Synanetics

Pathology Integration Engine

The Pathology Integration Engine (PIE) is a public-cloud, FHIR native, micro-services based interoperability system that routes pathology test orders and results between any connected requesting system and any connected laboratory. The PIE handles any order format, HL7 V2, FHIR, XML, text files etc, and maps to NHS SNOMED codes.

Features

• Hosted and Managed Pathology Interoperability Platform
• Standards based (HL7 V2, FHIR, XML) mapped to SNOMED CT
• Massively Scalable
• Micro-services architecture
• Public cloud native

Benefits

• Improves efficiency and performance across Pathology Networks
• Tracks thousands of samples throughout their journey
• Allows effective capacity planning
• enables networks to deal with service outages

£550 to £1,400 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.cook@synanetics.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

285311437586581

Contact

Paul Cook
07570576534
paul.cook@synanetics.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Existing laboratory systems, EPRs etc
• Cloud deployment model: Public cloud
• Service constraints: None at a systemic level, but discovery phase will identify any that may exist within a specific organisation or pathology network
• System requirements: Solution is browser based and public cloud first

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times depend on the priority of the request: Emergency: 1 hr anytime High: 1hr 9am-6pm weekdays Normal: 1 working day Low: 1 working day. Support is offered as a 24x7x365 service
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer a fully managed service desk and ITIL service management package. All customers are assigned a technical account manager who is accountable for the delivery of the service. We offer a single standard level of support. This provides access to 24x7 using a variety of contact mechanisms. The priority of support issues is determined by our customers and we measure our response and resolution times of requests and incidents. Performance indicators are reported back to our customers through monthly service review meetings. Our standard service package can be tailored to individual requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: User documentation is available, and any individual training/user requirements can be agreed and costed as part of contract negotiations
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Upon contract end, Synanetics will agree the work package to extract the data in a mutually acceptable format
• End-of-contract process: The services required to de-commission the platform would be additional to the ongoing service provision

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Test
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Test
• API: Yes
• What users can and can't do using the API: Test
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customers will have the ability to customise re-routing logic so that they can optimise their sample pathways. They can also add services to the test catalogue

Scaling

• Independence of resources: Google Cloud Platform (GCP) employs robust resource management techniques to ensure users are not adversely affected by demand from other users. GCP dynamically allocates resources to users based on their needs, scaling infrastructure horizontally to accommodate fluctuations in demand. Through features like auto-scaling and load balancing, GCP optimizes resource utilization and maintains consistent performance even during peak usage periods. Additionally, GCP's distributed network infrastructure and data centers minimize latency and improve reliability, further enhancing user experience. Continuous monitoring and optimization enable GCP to effectively manage resource allocation and prioritize user workloads, ensuring reliable and responsive service delivery.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of tests routed, turnaround times, aged test reports.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data at rest protection is a Google Cloud Platform core service offering
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: PIE data is held in Google Cloud Platform (GCP). To export data from GCP, a customer can employ various methods depending on the type of data and its storage location. For structured data stored in databases like BigQuery, customers can execute SQL queries to delete records or drop tables. Unstructured data stored in Cloud Storage can be deleted using the Cloud Console, command-line interface (CLI), or programmatically through APIs. Additionally, customers should ensure to revoke access permissions and delete associated resources, such as virtual machines or instances, to fully remove their data from GCP and comply with data protection regulations.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • HL7 V2
  • HL7 FHIR
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The Pathology Integration Engine is hosted in Google Cloud Platform (GCP) and 99.5% availability is guaranteed. Beyond this, and by agreement with our customers, Synanetics designs resilience into the platform by leveraging distributed architecture, redundancy, and automated failover mechanisms. We utilize multiple UK availability zones, load balancing, and managed services including Cloud Spanner for data replication. We Implement monitoring, alerting, and disaster recovery strategies to detect and respond to failures swiftly, ensuring continuous availability and reliability. These then feed into SLAs which, by agreement can include a service credit regime.
• Approach to resilience: Our approach to service resilience within Google Cloud Platform (GCP) ensures that applications and services remain available and performant, even in the face of failures or disruptions. We utilise various tools and features to enhance service resilience, including:; ; 1. Multi-zone Deployments: Deploying services across multiple UK zones ensures redundancy and high availability. GCP's global infrastructure enables users to distribute workloads geographically for resilience against local failures.; 2. Load Balancing: GCP's load balancing services distribute incoming traffic across multiple instances or regions, ensuring optimal performance and fault tolerance. Traffic management policies can be configured to handle spikes in demand and route traffic away from unhealthy instances.; 3. Managed Services: Leveraging managed services like Cloud Spanner for databases and Cloud Storage for storage ensures built-in replication, durability, and scalability, enhancing resilience against data loss and service disruptions.; 4. Automated Failover: GCP's managed services offer automated failover capabilities, such as Cloud SQL High Availability and Cloud Spanner multi-region configurations, enabling seamless failover and data replication to ensure continuous availability.; By implementing these practices and leveraging GCP's managed services, organizations can design resilient architectures that withstand disruptions and provide uninterrupted service to their users.
• Outage reporting: Email alerts and public dashboard are offered, but Synanetics will work with customers to align reporting to customer requirements

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Role Based Access Control
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Synanetics is working to ISO standards for security governance and plans to be formally accredited.
• Information security policies and processes: Synanetics security policy and processes align to ISO 27001. Policies are defined and set out within our employee handbook. All staff complete NHS data security training.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes are subject to board approval and tracked using robust change management and audit process
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Active scanning on all infrastructure and application components; findings are prioritised according to levels of severity. Patches can be deployed within hours.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Active monitoring on the infrastructure, alerts are dealt with upon receipt. Response is according to documented security governance processes. Response will be handled within published severity guidelines.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Users can report and classify severity of incidents, either via the web-based ticketing system, by email or by phone. Incident reports are provided to meet customer requirements (both in format and cadence).

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality

  Fighting climate change

  Synanetics is committed to achieving Net Zero emissions by end of financial year 2040. Synanetics is a knowledge business; it has no manufacturing, distribution or retail operations. All staff are home-based and we have no vehicle fleet. We have no staff catering services and no International operations. Our sole office location is in Leeds city-centre, 5 minutes’ walk from the mainline station. All staff are encouraged to use the train when attending the office. All employees are given home based contracts and in person meetings are held on an exceptional basis, minimizing travel. Our landlord employs Ashdown Phillips & Partners as facilities management provider and that business ensures that environmental issues are at the heart of their operation. Ashdown Phillips are Planet Mark Accredited, Living Wage Accredited and are members of the Better Buildings Partnership. Their teams have won numerous sustainability awards which include: Green Apple, SCEPTRE and CSR Awards. Wherever possible, our staff deliver their work remotely; less than 1% of all of our chargeable engagements require in person meetings. Typically, our projects utilise public cloud infrastructure, with Google Cloud Platform (GCP) being our preferred provider; alternatively Microsoft Azure is chosen. Both of these global corporations have published commitments to be carbon neutral or carbon negative by 2030 (Google: https://sustainability.google/operating-sustainably/net-zero-carbon Microsoft: https://www.microsoft.com/en-us/corporate responsibility/sustainability/report) and so, by taking the active decision to supply our services using these infrastructure offerings, Synanetics is able to ensure that the most power intensive and therefore carbon intensive elements of our business operations are addressed and reduced. Ultimately, Synanetics already has a very small carbon footprint, but our focus on measures which minimise levels of carbon production mean that we will be Net Zero by 2040 at the latest, but an earlier date of Net Zero by 2030 is achievable as a stretch target.

  Tackling economic inequality

  Synanetics is a Small and Medium Sized Business (SME) and we recognize that our ability to make significant contributions to the themes around Tackling Economic Inequality are necessarily constrained by our size. As a knowledge business designing and supporting solutions used across NHS customers, all job roles demand high-levels of education, knowledge and experience of programming and high levels of demonstrable problem solving abilities so that the engineering principles which deliver the company’s ongoing success are maintained as we expand. The majority of our solutions are delivered as hosted and managed services, using either Google Cloud Platform (GCP) or Microsoft Azure and therefore we do benefit from the industry leading commitments and behaviours which these global corporations enshrine in their corporate ethos. However, we clearly understand that we need to be pro-active and can confirm that our business is committed to the concept of behaving as a good corporate citizen; therefore we embrace issues pertaining to social value. Synanetics continued growth and expansion by definition supports new businesses, creates new jobs and develops new skills. Our ongoing appraisal process, together with a culture of continuous professional development, means that our clear ambition is for employees to expand their knowledge and experience, which in-turn drives our ability to meet and exceed customer expectations. With regards to the Real Living Wage (as specified by Living Wage foundation) Synanetics can confirm that all of our roles pay significantly more than these rates. Because of the size and scale of Synanetics operations, it is fundamentally important that ongoing focus on the viability of our projects is maintained throughout the life of the contract. All projects are reviewed on a monthly basis and so, should the resources planned and allocated to a project fall out of expectations, it will be reported, managed and rectified.

Pricing

• Price: £550 to £1,400 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.cook@synanetics.com. Tell them what format you need. It will help if you say what assistive technology you use.