Defence Medical Messaging Application

Description

Summary of the work The authority has a requirement for a scalable medical messaging tool to enable deployed or remotely located medical personnel to securely reach-back via text with supporting imagery on BYOD and authorised MOD mobile and desktop devices which can utilise both Military communication networks/Bearers and civilian equivalents. Expected Contract Length 2 Years Latest start date Monday 25 January 2021 Budget Range The authority has a £400,000 + VAT budget to deliver the Medical Messaging capability to a community that is initially projected to be 2000 users over a period of 2 years. The system must be scalable and the proposal should include relevant costs for any increase in the scale. Why the Work is Being Done Deployed military medics and clinicians at all levels experience difficulty obtaining SME clinical advice, as the existing mechanisms for clinical reach-back are often ineffective due to the limited options for text/data messaging over secure systems, limiting communications. Problem to Be Solved The authority has a requirement for a scalable medical messaging tool to enable deployed or remotely located medical personnel to securely reach-back via text with supporting imagery on BYOD and authorised MOD mobile and desktop devices which can utilise both Military communication networks/bearers and civilian equivalents. The solution will enable access to the skills and experience of MOD medical experts to provide speciality care advice when distance, time and operational requirements make access via usual methods impractical. The service has to be available to users no later than 1 April 2021. Who Are the Users Defence Medical personnel need access to an application that is suitable for instant medical messaging so clinicians and medical administrators are able to: -improve the quality of deployed health services support and Information Management. -avoid unnecessary medical evacuation (MEDEVAC) – minimise lost military output. -facilitate MEDEVAC that may otherwise be delayed – reduce medical risk. -referrers & specialists can be located anywhere in the world with a data connection to enable the efficient use of experts. Early Market Engagement Over the last 2 years, we have undertaken early market engagement during the Alpha and Beta phases of the project. This involved the trial of a commercially available messaging application to refine our user requirements and use cases. The trial is ongoing and will end on the 31 March 2021, which is the end of our Beta Phase Work Already Done Trial of a commercially available messaging application to refine our user requirements and use cases. The trial is ongoing and will end on the 31 March 2021, which is the end of our Beta Phase Existing Team Ministry of Defence - Defence Medical Service & Defence Digital consisting of Military, Medical and Civilian Staff. Current Phase Beta Skills & Experience • Confirm that the solution can search for user by name and group • Confirm that the solution can send/receive messages containing text, imagery and file attachments • Confirm that the solution can provide one-to-one messaging • Confirm that the solution can provide one-to-many messaging • Confirm that the solution can start an advice session to ask for and receive advice from a defined user group, close session and export advice. • Confirm that the solution provides an indicator to show whether a user is available/unavailable. • Confirm that the solution is accessible from Android, iOS, Windows 7 and 10 devices. • Confirm that the solution can work over 3G, 4G, LTE, 5G, Wi-Fi and Satcom networks. • Confirm that the solution will work anywhere in the world. • Confirm that the solution provides system storage that is sufficient to allow unconstrained use by users. • Confirm that the solution service will be available to users on 01 Apr 21. • Confirm that the solution provides functionality to enable an Authority administrator to authorise individuals to use the system. • Confirm that the solution provides funtionality to enable an Authority administrator to manage individual and group permissions, including removing them. • Confirm that the solution meets the security outcomes for OFFICIAL-SENSITIVE as defined by Joint Service Publication 440, or will do by FOC. • Confirm that the solution data storage and information governance processes meet GDPR, DPA18, Cyber Essentials and Caldicott guidelines. • Confirm that the solution can be adapted to remain compliant with changes to data protection legislation. • Confirm that Cyber security controls specified in DEF Stan 05-138 (Cyber Security for Defence Suppliers) have been or can be applied to the solution • Confirm that the supplier has been Accredited by Cyber, Defence & Risk (CyDR) or where not, will commit to meeting full accreditation by FOC. Nice to Haves • Confirm if the solution can enable the device camera to take a photo from within the messaging solution. • Confirm if the solution can provide a topic resolved/unresolved indicator within each message chain. • Confirm solution message notifications do not contain message contents • Confirm if the solution enables a user to write a message when device off-line then send the message when device on-line. • Confirm any experience of working with the Defence Digital Single Point of Contact to resolve service incidents • Confirm if there is a user guide covering all aspects of the solution. • Confirm if the solution enables the user to receive indication that messages have been delivered and read • Confirm if the solution provides definable templates that can be shared between users. • Confirm if the solution can work over 2G networks. • Confirm if the solution enables the export of advice sessions for achiving via PDF, email and/or FHIR • Confirm solution functionality enables minimum and maximum reauthentication times to be set by Authority administrator. • Confirm the solution provides a formal process for responding to administrator queries • Confirm the solution provides for service availability a minimum of 97% of time, 24/7/365 (service support can be available Mon - Fri/9 till 5). • Confirm the solution can prevent user access to system until they have set up a profile. Work Location Work can be carried out remotely but the supplier will need to attend meetings and workshops at DMS Whittington, Lichfield, MOD Corsham, Wilts and Birmingham RCDM Working Arrangments The Supplier will work with the existing Defence Medical Project Team, which is based primarily in Lichfield. Some on-site meetings and workshops will be required at DMS Whittington, Lichfield, MOD Corsham and Birmingham RCDM, but remote working will be the standard. Travel & Subsistence will not be paid for travel to Lichfield, Corsham or Birmingham. Security Clearance All staff with access to clinical information must have or be willing to go through the Basic Personal Security Standard (BPSS) checks. Additional T&Cs DEFCON 76 (12/06) Contractor's Personnel at Government Establishments DEFCON 522 (11/17) Payment and Recovery of Sums Due DEFCON 531 (11/14) Disclosure of Information DEFCON 532B (04/20) Protection of Personal Data DEFCON 609 (08/18) Contractors Records DEFCON 658 (10/17) Cyber DEFCON 659A (02/17) Security Measures DEFCON 660 (12/15) Official Sensitive Security Requirements DEFFORM 111 (05/19) Appendix - Addresses And Other Information - DEFFORM 532 (Edition 10/19) Personal Data Particulars DEFFORM 702 (Edition 08/07) Employees acknowledgement to Employer of Obligations Relating to Employer Confidentiality Other MoD T&C's may apply. MoD DEFCONS and DEFFORMS can be accessed at: https://www.gov.uk/guidance/knowledge-in-defence-kid No. of Suppliers to Evaluate 5 Proposal Criteria • Approach and methodology. • How the application meets user needs. • How well the application meets the System administrator needs. • How the application meets our organisation's policies and goals. • Estimated timeframes for the work. • How the supplier has identified risks and dependencies and offered approaches to manage them. Cultural Fit Criteria • Be able to work with a mixed team of Military, MOD Civil Service and contractor personnel • Display values and behaviours in line with MOD core values • Work as a team with our organisation and other suppliers • Be transparent and collaborative when making decisions • Have a no-blame work culture and encourage people to learn from their mistakes Payment Approach Fixed price Assessment Method • Case study • Presentation Evaluation Weighting Technical competence 75% Cultural fit 5% Price 20% Questions from Suppliers 1. Can you please clarify whether this opportunity is:A) an opportunity to provide a new messaging application, based on the requirements identified through trialling the commercial application you have referenced in the DOS notice, or:B) an opportunity to deliver the application of the commercial solution currently being trialled? The opportunity is to provide a messaging application based on the Essential and Nice-to-have requirements. 2. The current (very specific) criteria suggest this procurement has been set up to ensure current delivery of the existing commercial solution continues. Are MoD looking for suppliers who can demonstrate capability to provide a bespoke solution, or providers who can deliver full roll-out of the current solution being trialled? The criteria have been developed by wide user community that participated in a comprehensive series of trials. As a result of this work, the user community has been able to provide detailed guidance on the capabilities they require the winning solution to provide and the criteria represent this detailed guidance. We are seeking suppliers who can demonstrate the ability to provide and support a bespoke solution for the period of the contract. 3. We have a partner who can deliver the entire scope of the contract but is not on the DOS 4 framework. We wanted to establish the feasibility of passing through the contract in a sub-contracting agreement. Is this possible? IWe can only contract with a supplier who is on this framework. Please contact CCS, (the Framework Owners) with any queries relating to the use of sub contractors by suppliers who are on the DOS framework. 4. We have a partner who can deliver the entire scope of the contract but is not on the DOS 4 framework. We wanted to establish the feasibility of passing through the contract in a sub-contracting agreement. Is this possible? IWe can only contract with a supplier who is on this framework. Please contact CCS, (the Framework Owners) with any queries relating to the use of sub contractors by suppliers who are on the DOS framework. 5. Please can you confirm if your expectation for each response is that we should; outline whether each item can be included in the final scope. Then provide a supporting rationale and evidence our experience of where we have delivered something similar elsewhere? For each essential and nice-to-have criterion, we would ask suppliers to state whether their proposed solution meets the criterion and provide evidence to support their statement. Evidence is not limited to demonstrating past delivery and suppliers should provide the type of evidence they believe best makes the case for their solution. 6. Will the conditions of the DOS framework allow the Authority to procure the required software licensing as part of the overall service? Please raise any questions regarding DOS Framework Terms and Conditions with the Framework Owners - CCS. 7. Can the Authority give guidance on whether the solution is seen as standalone, or should ideally integrate with other existing medical systems, for example, DMICP/CORTISONE, or any MI capability. As per the nice-to-have criterion it would be useful but not essential for the solution to enable the export of advice sessions for archiving via PDF, email and/or FHIR. 8. The Authority's problem statement mentions the requirement to support BYOD mobile and desktop devices. Has the Authority enabled other BYOD users access to OFFICIAL SENSITIVE applications/solutions with an accredited approach. The project has previously accredited BYOD to access OFFICIAL SENSITIVE material. 9. Can you please provide an example of what you mean by "Administrator queries" Examples of queries are: inability of Authority administrator to carry out tasks such as re-activation of accounts, setting user permissions. 10. Would the Authority still expect fully solution functionality (photo/attachments especially) over the nice to have 2G connectivity, especially considering the physical bandwidth limitations. Graceful degradation of the system is expected, e.g. messages with large attachments can be sent over 3/4G but system will still allow messages without attachments to be sent over 2G. 11. Will the Authority support the accreditation of the solution or would the supplier be expected to engage an accreditor. Cyber Defence and Risk will provide the accreditor. The project will provide a SAC to assist with accreditation. 12. Can the Authority share any findings from the current trial of the commercially available messaging application and specifically outline which requirements this did not deliver already. We will not be releasing this information at this stage of the procurement procedure. 13. Does the Authority have any capability or interest to provide 2nd line application support for a low-code based solution. Our intention is to manage user-facing/1st line support internally, with all other levels of support provided by the supplier. 14. Will the Authority be able to provide MODCloud environments to host the messaging service. We will discuss MODCloud hosting with short-listed suppliers. 15. Will the Authority be able to provide a Product Owner and test resources to engage in an agile project to deliver an optimum solution for the specific requirement. We are able to provide a Product Owner and test resources to advise on implementation. 16. Will the Authority consider engaging in an agile development project to configure a low-code based solution suitable for the specific requirements of this service. Agile development proposals will be assessed in accordance with the stated criteria. 17. Do solutions require to be privately hosted within UK Strategic Command infrastructure and if so can your current preferred technologies/languages be shared with us. The supplier is free to offer either private or public cloud hosting options as they best think will meet the requirements set out. If the supplier is using public cloud hosting, only UK hosting will be accepted due to Cabinet Office Policy on Offshoring data at OFFICIAL level. 18. Please confirm that you will provide assistance in meeting accreditation by CyDR, if the service provider currently has no access to DART. We can confirm that a SAC with appropriate DART access will support the vendor’s accreditation activities. 19. 1 – Where is the app to be hosted.2 – Is the app to be hosted on existing IT infrastructure.3 – Is data sovereignty a consideration. The supplier is free to offer either private or public cloud hosting options as they best think will meet the requirements set out. If the supplier is using public cloud hosting, only UK hosting will be accepted due to Cabinet Office Policy on Offshoring data at OFFICIAL level. 20. Please clarify what is meant by 'the supplier has been Accredited by CyDR' as I don't think suppliers are 'accredited'. Do you mean which CSM profile the supplier can satisfy in DefStan 05-138, whether its own IT system has been accredited, or something else We require the proposed solution to have already been fully accredited by CyDR, or where the solution has not already been accredited that the supplier will commit to accrediting its solution by FOC. Our SAC will be able to assist with the accreditation process. 21. Please could you expand on "definable templates that can be shared between users". Is this support for form-based messages, i.e. structured messages. It would be useful, but not essential, for the solution to allow users to send messages of identifiable types with each message type containing a known set of fields but with some of the fields containing unstructured text or other information. An example (not mandated) would be a casualty evacuation message, made up of fields covering pick-up location, call signs, number of patients by priority and type, equipment needed, amongst others. The message would always contain these fields but clinicians are able to use free text within each field. The message would be transmitted via a protocol such as FHIR.