Open Medical Ltd

Pathpoint® Acute Surgery

Developed by surgeons, Pathpoint® Acute Surgery is a versatile clinical workflow platform for centralised coordination of surgical patients. Supports multiple distributed teams, customisable local workflows, digitisation of end-to-end pathways including digital CEPOD booking system, anaesthetic assessments, ambulatory lists, general, vascular, urology, ENT. Automatic coding for superior analytics. Hosted on HSCN.

Features

• Referral management and handover
• Theatre list coordination and planning
• Patient engagement
• Collaboration and communication between teams
• Auditing and clinical governance
• Data,reporting and business intelligence
• Digital consent
• Remote patient monitoring
• Clinic booking and appointment functionality
• Elective surgical pathways (Enhanced recovery, pre-op optimisation etc)

Benefits

• Improved oversight and coordination of procedure/treatment lists
• Improved decentralised collaboration for multi-site clinical teams
• Better compliance with speciality guidelines
• Effective, real-time clinical governance and internal communication
• Fast digital recording of clinical workflows
• Improved visibility of the CEPOD board
• Service improvements initiated by reporting clinical code, theatre, temporal markers
• Streamlined communication between surgical teams and theatre coordinators
• Improved, forward-planning of patient care resources (bed, theatre slots, staff)
• Improved handover efficiency and process optimisation

£24,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dorota@openmedical.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

198178327725025

Contact

Dorota Naumiuk
0203 475 2955
dorota@openmedical.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Pathpoint
• Cloud deployment model: Public cloud
• Service constraints: Requires N3 or HSCN access
• System requirements: IE 11+ or Chrome/Firefox/Safari browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Week days - within 8 hours. Weekends - within 12 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Licence subscription includes: ; ; Business-as-usual - single point-of-contact client support; managing delivery and resolution of service queries.; ; Extra-ordinary - 24 x 7 x 365 same-day on-site support to resolve high severity live system application related incidents.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Installation: The on-boarding program is designed to ensure minimal disruption to departmental working practices. ; Week 1: A small team of trainers deployed to each department to provide full on-site, on-the-job training. ; Week 2-4: Weekly one day training resource.; On-going: Training sessions coincide with the induction day of new clinical staff throughout the duration of the contract. Training assets: wall posters, eLearning video demonstrations, manuals, client support phone/email.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Contract termination does not result in service discontinuation. System remains live in read-only state.; Exported SQL files and a binary archives are generated and provided automatically.; Data extraction via JSON:API or FHIR API directly from the system is also available.
• End-of-contract process: OpenMedical licenses are SaaS products. ; Where recommissioning is not optioned at the end of subscription period, there are no additional costs. ; The service remains available with a full read-only functionality and can be resumed at any time.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No difference
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: ETrauma is a decoupled service that can be fully operated via APIs. JSON:API and FHIR APIs are available out of the box allowing all CRUD operations via basic or cookie authentication. Any authorised user of the service can make any changes allowed by their access role with no limitations.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: ETrauma out-of-the-box system pathway and interfaces modified to clinical team specifications.; The patient and clinical pathway entities are fully customisable and can be added, changed or removed (including specific data fields).; The refinements process is managed by OpenMedical's engineering team, in association with clinical team leaders.

Scaling

• Independence of resources: System's load balancing process automatically provisions additional VMs and containers. Upscaling system resources in response to request loads.; ; Furthermore OpenMedical employs a number of processor reduction techniques, including multiple cache-like layers for querying and outputs with forced tag and context cache expiration.

Analytics

• Service usage metrics: Yes
• Metrics types: Our systems are designed to track, plan and review patient care. ; Embedding coded-fields into the data-storage architecture allows OpenMedical to manipulate and present service metrics at a range of granularity levels. ; Includes ; Clinical; diagnosis/procedure specific data, temporal, demographic. ; Health management: KPIs, referral source, time-of-day, year-on-year, service capacity/level boundaries.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Authenticated users can export their data via the JSON:API / FHR API / directly via the user interface as an CSV file.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our standard Service Level Agreement guarantees 99.9% server uptime. ; Any unscheduled service outage for more than 1 hour after reporting is refunded at its full subscription price for the outage duration.
• Approach to resilience: Available on request
• Outage reporting: The service reports any outages via a public API, by email alerts to all clinical team leads and nominated secondary addresses.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: Client determines access requirements to match their specific organisational needs.; Role-based and team-based access system manages system's restrictive access controls, constraining user functionality assignment; including writing, editing and viewing. ; Team-based permissions are dependent on data-originating teams. Role-based access restricts system-wide processes and data such as management, user-auditing and interface channels.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • N3 Assurance
  • IG Toolkit
  • Cyber Essentials
  • Cyber Essentials Plus
  • HSCN Code of Conduct

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: N3 Assurance and NHS Digital IGT
• Information security policies and processes: The following policies are used to capture and monitor security: Data Protection Policy, Information Risk Policy, Information Security Policy, Network & Mobile Security Policy, Pseudonymisation Policy, Recruitment and Contracting Policy, Secure Data Transfer Procedure, eTrauma System Level Security, eTrauma Data Flow Mapping.; ; A dedicated team with the responsibility to monitor the above is contactable at ig@openmedical.co.uk. All security policies are reviewed every 6 months internally and verified every year independently.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change management policies ensure all the changes are assessed, approved, implemented and reviewed in a controlled manner. All changes will be recorded in the service management tool following an explicit process: Recording of all changes, Classification, Risk assessment for their risk, Impact and business benefit, Approval and authorisation, Coordination for implementation of changes, Post implementation review, Post implementation feedback.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: The vulnerability management process follows a mandatory workflow:; - Preparation; - Vulnerability scan; - Remediation actions definition; - Remediation actions implementation; - Vulnerability scanning
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Compromise scanning: Three-way data surveillance, including database and binary data tracks identification alteration. Daily reconciliation of all IP access logs outside the N3 network.; Compromise response: Suspected authentication/access or integrity immediately escalated to engineering and infrastructure team for assessment and action. ; Confirmed compromises: Reported as per the Information Risk Policy to SIRO, senior management, ICO, NHS Digital and the client organisation Information Security and IG teams.
• Incident management type: Supplier-defined controls
• Incident management approach: Recorded incident reporting and pre-existing incident response processes are in-place. ; All incidents and adverse events are reported and recorded according to Information Risk Register Policy and cross-referenced to the Disaster Recovery and Business Continuity Plans. ; IG SIRIs will be managed in accordance with the Incident Management Procedure.; All incidents are reported to SIRO, senior management, ICO, NHS Digital and the client organisation immediately.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  Our supply chain has a minimal environmental impact. All engineering is in-house, thus the product is manufactured in the UK. Our cloud host supplier (UKCloud Ltd) is certified carbon negative, contributing to a sustainable environment for all populations. In addition to its net-zero commitment, this collaborator has launched a Partner Charter in response to the Social Value Act 2012, focusing on 5 themes including creating new digital jobs/ skills and minimising e-waste sent to landfill through repurposing technology, in line with the '5 Rs'.
• Covid-19 recovery:

  Covid-19 recovery

  The COVID-19 pandemic has transformed our personal and professional lives. While such change has been difficult, it’s also created opportunities. We’ve seen that we can unlock ingenuity to accelerate life-changing innovation, build organisations that evolve with a changing world, positively impact the environment, and improve our ways of working. As we move forward, we can’t go back to the old business as usual. We must continue to harness ingenuity to build a positive human future.; ; We are committed to the well-being and continual development of our people and to training our workforce, where employees are appreciated, valued and given regular feedback so that each employee has a clear understanding of their role and how they contribute to the business. We operate a meritocracy, where all employees are recognised and rewarded on the basis of their performance, effort, contribution and achievements. We expect our employees to act with integrity towards one another and exercise a high standard of business practice and workmanship. We support diversity, fairness and equal opportunities and aim to involve and consult regularly with employees as to the direction of the business. ; ; We also have a graduate scheme. One project is being run in association with a British university and the Knowledge Transfer Partnership. Another project relates to website design, and the successful candidate will also receive expert training in coding and will eventually join our engineering team upon successful completion of the scheme. This unique opportunity represents one of many local opportunities we hope to offer in the future. We endeavour to continue to hire locally-dwelling people into these schemes by ensuring we target our job advertisements to this group. We actively support and donate to a number of national and local charities. Details are available from our Finance Manager.
• Tackling economic inequality:

  Tackling economic inequality

  We recognise and understand the significance of the local community within which we operate. We aim to enhance our contribution to the community by being sensitive to the needs of local people and groups and promoting ethical and socially responsible trading. Our entire business model is based around supporting the National Health Service in as cost-effective a manner as possible. We provide our services at competitive and sustainable prices through compliant frameworks, and we restrict our contractual ability to increase prices above RPI in any single 12-month period. In terms of social value, all of our directors have been or currently are clinicians or other healthcare professionals working within the London North West University Hospitals Trust meaning that their high skill set has remained within the local area and in the NHS setting. As part of our on-going commitment to complying with the Social Value Act 2012 and the national Time, Outcome, Measure (TOM) framework we hired our first apprentice in early 2020 who later became our lead designer living in the Ealing area. We also have a graduate scheme. One project is being run in association with a British university and the Knowledge Transfer Partnership. Another project relates to website design, and the successful candidate will also receive expert training in coding and will eventually join our engineering team upon successful completion of the scheme. This unique opportunity represents one of many local opportunities we hope to offer in the future. We endeavour to continue to hire locally-dwelling people into these schemes by ensuring we target our job advertisements to this group. We actively support and donate to a number of national and local charities.
• Equal opportunity:

  Equal opportunity

  We are committed to the well-being and continual development of our people and to training our workforce, where employees are appreciated, valued and given regular feedback so that each employee has a clear understanding of their role and how they contribute to the business. We operate a meritocracy, where all employees are recognised and rewarded on the basis of their performance, effort, contribution and achievements. We expect our employees to act with integrity towards one another and exercise a high standard of business practice and workmanship. Our Code of Conduct sets out clear expectations. We support diversity, fairness and equal opportunities and aim to involve and consult regularly with employees as to the direction of the business.
• Wellbeing:

  Wellbeing

  Open Medical considers the mental health and well-being of all staff to be as important as their physical well-being. The firm will continue to promote the dedicated mental health and well-being resources available to all staff.

Pricing

• Price: £24,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Universal four-month trial period. ; Full access to system.; Includes evidence based service improvement evaluation.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dorota@openmedical.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.