MediViewer is a clinical electronic document management solution built specifically for healthcare providers and designed around the needs of healthcare professionals. This end-to-end solution optimises every aspect of the digitisation of paper clinical content by providing fast, intuitive and secure access to electronic patient records from any device.


  • Fully mobile, touchscreen enabled ready to use on any device
  • User configurable rules to recognise un-barcoded documents utilising OCR
  • Documentation within an episodic context, featuring complete attendance history
  • Representation of document taxonomies to enable intelligent selection
  • Scanning and intelligent metadata indexing process (archive and day forward)
  • Intelligent metadata tagging provides a cost-efficient alternative to manual identification
  • A browser-based interface making it accessible from anywhere at anytime
  • Supports multiple file types including text, audio, video and image
  • Includes role-based access control and supports content lifecycle management
  • Automated document classification in realtime through unique Smartindexing technology


  • MediViewer's unique architecture and implementation approach enables rapid deployment
  • Intuitive user interface ensure a high rate of user adoption
  • Simple, fast access to all archived medical records
  • Support for efficient and effective integrated care
  • Designed to integrate ensuring seamless interoperability with other systems
  • Access from any device over low bandwith promote remote connectivity
  • Built-in OCR allows re-classification of already scanned documents effciently
  • Consistent user interface across mobile, laptop and desktop simplifies training
  • Full auditability and end-to-end control supports BS10008 compliance
  • Accepts scanned and electronic documents to complete the paperless experience


£175,000 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@mizaic.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

1 9 2 2 7 8 7 5 5 6 2 4 1 4 3


Telephone: 0203 053 8599
Email: sales@mizaic.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
MediViewer EDM (Electronic Document Management) can be implemented as a standalone solution or alternatively as a module of an EPR (Electronic Patient Record) or PAS (Patient Administration System). MediViewer EDM is integrated to the EPR/PAS via an HL7 data feed and user interface integration with single sign on.
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
MediViewer can be deployed to any NHS approved cloud platform (public or private).

IMMJ Systems MediViewer Cloud is provisioned with a fully managed service, regardless of the chosen environment.

IMMJ partners with UKCloud (Private) and Microsoft Azure (Public), who provide the hosting service for IMMJ's MediViewer Cloud offerings.
System requirements
  • Supported browsers: Safari 9+
  • Supported browsers: FireFox
  • Supported browsers: Chrome
  • Supported browsers: Microsoft Edge

User support

Email or online ticketing support
Email or online ticketing
Support response times
Priority 1 Immediate
Within 10 mins during Help Desk Hours and 20 minutes outside Help Desk business hours

Priority 2 Urgent
Within 1 business hour

Priority 3 Important
Within 2 business hours

Priority 4 Medium
Within 24 hours

Priority 5 Requests for enhancement
Within 5 business days
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Support Levels are outlined within our standard SLA and service definition agreement. Levels of target response times have already been provided for in hours support, 08:00am - 17:00pm Mon - Fri, excl UK Bank Holidays.

Email and telephone support are provided as standard.

Support services provided are standard business hours, we can also provide extended support and also 24/7/365 which is price upon application.

Onsite support is an additional service and charged depending on the issue.

Fully managed service is provided and costs for this and standard in hours support are provided within the subscription charges.
Support available to third parties

Onboarding and offboarding

Getting started
The intuitive design of the MediViewer™ application negates the need for extensive end user training. However, it is recognised that training will be required relating to changes to existing hospital processes. If training can be arranged by staff groups then we recommend one hour per session to cover specific MediViewer functionality and process changes.
We recommend the following methods of training carried out on-site:

• Classroom based sessions
• Ward/Department based training (where staff cannot be released)
• 1:1 training for Consultants

The ongoing training requirement once fully live should be handed over to BAU training team. IMMJ Systems can provide a training resource to deliver ‘Train the Trainer’ training to enable the hospital resource(s) to provide training to all appropriate hospital staff. Depending on the chosen IMMJ consultancy model, the IMMJ implementation team can either train Consultants within the early adopter specialty or all Consultants if All Specialties model is chosen.

Additionally IMMJ can provide:
• A training environment;
• Comprehensive On-line Help;
• Role specific process guides;
• Best Practices Guides - one-page quick glance documents that take users through specific functions, such as "changing user password", or "printing a form", etc.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
IMMJ Systems do not charge for data repatriation and there is no cost for data transit over the internet or download from HSCN/N3 if the application is being provided as part of a hosted solution. At the point of service termination, the Client is required to have the capability, resources and skills to extract and securely remove their own data set. Data can be extracted either from within the Virtual Machine, for example copying data over virtual networks or the entire VM can be exported as a VMDK or OVF.
As part of this operation the Trust would work with IMMJ Systems to spec up the required encrypted data store, which we would be more than happy to support.
Once IMMJ Systems has been formally notified that a service has been terminated, any residual customer data or configurations which remain will be securely and permanently erased. Any data or materials which cannot be deleted or exported will be returned to the customer.
End-of-contract process
We will return all your data and materials which cannot be deleted or exported by you, and securely destroy all copies of your data on your written instruction. We will not penalise you for terminating your contract with us unless specifically stated in the Service Definition or contract. We will also return all of your confidential information, unless there is a legal requirement that we keep it.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Both services are identical. This was a major consideration during the design phase to ensure that MediViewer had a single user interface with full functionality whether accessed via a tablet, laptop or desktop. This greatly simplifies the user training as there is only a single user interface to be trained on.
Service interface
User support accessibility
None or don’t know
What users can and can't do using the API
IMMJ Systems have experience of establishing a live feed from the Hospital EPR that can include the following information:
• Patient demographics
• Patient Alerts
• Patient merges (will also trigger movement of scanned documents)
• Inpatient stays and movements
• A & E attendances
• Outpatient appointments
• Reference types, such as specialties, wards and clinics

In order for MediViewer to be updated it can receive and process HL7 messages (or similar) from the Hospital interface engine and interface with API endpoints within MediViewer to update the internal MediViewer reference tables. We have experience of working with HL7 v 2.3, 2.4 and 2.5; the translation layer in our HL7 interface is scriptable allowing ready customisation to site specific requirements. MediViewer will process the following ADT messages from the EPR; A01, A02, A03, A04, A05, A08, A11, A12, A13, A28, A31, A38, A40.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
MediViewer is highly configurable and provides many functions to the System Administrator that gives overall control of the application to the user.

Any user with the correct role can carry out configurations.

The User Interface is configurable to allow the user to decide on their default view of the patient records.

At project start the EDMS Transformation and Implementation Specialist will work with the Trust to define the security model and create the initial model within MediViewer based on agreed profiles.

Smart indexing identification rules for specific types of document that will form the core of any taxonomy come standard. The joint project team will carry out investigative work in the early stages of the project to setup the additional Hospital specific business rules for recognition with the smart indexing function.

HL7 and ADT feds are also customisation and the schema-less design of MediViewer allows any number of fields to be rendered within the interface.

IMMJ will take responsibility for customising MediViewer working with the joint project team. Thereafter Systems Administrator will be trained to ensure that skills are retained in-house without requiring any specific development skills.

MediViewer software code cannot be customized itself.


Independence of resources
In order to guarantee that users are not affected by the demands from other users, we map dedicated CPU resources to a customers account. On the core platform, we use resource reservations and shares such as internet bandwidth shaping. In addition, the capacity planning team ensure that usage in terms of all resources are constantly monitored as part of the managed service and increased accordingly relating to user demand.


Service usage metrics
Metrics types
An Admin user is able to review the following metrics from within MediViewer.

User Groups
Metadata classification
User Activity
Imported documents
Record Growth
Image Count
Volume of records
Transactions per record
Transaction per patient
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Other
Other data at rest protection approach
We protect customers data at rest, utilizing standard encryption mechanisms and this cannot be decrypted without access to the key, which is managed and controlled by IMMJ Systems.

In this way, our customers are assured that their data can never be accessed by a third party.
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Export patient information: an authorised user can select part or all of a patient’s record for the creation of an encrypted PDF. Typically, this will be in response to a request for patient documents for tertiary care or in response to a Subject Access Request.
Audit Log: MediViewer provides the ability to either display or export to CSV the results of an interactive query which can report against user, date and transaction type.
Data export formats
  • CSV
  • Other
Other data export formats
Encrypted PDF/A
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • PDF/A
  • TIFF
  • JPEG
  • Microsoft Word
  • Most unstructured file formats from clinical systems

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Other
Other protection between networks
We offer the choice of connecting:
• Via the internet using additional encryption such as TLS 1.2
• IPSec VPN tunnels
• Via private networks such as leased lines or MPLS
• Via public sector networks such as HSCN
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
We use dedicated VPN circuits between each of our sites to ensure the protection of customer data in-flight. We additionally encrypt this data within our platform. All data flows are also subject to our protective monitoring service.

Availability and resilience

Guaranteed availability

Service credits and levels are customer specific and agreed in the relevant services levels and service credits definition agreements.
Approach to resilience
Our service is deployed across a number of sites, regions and zones.

Each zone is designed to eliminate single points of failure (such as power, network and hardware).

Further information is available upon request.
Outage reporting
All outages are reported in accordance with our incident reporting procedure.

Further and full information is available upon request.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
The level of access that a user has, and the activities they can perform within MediViewer are governed by the following access control mechanisms:

1. Access control to function by authorised user role;
2. Access control to specific document sets.

Access rights are restricted according to the role of a user. Although the creation of AD (Active Directory) roles are performed by AD administrators, MediViewer implements an ABAC (Attribute based access control) system that assigns authorization tickets (to access specific functionality) to users based on their attributes (such as AD group membership).
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
8th May 2012
What the ISO/IEC 27001 doesn’t cover

All above certifications covered by our hosting partners.

Additionally, IMMJ Systems holds ISO27001 and ISO9001 certifications independently.
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
28th October 2016
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover

All above certifications covered by our hosting partners.
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • ISO27018
  • Cyber Essentials
  • Cyber Essentials Plus
  • PSN
  • ISO20000
  • ISO27017
  • (Cloud Infrastructure Service Providers in Europe) Code of Conduct Certification
  • All above certifications covered by our Cloud partners

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards
IMMJ Systems is certified to IS027001 and also hold IS09001 certifications.

Both private and public cloud providers used by IMMJ (UKCloud and Azure) are certified to, CSA STAR, ISO27001, ISO27017, ISO27018 and ISO20000
Information security policies and processes
IMMJ and our hosting partners have a number of inter-connected governance frameworks in place which control both how the Company operates and the manner in which it delivers cloud services to its customers. These have been independently assessed and certified against ISO20000, ISO27001, ISO27017 and ISO27018.

IMMJ Systems adheres to an integrated suite of information security policies. Under the top level Information Security Policy itself are second-level documents with specific focus on Acceptable Use, Antivirus Protection, Asset Management, Business Continuity Management, Data Protection, Password Management, Personnel Management, Supply Chain Management and many others.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
IMMJ Systems has a well defined change management process and policy that is available upon request.

Our hosting partners have well documented configuration and change management policies and processes, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 standard. Formal configuration management activities, including record management and asset reporting, are monitored and validated constantly, and any identified discrepancies promptly escalated for investigation. A robust, established process for the formal submission of change requests is mandated prior to review and approval of the daily Change Advisory Board.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
IMMJ Systems has documented policies and procedures relating to vulnerability management available upon request.

Hosting partners have well documented vulnerability management policy and processes, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. Where possible, real-time updates and status reports are identified and sourced from credible vendor sources, which cover a significant proportion of their asset population. For other systems/software, assigned personnel have responsibility for regularly reviewing technical forums and specialist groups to promptly identify and evaluate any emerging patches or updates which require our attention.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Following best practice from the National Cyber Security Centre, our hosting partners protect both their Assured and Elevated platforms with 24x7 enhanced protective monitoring services, vulnerability scanning and assessment.  Our approach to protective monitoring at minimum meets the Protective Monitoring Controls (PMC 1-12) outlined in NCSC document GPG13 (Protective Monitoring for HMG ICT Systems).  It includes checks against systems events (SIEM) and network traffic analysis, including time sources, cross-boundary traffic, suspicious activities at a boundary, network connections and status of backups.  Any alerts generated are logged and investigated 24x7.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our hosting partners have well documented incident management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. This activity is responsible for the progression of alerts generated by automated monitoring systems, issues identified by theirpersonnel, and incidents identified and reported to them by their customers and partners. All incidents are promptly reported into a central ticketing system, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Connected networks
Health and Social Care Network (HSCN)

Social Value

Fighting climate change

Fighting climate change

IMMJ Systems are wholly committed to fighting climate change and the very nature of the projects that we deliver support the positive change to the climate.
Covid-19 recovery

Covid-19 recovery

IMMJ Systems software and services have and continue to support the response to Covid-19 and the provision of ensuring remote and virtual patient consultations can be completed. IMMJ Systems were front and center in the process of supporting the NHS during the early pases of the pandemic.
Tackling economic inequality

Tackling economic inequality

IMMJ Systems are wholly committed to tackling economic inequality in any way that is possible for our business.
Equal opportunity

Equal opportunity

IMMJ Systems are wholly committed to equal opportunities.


IMMJ Systems are wholly committed to wellbeing.


£175,000 a licence a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@mizaic.com. Tell them what format you need. It will help if you say what assistive technology you use.