of the contract will be:
Return of customer owned data in standard Zesty format
Deletion of customer owned data - within the Data Protection Act prescribed timescales
Additional cost items would be any custom support or custom extract formats required at end of contract.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The patient facing aspects of our platform are fully optimised for use on mobile devices, and have been tested across a wide range of devices. The service features and functionality are identical on both desktop and mobile.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- No
- Customisation available
- Yes
- Description of customisation
- Website branding, SMS reminders, pre visit questionnaires, patient surveys and patient feedback can be customised. Appointment management functionality can be customised to different workflows per clinic.
Scaling
- Independence of resources
- Zesty is fully cloud hosted by Amazon Web Services and is designed to support large increases in scale and large numbers of concurrent users with minimum technical input required.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Number of user invitations
Number of user registrations
Total adoption %
Number of user logins
Number of visible appointments
Number of portal confirmed appointments
Number of portal appointments added to calendar
Number of appointments rescheduled
Number of appointment letters
Number of appointment letters downloaded
Total of Registered users with "Paper free" preference - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Other
- Other data at rest protection approach
- Database level encryption
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Patients can download their documents directly to their own device.
- Data export formats
-
- CSV
- Other
- Other data export formats
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- HL7 V2 messages
- HL7 FHIR R4
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Other
- Other protection between networks
- Whitelisted IP addresses and authenticated connections
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Zesty is hosted in the cloud by AWS with 99.99% guaranteed infrastructure availability.
SLAs are provided under specific contracts to meet the individual requirements of each customer.
- Approach to resilience
- Zesty is fully cloud hosted by Amazon Web Services and is designed to support large increases in scale and large numbers of concurrent users with minimum technical input required.
- Outage reporting
- Real time monitoring on both application and infrastructure levels.
Automated alerts to key staff 24/7.
Dashboard available for client monitoring.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Other
- Other user authentication
- Users receive a validation code via SMS to their nominated mobile phone / device.
- Access restrictions in management interfaces and support channels
- Management interfaces are hosted on HSCN and require HSCN access.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 6 months and 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 6 months and 12 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- NHS Data Security & Protection Toolkit
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- NHS England Data Security and Protection Toolkit (DSPT): 2021 assessment status was ‘Standards Exceeded’
- Information security policies and processes
- Zesty adheres to the NHS IG Toolkit measures and is able to demonstrate compliance with the National Data Guardian’s 10 data security standards by our annual completion of the NHS England Data Security and Protection Toolkit (DSPT).
We use the DSPT framework to provide guidelines for defining and maintaining information security policies & processes. Our policies and processes include regular auditing and classification of information assets, identification of confidential information flows, risk assessment and implementation of appropriate controls and clear roles, responsibilities and training for all staff.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All changes follow a controlled release program and are subject to Manual and Automated QA and Testing in multiple similar environments before it is agreed they can be released to the live environment.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Penetration testing is in line with ISO27001 guidance. Patches are released within 24 hours, with any delays communicated to users. The management of incidents is covered, including the recovery of the facilities, production environment and support systems back to standard working order.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We use a variety of internal and external systems to monitor uptime health and vulnerability of key system components on a live basis. Combined results are displayed within our internal communications tools. Live monitoring of our systems allows for rapid notification with immediate response in the event of system vulnerability. We use cloud-native tooling like AWS GuardDuty, Uptime Robot, Sentry, AppCenter and CloudWatch. If an incident occurs we follow our Internal Incident Management Policy and Process
- Incident management type
- Supplier-defined controls
- Incident management approach
- If an incident occurs we have an internal incident management procedure to follow. All security incidents should be reported to the IG Lead. Incidents will be recorded on our internal system for recording such incidents. All security breaches will be forwarded to the IG team, who will log the event on the organisation's risk register, investigate, document and feedback. All incidents will be monitored, to identify recurring or high impact incidents. This may indicate the need for enhanced or additional controls. Incidents will be reported as appropriate to all stakeholders, including regulatory bodies, as soon as possible after the event.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- NHS Network (N3)
- Health and Social Care Network (HSCN)
Social Value
- Covid-19 recovery
-
Covid-19 recovery
Patient Engagement Portals are playing an important role in the national NHS Elective Recovery plan, maximising available clinical time and ensuring that patients have:
- personalised information
- tools they need while waiting for care
- the ability to interact with, and manage, their elective care pathwaysThis leads to better utilisation of available appointments, and more effective delivery of care to patients across all healthcare settings in a post pandemic environment.
- Wellbeing
-
Wellbeing
The solution provides the ability for healthcare organisations and patients to better communicate between each other, providing the patient with more information about their outpatient appointments and condition, leading to reduced likelihood of the appointment being missed. This, in turn, is a factor in allowing better care provision and improved patient wellbeing.
Pricing
- Price
- £65,000.00 to £135,000.00 a licence a year
- Discount for educational organisations
- No
- Free trial available
- No
Service documents
-
Pricing document
PDF
-
Service definition document
PDF
-
Terms and conditions
PDF
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at zesty.bids@inductionhealthcare.com. Tell them what format you need. It will help if you say what assistive technology you use.
