The Access Group

Access Rio Electronic Patient Record (EPR)

Rio supports the vision of every patient having one, fully integrated, Electronic Patient Record to enable the very best and most efficient healthcare. Rio operates across secondary care mental health, child health and community care settings and interoperates easily with other systems. Rio manages both administrative and clinical processes.

Features

• Prioritising patient safety
• BI, Analytics and AI
• Mobile Working
• Integration Capability
• Compliance with NHS Standards
• eLearning
• Statutory Returns
• Compliant with the Mental Health Act (UK)
• Peace of mind with security as standard
• No infrastructure investment

Benefits

• Enabling faster, safer decision-making at the point of care
• Qualitative data to inform and deep dive between cohorts
• Make informed decisions with up to date information
• Improve data quality and accuracy
• Access to view/update patient care records wherever they are
• Easily scalable through functionality and user licences
• No need to install software on multiple PCs
• Live data available quickly and easily
• Removes paper-based notes
• Reduces transcription errors

£211.61 a licence

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Natalie.GilesGrant@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

189670420595659

Contact

Natalie Giles-Grant
01206322575
Natalie.GilesGrant@theaccessgroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: All end user and citizen facing components of the solution are fully browser based and need nothing installed on the client device other than the browser itself.
• System requirements:
  • End-user facing elements of the solution are accessed via web-browser
  • Supported by, IE11, Microsoft Edge (Chromium), Safari, Chrome and Firefox
  • Rio is supported in Safari on iOS12, iOS13 and iOS14
  • Rio is supported in Chrome on Android Tablet devices

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Access has developed a range of support plans. Our online Knowledge base and Community service plans are available to all our clients. We have made significant investment in our client support tools. The Success portal provides around the clock access to log incidents, browse articles and videos to find solutions. Our Support teams are available M-F 9-5 ( or 8-6 on Standard/Premium) On these plans P1 cases are responded to in 1 hour. Please refer to Access for further details
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Basic Success Plan - provides you with an on-line support experience with on-line support case submission and self-service Knowledge Base access. No additional cost Standard Success Plan- offers an enhanced reactive service, including telephone and e-mail support, as well as priority response times and longer support hours. Larger customers will also get access to a primary named support analyst who will deal with the majority of your support questions. Charged at 15% of your subscription fee. Premier Success Plan- provides proactive services, including access to a customer success manager with quarterly and annual review. Charged at 25% of your annual subscription fee.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: During the initiation stage of the project Access will work with the customer's project team to define a Training Strategy that will plan for the delivery of a range of training courses to relevant Trust staff at the most appropriate time during the implementation project. The Training Strategy will determine the optimum approach for delivering training, including end user training, and supporting materials with the options being traditional classroom based training or interactive eLearning content. In addition, the strategy will also consider available training resources such as trainers and training facilities, the required training environment configuration, and any training pre-requisites.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Microsoft Word
• End-of-contract data extraction: All data held in the solution belongs to the customer. Data can be extracted via table views from the application into CSV, via Reports or via chargeable services to extract data which is otherwise unavailable to extract via the front end application.
• End-of-contract process: Data is provided to the customer in the agreed format as described in the response above. The data is deleted securely when the customer has agreed all data has been provided and drives holding the data are securely cleansed. Access can provide an Exit Management Plan to highlight the steps involved in decommissioning the Rio application. Support can be provided to extract data for you on a time and materials basis.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Rio has been signed to work on both desktop and mobile devices.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Rio provides and out of the box set of generic APIs that can be used to provide third party systems bi-directional access to Rio . Access is part of the TechUK Interoperability charter that ensures these existing APIs are free from development costs and can be used by all our customers.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Rio is a highly configurable and flexible product with many tools that allow customers to continually adapt the product to meet the changing needs of the organisation. The Access implementation approach aims to transfer knowledge to the customer to promote ownership of the system by exploiting Rio local customisation capability. Configuration screens give the customer the ability to locally configure many elements, including:; 1. Local data capture screens, e.g. to create new assessment tools; 2. Additional dashboards/views pertinent to specific roles; 3. Operational reports and database extracts; 4. Pick-lists and master files.; 5. User Templates; 6. Diary Templates; 7. Care Plan Libraries; 8. Menus, navigation and function access; 9. Notifications, Emails and SMS; 10. Help information/ access to local policies; Access will provide full training to the customers systems administration and informatics staff so that they can perform configuration tasks to enable the customer to rapidly incorporate changes to respond to changing business or clinical requirements.

Scaling

• Independence of resources: Proactive monitoring of performance, capacity and connectivity on the platform is provided using Opman / Appman by ManageEngine. Where a server or other component is deemed to be nearing the threshold requiring additional resource the issue is rectified. Customer environments are hosted on either segregated VLANs or dedicated VMs meaning data is held on entirely separate, dedicated servers for each Customer.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics are provided in the form of call lists which users can filter on calls outstanding either by call reference, created date range, call status, name of reporter (customer reporting the issue), assignee (Access member) and summary. Customers can log in to the online support portal to view this information as and when required at no additional cost. Access can also supply availability statistics to the Customer. Other metrics can be supplied as part of a Service Delivery package which can be provided as an additional service. For example, monthly reporting of SLA performance and KPIs.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: When configuring reports, users are able to control the output format of the report, allowing reports to be presented for display on screen, or formatted for export as CSV or XML which can be transferred and ingested by other systems if required.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • TXT
  • XML
  • XLS
  • DOC
  • PDF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We will use commercially reasonable efforts to make the SaaS available 24 hours a day, seven days a week, except for unavailability during emergency or routine maintenance.
• Approach to resilience: Each tenant is implemented in a PRIMARY >> WARM-STANDBY model i.e. with a primary service under normal operation & with a failover to another server on different host in a different data centre available for failover if access to some or all of the PRIMARY is lost for any reason. More detailed information is available on request.
• Outage reporting: Users can subscribe to email alerts giving updates on scheduled maintenance and outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: NHS Smart Card
• Access restrictions in management interfaces and support channels: We operate role profile based Access Control - based on least privilege access. This applies to all our services.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOQAR
• ISO/IEC 27001 accreditation date: 01/09/2014
• What the ISO/IEC 27001 doesn’t cover: Nothing is excluded from the Standard
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All controls included within Annex A of the ISO27001:2013 standard. Statement Of Applicability (SOA) available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All change management is undertaken in line with ISO27001:2013 using JIRA for audit purposes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Patched and audited by our patch management system. All non-critical OS patches are applied within one calendar month of release, first into pre-production and then into production, as part of the scheduled maintenance window. AV Updates - Signatures are updated hourly. / Rules are reviewed at minimum every 3 months. Logs are reviewed at minimum every 3 months. Access staff responsible for the maintenance of our hosting services subscribe to industry newsletters, belong to various security forums and we additionally receive notifications from our vendors.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Patched and audited by our patch management system. All non-critical OS patches are applied within one calendar month of release, first into pre-production and then into production, as part of the scheduled maintenance window. AV Updates - Signatures are updated hourly. / Rules are reviewed at minimum every 3 months. Logs are reviewed at minimum every 3 months. Access staff responsible for the maintenance of our hosting services subscribe to industry newsletters, belong to various security forums and we additionally receive notifications from our vendors.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We operate a robust incident management process in line with ISO27001:2013 Staff are encouraged to report all incidents using a pre-defined process using a form available on our Company Collaborate site Incident reports will be provided following forensics and closure

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  Reduction in paper being used for recording patient information.

Pricing

• Price: £211.61 a licence
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Natalie.GilesGrant@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.