MIZAIC LTD

MediViewer

MediViewer is a clinical electronic document management solution built specifically for healthcare providers and designed around the needs of healthcare professionals. This end-to-end solution optimises every aspect of the digitisation of paper clinical content by providing fast, intuitive and secure access to electronic patient records from any device.

Features

• Fully mobile, touchscreen enabled ready to use on any device
• User configurable rules to recognise un-barcoded documents utilising OCR
• Documentation within an episodic context, featuring complete attendance history
• Representation of document taxonomies to enable intelligent selection
• Scanning and intelligent metadata indexing process (archive and day forward)
• Intelligent metadata tagging provides a cost-efficient alternative to manual identification
• A browser-based interface making it accessible from anywhere at anytime
• Supports multiple file types including text, audio, video and image
• Includes role-based access control and supports content lifecycle management
• Automated document classification in realtime through unique Smartindexing technology

Benefits

• MediViewer's unique architecture and implementation approach enables rapid deployment
• Intuitive user interface ensure a high rate of user adoption
• Simple, fast access to all archived medical records
• Support for efficient and effective integrated care
• Designed to integrate ensuring seamless interoperability with other systems
• Access from any device over low bandwith promote remote connectivity
• Built-in OCR allows re-classification of already scanned documents effciently
• Consistent user interface across mobile, laptop and desktop simplifies training
• Full auditability and end-to-end control supports BS10008 compliance
• Accepts scanned and electronic documents to complete the paperless experience

£175,000 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@mizaic.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

192278755624143

Contact

Jamie Hall
0203 053 8599
sales@mizaic.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: MediViewer EDM (Electronic Document Management) can be implemented as a standalone solution or alternatively as a module of an EPR (Electronic Patient Record) or PAS (Patient Administration System). MediViewer EDM is integrated to the EPR/PAS via an HL7 data feed and user interface integration with single sign on.
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: MediViewer can be deployed to any NHS approved cloud platform (public or private). ; ; IMMJ Systems MediViewer Cloud is provisioned with a fully managed service, regardless of the chosen environment. ; ; IMMJ partners with UKCloud (Private) and Microsoft Azure (Public), who provide the hosting service for IMMJ's MediViewer Cloud offerings.
• System requirements:
  • Supported browsers: Safari 9+
  • Supported browsers: FireFox
  • Supported browsers: Chrome
  • Supported browsers: Microsoft Edge

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 Immediate ; Within 10 mins during Help Desk Hours and 20 minutes outside Help Desk business hours ; ; Priority 2 Urgent ; Within 1 business hour; ; Priority 3 Important; Within 2 business hours; ; Priority 4 Medium; Within 24 hours; ; Priority 5 Requests for enhancement ; Within 5 business days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support Levels are outlined within our standard SLA and service definition agreement. Levels of target response times have already been provided for in hours support, 08:00am - 17:00pm Mon - Fri, excl UK Bank Holidays.; ; Email and telephone support are provided as standard. ; ; Support services provided are standard business hours, we can also provide extended support and also 24/7/365 which is price upon application. ; ; Onsite support is an additional service and charged depending on the issue.; ; Fully managed service is provided and costs for this and standard in hours support are provided within the subscription charges.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The intuitive design of the MediViewer™ application negates the need for extensive end user training. However, it is recognised that training will be required relating to changes to existing hospital processes. If training can be arranged by staff groups then we recommend one hour per session to cover specific MediViewer functionality and process changes. ; We recommend the following methods of training carried out on-site:; ; • Classroom based sessions ; • Ward/Department based training (where staff cannot be released) ; • 1:1 training for Consultants ; ; The ongoing training requirement once fully live should be handed over to BAU training team. IMMJ Systems can provide a training resource to deliver ‘Train the Trainer’ training to enable the hospital resource(s) to provide training to all appropriate hospital staff. Depending on the chosen IMMJ consultancy model, the IMMJ implementation team can either train Consultants within the early adopter specialty or all Consultants if All Specialties model is chosen. ; ; Additionally IMMJ can provide:; • A training environment;; • Comprehensive On-line Help; ; • Role specific process guides;; • Best Practices Guides - one-page quick glance documents that take users through specific functions, such as "changing user password", or "printing a form", etc.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: IMMJ Systems do not charge for data repatriation and there is no cost for data transit over the internet or download from HSCN/N3 if the application is being provided as part of a hosted solution. At the point of service termination, the Client is required to have the capability, resources and skills to extract and securely remove their own data set. Data can be extracted either from within the Virtual Machine, for example copying data over virtual networks or the entire VM can be exported as a VMDK or OVF.; As part of this operation the Trust would work with IMMJ Systems to spec up the required encrypted data store, which we would be more than happy to support.; Once IMMJ Systems has been formally notified that a service has been terminated, any residual customer data or configurations which remain will be securely and permanently erased. Any data or materials which cannot be deleted or exported will be returned to the customer.
• End-of-contract process: We will return all your data and materials which cannot be deleted or exported by you, and securely destroy all copies of your data on your written instruction. We will not penalise you for terminating your contract with us unless specifically stated in the Service Definition or contract. We will also return all of your confidential information, unless there is a legal requirement that we keep it.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Both services are identical. This was a major consideration during the design phase to ensure that MediViewer had a single user interface with full functionality whether accessed via a tablet, laptop or desktop. This greatly simplifies the user training as there is only a single user interface to be trained on.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: IMMJ Systems have experience of establishing a live feed from the Hospital EPR that can include the following information:; • Patient demographics ; • Patient Alerts; • Patient merges (will also trigger movement of scanned documents) ; • Inpatient stays and movements; • A & E attendances; • Outpatient appointments; • Reference types, such as specialties, wards and clinics; ; In order for MediViewer to be updated it can receive and process HL7 messages (or similar) from the Hospital interface engine and interface with API endpoints within MediViewer to update the internal MediViewer reference tables. We have experience of working with HL7 v 2.3, 2.4 and 2.5; the translation layer in our HL7 interface is scriptable allowing ready customisation to site specific requirements. MediViewer will process the following ADT messages from the EPR; A01, A02, A03, A04, A05, A08, A11, A12, A13, A28, A31, A38, A40.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: MediViewer is highly configurable and provides many functions to the System Administrator that gives overall control of the application to the user. ; ; Any user with the correct role can carry out configurations.; ; The User Interface is configurable to allow the user to decide on their default view of the patient records. ; ; At project start the EDMS Transformation and Implementation Specialist will work with the Trust to define the security model and create the initial model within MediViewer based on agreed profiles.; ; Smart indexing identification rules for specific types of document that will form the core of any taxonomy come standard. The joint project team will carry out investigative work in the early stages of the project to setup the additional Hospital specific business rules for recognition with the smart indexing function.; ; HL7 and ADT feds are also customisation and the schema-less design of MediViewer allows any number of fields to be rendered within the interface.; ; IMMJ will take responsibility for customising MediViewer working with the joint project team. Thereafter Systems Administrator will be trained to ensure that skills are retained in-house without requiring any specific development skills.; ; MediViewer software code cannot be customized itself.

Scaling

• Independence of resources: In order to guarantee that users are not affected by the demands from other users, we map dedicated CPU resources to a customers account. On the core platform, we use resource reservations and shares such as internet bandwidth shaping. In addition, the capacity planning team ensure that usage in terms of all resources are constantly monitored as part of the managed service and increased accordingly relating to user demand.

Analytics

• Service usage metrics: Yes
• Metrics types: An Admin user is able to review the following metrics from within MediViewer. ; ; User Groups; Metadata classification; Security; User Activity; Usage; Imported documents; Record Growth; Image Count; Volume of records; Transactions per record; Transaction per patient
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: We protect customers data at rest, utilizing standard encryption mechanisms and this cannot be decrypted without access to the key, which is managed and controlled by IMMJ Systems.; ; In this way, our customers are assured that their data can never be accessed by a third party.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Export patient information: an authorised user can select part or all of a patient’s record for the creation of an encrypted PDF. Typically, this will be in response to a request for patient documents for tertiary care or in response to a Subject Access Request.; Audit Log: MediViewer provides the ability to either display or export to CSV the results of an interactive query which can report against user, date and transaction type.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Encrypted PDF/A
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • PDF/A
  • TIFF
  • JPEG
  • Microsoft Word
  • Most unstructured file formats from clinical systems

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Other
• Other protection between networks: We offer the choice of connecting: ; • Via the internet using additional encryption such as TLS 1.2 ; • IPSec VPN tunnels; • Via private networks such as leased lines or MPLS; • Via public sector networks such as HSCN
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: We use dedicated VPN circuits between each of our sites to ensure the protection of customer data in-flight. We additionally encrypt this data within our platform. All data flows are also subject to our protective monitoring service.

Availability and resilience

• Guaranteed availability: 99.90%; ; Service credits and levels are customer specific and agreed in the relevant services levels and service credits definition agreements.
• Approach to resilience: Our service is deployed across a number of sites, regions and zones. ; ; Each zone is designed to eliminate single points of failure (such as power, network and hardware). ; ; Further information is available upon request.
• Outage reporting: All outages are reported in accordance with our incident reporting procedure. ; ; Further and full information is available upon request.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: The level of access that a user has, and the activities they can perform within MediViewer are governed by the following access control mechanisms:; ; 1. Access control to function by authorised user role;; 2. Access control to specific document sets. ; ; Access rights are restricted according to the role of a user. Although the creation of AD (Active Directory) roles are performed by AD administrators, MediViewer implements an ABAC (Attribute based access control) system that assigns authorization tickets (to access specific functionality) to users based on their attributes (such as AD group membership).
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRQA
• ISO/IEC 27001 accreditation date: 8th May 2012
• What the ISO/IEC 27001 doesn’t cover: Nothing.; ; All above certifications covered by our hosting partners.; ; Additionally, IMMJ Systems holds ISO27001 and ISO9001 certifications independently.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 28th October 2016
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Nothing.; ; All above certifications covered by our hosting partners.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO27018
  • Cyber Essentials
  • Cyber Essentials Plus
  • PSN
  • ISO20000
  • ISO27017
  • (Cloud Infrastructure Service Providers in Europe) Code of Conduct Certification
  • All above certifications covered by our Cloud partners

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: IMMJ Systems is certified to IS027001 and also hold IS09001 certifications. ; ; Both private and public cloud providers used by IMMJ (UKCloud and Azure) are certified to, CSA STAR, ISO27001, ISO27017, ISO27018 and ISO20000
• Information security policies and processes: IMMJ and our hosting partners have a number of inter-connected governance frameworks in place which control both how the Company operates and the manner in which it delivers cloud services to its customers. These have been independently assessed and certified against ISO20000, ISO27001, ISO27017 and ISO27018. ; ; IMMJ Systems adheres to an integrated suite of information security policies. Under the top level Information Security Policy itself are second-level documents with specific focus on Acceptable Use, Antivirus Protection, Asset Management, Business Continuity Management, Data Protection, Password Management, Personnel Management, Supply Chain Management and many others.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: IMMJ Systems has a well defined change management process and policy that is available upon request. ; ; Our hosting partners have well documented configuration and change management policies and processes, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 standard. Formal configuration management activities, including record management and asset reporting, are monitored and validated constantly, and any identified discrepancies promptly escalated for investigation. A robust, established process for the formal submission of change requests is mandated prior to review and approval of the daily Change Advisory Board.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: IMMJ Systems has documented policies and procedures relating to vulnerability management available upon request.; ; Hosting partners have well documented vulnerability management policy and processes, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. Where possible, real-time updates and status reports are identified and sourced from credible vendor sources, which cover a significant proportion of their asset population. For other systems/software, assigned personnel have responsibility for regularly reviewing technical forums and specialist groups to promptly identify and evaluate any emerging patches or updates which require our attention.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Following best practice from the National Cyber Security Centre, our hosting partners protect both their Assured and Elevated platforms with 24x7 enhanced protective monitoring services, vulnerability scanning and assessment. Our approach to protective monitoring at minimum meets the Protective Monitoring Controls (PMC 1-12) outlined in NCSC document GPG13 (Protective Monitoring for HMG ICT Systems). It includes checks against systems events (SIEM) and network traffic analysis, including time sources, cross-boundary traffic, suspicious activities at a boundary, network connections and status of backups. Any alerts generated are logged and investigated 24x7.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our hosting partners have well documented incident management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. This activity is responsible for the progression of alerts generated by automated monitoring systems, issues identified by theirpersonnel, and incidents identified and reported to them by their customers and partners. All incidents are promptly reported into a central ticketing system, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  IMMJ Systems are wholly committed to fighting climate change and the very nature of the projects that we deliver support the positive change to the climate.
• Covid-19 recovery:

  Covid-19 recovery

  IMMJ Systems software and services have and continue to support the response to Covid-19 and the provision of ensuring remote and virtual patient consultations can be completed. IMMJ Systems were front and center in the process of supporting the NHS during the early pases of the pandemic.
• Tackling economic inequality:

  Tackling economic inequality

  IMMJ Systems are wholly committed to tackling economic inequality in any way that is possible for our business.
• Equal opportunity:

  Equal opportunity

  IMMJ Systems are wholly committed to equal opportunities.
• Wellbeing:

  Wellbeing

  IMMJ Systems are wholly committed to wellbeing.

Pricing

• Price: £175,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@mizaic.com. Tell them what format you need. It will help if you say what assistive technology you use.