MedLink
MedLink gathers data from patients remotely to support their primary care teams in the management of their chronic conditions, medication and health.
Features
- online patient questionnaires
- automated patient communication
- appointment booking
- automated clinical coding
Benefits
- release clinical capacity
- improve patient access
- automated enhanced service achievement
- improve QOF achievement
- automated back office functions
Pricing
£0.11 a licence a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 2 7 5 6 3 0 8 8 2 9 5 4 5 5
Contact
MEDLINK SOLUTIONS LTD
Lorenz Kemper
Telephone: 07930190356
Email: lorenz@medlinksolutions.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- Current clinical system integration for Vision and EMIS Web only Feb 2024
- System requirements
- Email address
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Within 48hrs
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- No
- Support levels
- Email and phone support available. Support via video conferencing also available.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
The system requires minimum set-up. A sinlge person in the organisation can set the service up for all.
A step-by-step setup guide is available. Further implementation documentation is available to distribute to staff.
This makes it easy to implement. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- We have a strict data retention policy for patient data, which does not exceed 30 days as of Feb 2024. No end-of-contract data extraction is required as all data shared with client (GP practice) immediately after patient submission.
- End-of-contract process
- At contract end GP practice removes MedLinks from patient communication tools and MedLink deactivates practice account. No additional cost incurred
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Patient questionnaires are suitable for any device hosting the browser. The practice interaction with the service is not designed for mobile use.
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- Patients complete a webform hosted in a browser. Practices interact with a web-app also hosted in a browser.
- Accessibility standards
- None or don’t know
- Description of accessibility
- Accessibility features are provided in the browser.
- Accessibility testing
- None
- API
- No
- Customisation available
- Yes
- Description of customisation
-
Text content in the questionnaire can be customised.
Additional questions can be added to the questionnaire.
Local services can be added to signpost patients to.
Images and videos can be added.
Scaling
- Independence of resources
- High demand tested during COVID.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Clinical capacity released, revenue generated, breakdown of conditions over various time frames, patient feedback.
- Reporting types
-
- Real-time dashboards
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Other
- Other data at rest protection approach
- Data center security compliance here https://cloud.google.com/security/compliance/offerings/#/countries=United_Kingdom®ions=EMEA
- Data sanitisation process
- No
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Patient-submitted data gathered by MedLink in online review. Immediately after submission, patient data shared with patient's GP practice by secure email or API. Patient data retained by MedLink for only 30 days
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- Secure Email
- EMIS Web API
- Vision API
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
MedLink is built on cloud infrastructure provided by our two subprocessors, Google Cloud
Platform and Amazon Web Services. Each one has its own SLA as part of our contractual
relationship:
● Google Cloud Platform (Cloud SQL) - 99.5% uptime
● Amazon Web Services (S3 Storage) - 99.9% uptime
MedLink aims to make its software available to practice staff and patients with at least 99%
uptime. In the event of this SLA not being met during a calendar month the following options
are available to client practices on request.
If availability drops to
- 95-99% we offer 1 month addition to contract period
- <95% we offer 2 months addition to contract period
- <95% for 2 consecutive
months we offer6 month addition to contract
period or Pro-rata refund of
subscription (dated to last
month of SLA compliance) - Approach to resilience
- This is covered by our two data subprocessors. Available on request, though openly accessible.
- Outage reporting
- Email alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Access is restricted at individual level, through permissions. The access permissions are audited regularly.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- Less than 1 month
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- In line with our Medlink System Security Policy available upon request. We are Cyber Essentials Plus certified.
- Information security policies and processes
-
In line with our System Security Policy available upon request. This outlines
- responsible persons
- review process
- strategy
- information classification
- access controls
- Password and multi-factor authentication policy
- Security software
- Security architecture
- backups & disaster recovery
- employees joining and leaving
- certifications
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
New clinical scenario identified as appropriate for possible MedLink review
Hazard identification specific to new clinical scenario
Initial draft of questions and information formulated into review structure by MedLink clinical team
Draft shared with pilot practice clinicians for feedback and suggestions
Modified review finalised for initial pilot phase
Hazard log updated with identified risks
Review piloted at test site(s)
Feedback from patients and staff during pilot phase
Pilot practice clinicians liaise with MedLink staff to finalise content
New review MedLinks provided to client practices
Ongoing users and clinicians feedback
Content periodically updated following feedback, and review at ACRC meeting - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
MedLink uses Qualys cloud monitoring to routinely monitor inventory and vulnerabilities of end user devices. Implementation of remediations is dependant on severity. Critical updates are made immediately. High priority within 48 hours. Lower priority within one week.
Medlink has internal tests for the software we produce as well as annual CREST accredited penetration testing. All recommendations are impletmented within 14 days to ensure our software has a CVSS risk rating of zero. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Potential compromises are discovered through having detailed automated log keeping of all intereactions with our web application. When a potential compromise is found it is invested by the CTO who will determine the course of action. If the compromise is high risk or critical then access to the software will be removed or restricted until a fix is in place. Lower risk compromises may be fixed in situ. Critical and high risk potential compromises will be investigated within 24 hours.
- Incident management type
- Supplier-defined controls
- Incident management approach
- MedLink has processed in place for common events. Users report incidents via email to a specified email account. Incident reports are generated on an as-needed basis and provided to our clients.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Health and Social Care Network (HSCN)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Wellbeing
Fighting climate change
The system allows remote consultations for practices. It will allow patients to complete clinical reviews without travel to the practice.
Additionally the system is set up to minimise paper correspondence, hence reduce carbon footprint for practices further.Covid-19 recovery
Reducing footprint in GP practices reduces risks of infection.
Allowing clinical reviews remotely helps isolate the vulnerable, whilst being able to continue longterm condition mangement.Wellbeing
The system is built to improve engagement, improve access and improve quality of longterm condition reviews in primary care. The feedback from patients is excellent.
Pricing
- Price
- £0.11 a licence a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
-
3 months free
no obligation
(not available with Vision integration)