The BETTER-CARE (Breast Cancer aAFTER CARE follow up and program) project aims to improve the quality of care for patients with breast cancer after the end of primary treatment as part of tumor aftercare. In order to achieve this, digital applications are primarily to be used. The hypothesis for the use of digital applications is that through their use, the follow-up care of patients after primary breast cancer can be adapted to needs and risks, largely through cross-sectoral and cross-disciplinary networking of all those involved in care. Mobile applications are used in the context of follow-up care as well as an electronic patient record with an associated eHealth solution (external interfaces, dashboard, etc.), hereinafter referred to as the eHealth platform. For the eHealth platform of the BETTER-CARE project, we need a service provider and ask for an offer.
required services eHealth platform (see Annex IIa)
Area 1: Adapting the system to standardized interfaces of the oncocert system
Part 1: The project requires the currently existing OncoBox interface, which provides the data from the tumor documentation manufacturer via the oncoBox (...)
Area 2: Functional requirements for the eHealth platform
After the preparatory phase, the platform should have stored the data of all 520 patients in the 15 centers. An electronic patient record should be available for each patient. During the course of the project, this file should be able to be further maintained by the breast cancer centers involved, i.e. data should be able to be changed, more added or data can also be deleted (with logging). It is also expected that the data can be viewed by experts and processed using dashboard technologies. A role concept for controlling access control is also required. The applications should only work in the browser and access must be possible worldwide. The platform must also provide a convenient way to export data for statistical purposes. In summary, the platform should offer the following features, which represent part 2 of the offer:
Managing the electronic patient record of 520 patients
Monitoring and managing vital data
evaluation of vital data and alert control (thresholds with message receipt in the eHealth platform for doctors and medical specialists (MFA))
In addition to the patient record: collection and evaluation of questionnaires during the project period (i.e. after the preparation phase); patients must be able to complete them browser-based (e-mail reminders are expected). The system must offer an opportunity to independently create, modify and send questionnaires (patients must be able to select). A browser-based interface is expected for the questionnaire aspect. The filling should also be responsive, i.e. the browser should adapt to mobile devices, for example. The survey should also be possible anonymously.
Standardized diagnostic documentation according to ICD-10 codes (available here: ICD-10-GM-2021 code search (icd-code.de))
Patients/insured persons enrolment/tender (new entries and deletion must be possible at any time. for patient/insured person or administration of the study)
Dashboards for doctors and MFAs (with role concept and an admin interface to care for the doctors and MFAs involved). The dashboard is intended to offer the following features:
(1) Visualization of aggregated data of all patients
(2) Visualization of individual cases of patients with historical data
(3) Scores
(4) recent changes
(5) vital data and thresholds
(6) users of the system
Export function of stored data: The data from the eHealth platform should be able to be exported to CSV or Excel files; convenient configuration options (without computer science knowledge) should be offered for the export: These should essentially include 3 functions: naming the variables for export, selection of the exporting patients, selection of variables to export.
The application should run completely in the browser (all functions mentioned above should be accessible via the browser).
Area 3: Further requirements for the eHealth platform
As the project is being carried out as part of the innovation fund funding, further requirements arising from the German health system have to be met.
Quote part 3: The system must meet the following requirements and they must be explicitly included in the offer:
ISO/IEC 27001 is fulfilled or equivalence has been proven by you (e.g. synopsis)
DIN EN ISO 9001 is met
Certification as a medical device class IIa (ISO 13485), from 2022 class IIa according to MDR is met
Compliance with GDPR (data protection concept must exist, technical organizational measures must be described) is ensured or proven at least equivalent (e.g. GDPR); see the Annex IVa, which is set as a benchmark for data protection
Hardened system with sophisticated data protection mechanisms is expected, regular pen tests are expected; the system should only be accessible for maintenance through a VPN tunnel. Browser connections should be SSL encrypted, data such as passwords should be stored encrypted in the database. Measures such as a firewall, an intrusion detection system, hardened software packages, regular updates of infrastructure software and a DMZ for the server to the outside world are required. The concept for this must be made available on request, and over the entire period of the project we also expect the aforementioned measures to be implemented and included.
The platform must be gematik-compatible Gematik is specified by the project promoter and cannot be replaced alternatively.
Regular backup of data (concept for resiliency must be available)
Physical storage of data in Germany would be preferred; European solutions are possible, but must then meet all of the above requirements
The platform should be hosted entirely by the provider; no on-premise solution or local installations
Area 4: Project Management/Support
Offer part 4: Since extensive coordination is necessary (...) the offer must include project support in the form of project management, which covers the period of 42 months after the start of the project. The offer should also include providing technical support for the platform (with a maximum response time of 48 hours). Technical support means that operating questions about the system are answered promptly.