Skip to main content

Help us improve the Digital Marketplace - send your feedback

MEDLINK SOLUTIONS LTD

MedLink

MedLink gathers data from patients remotely to support their primary care teams in the management of their chronic conditions, medication and health.

Features

  • online patient questionnaires
  • automated patient communication
  • appointment booking
  • automated clinical coding

Benefits

  • release clinical capacity
  • improve patient access
  • automated enhanced service achievement
  • improve QOF achievement
  • automated back office functions

Pricing

£0.11 a licence a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lorenz@medlinksolutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

1 2 7 5 6 3 0 8 8 2 9 5 4 5 5

Contact

MEDLINK SOLUTIONS LTD Lorenz Kemper
Telephone: 07930190356
Email: lorenz@medlinksolutions.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Current clinical system integration for Vision and EMIS Web only Feb 2024
System requirements
Email address

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 48hrs
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
Email and phone support available. Support via video conferencing also available.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The system requires minimum set-up. A sinlge person in the organisation can set the service up for all.
A step-by-step setup guide is available. Further implementation documentation is available to distribute to staff.
This makes it easy to implement.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
We have a strict data retention policy for patient data, which does not exceed 30 days as of Feb 2024. No end-of-contract data extraction is required as all data shared with client (GP practice) immediately after patient submission.
End-of-contract process
At contract end GP practice removes MedLinks from patient communication tools and MedLink deactivates practice account. No additional cost incurred

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Patient questionnaires are suitable for any device hosting the browser. The practice interaction with the service is not designed for mobile use.
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
Patients complete a webform hosted in a browser. Practices interact with a web-app also hosted in a browser.
Accessibility standards
None or don’t know
Description of accessibility
Accessibility features are provided in the browser.
Accessibility testing
None
API
No
Customisation available
Yes
Description of customisation
Text content in the questionnaire can be customised.
Additional questions can be added to the questionnaire.
Local services can be added to signpost patients to.
Images and videos can be added.

Scaling

Independence of resources
High demand tested during COVID.

Analytics

Service usage metrics
Yes
Metrics types
Clinical capacity released, revenue generated, breakdown of conditions over various time frames, patient feedback.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Other
Other data at rest protection approach
Data center security compliance here https://cloud.google.com/security/compliance/offerings/#/countries=United_Kingdom&regions=EMEA
Data sanitisation process
No
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Patient-submitted data gathered by MedLink in online review. Immediately after submission, patient data shared with patient's GP practice by secure email or API. Patient data retained by MedLink for only 30 days
Data export formats
  • CSV
  • Other
Other data export formats
  • Secure Email
  • EMIS Web API
  • Vision API
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
MedLink is built on cloud infrastructure provided by our two subprocessors, Google Cloud
Platform and Amazon Web Services. Each one has its own SLA as part of our contractual
relationship:
● Google Cloud Platform (Cloud SQL) - 99.5% uptime
● Amazon Web Services (S3 Storage) - 99.9% uptime
MedLink aims to make its software available to practice staff and patients with at least 99%
uptime. In the event of this SLA not being met during a calendar month the following options
are available to client practices on request.

If availability drops to
- 95-99% we offer 1 month addition to contract period
- <95% we offer 2 months addition to contract period
- <95% for 2 consecutive
months we offer6 month addition to contract
period or Pro-rata refund of
subscription (dated to last
month of SLA compliance)
Approach to resilience
This is covered by our two data subprocessors. Available on request, though openly accessible.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Access is restricted at individual level, through permissions. The access permissions are audited regularly.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Less than 1 month
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
In line with our Medlink System Security Policy available upon request. We are Cyber Essentials Plus certified.
Information security policies and processes
In line with our System Security Policy available upon request. This outlines
- responsible persons
- review process
- strategy
- information classification
- access controls
- Password and multi-factor authentication policy
- Security software
- Security architecture
- backups & disaster recovery
- employees joining and leaving
- certifications

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
New clinical scenario identified as appropriate for possible MedLink review
Hazard identification specific to new clinical scenario
Initial draft of questions and information formulated into review structure by MedLink clinical team
Draft shared with pilot practice clinicians for feedback and suggestions
Modified review finalised for initial pilot phase
Hazard log updated with identified risks
Review piloted at test site(s)
Feedback from patients and staff during pilot phase
Pilot practice clinicians liaise with MedLink staff to finalise content
New review MedLinks provided to client practices
Ongoing users and clinicians feedback
Content periodically updated following feedback, and review at ACRC meeting
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
MedLink uses Qualys cloud monitoring to routinely monitor inventory and vulnerabilities of end user devices. Implementation of remediations is dependant on severity. Critical updates are made immediately. High priority within 48 hours. Lower priority within one week.

Medlink has internal tests for the software we produce as well as annual CREST accredited penetration testing. All recommendations are impletmented within 14 days to ensure our software has a CVSS risk rating of zero.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises are discovered through having detailed automated log keeping of all intereactions with our web application. When a potential compromise is found it is invested by the CTO who will determine the course of action. If the compromise is high risk or critical then access to the software will be removed or restricted until a fix is in place. Lower risk compromises may be fixed in situ. Critical and high risk potential compromises will be investigated within 24 hours.
Incident management type
Supplier-defined controls
Incident management approach
MedLink has processed in place for common events. Users report incidents via email to a specified email account. Incident reports are generated on an as-needed basis and provided to our clients.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Yes
Connected networks
Health and Social Care Network (HSCN)

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Wellbeing

Fighting climate change

The system allows remote consultations for practices. It will allow patients to complete clinical reviews without travel to the practice.

Additionally the system is set up to minimise paper correspondence, hence reduce carbon footprint for practices further.

Covid-19 recovery

Reducing footprint in GP practices reduces risks of infection.
Allowing clinical reviews remotely helps isolate the vulnerable, whilst being able to continue longterm condition mangement.

Wellbeing

The system is built to improve engagement, improve access and improve quality of longterm condition reviews in primary care. The feedback from patients is excellent.

Pricing

Price
£0.11 a licence a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
3 months free
no obligation
(not available with Vision integration)

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lorenz@medlinksolutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.