LA CASA CARE LIMITED

MyClinic365 HealthCloud - Clinic Manager, EMR

Clinic Manager provides clinics with the necessary tools to manage patient care effectively and efficiently from patient registration through to billing and claim management. Clinic Manager supports the delivery of effective patient care and administrative workflows, integrated fully into the hospital or clinic environment.

Features

• Digital patient records and electronic document management
• Highly configurable and scalable
• Fully managed service delivered securely via the cloud
• Medication recording and e-prescribing facilities
• Resource, appointment and attendance management
• Care planning including customisable care pathways
• Integration module supporting interoperability standards
• Medication recording and e-prescribing facilities
• Access patient records instantly via any device
• Interoperable with EPRs based on H7 standard

Benefits

• Realtime access to patient and clinical data, enhancing care delivery
• Interoperability capabilities enables data to be shared across the healthcare
• Support for JCI and HIMSS EMR adoption model
• Access to summary data ensure optimum patient contact time
• Maximise efficiency and increase patient capacity
• Increased productivity through process automation
• Maximise Availability – Resilience and disaster recovery built in
• Reduced management overhead as MyClinic365manages the end-to-end service
• Increase patient capacity through our smart resource scheduling

£5 to £100 a user a week

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.cooke@lacasa.care. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

328294666435818

Contact

Richard Cooke
+353872592913
richard.cooke@lacasa.care

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Details of the HealthCloud service are included in the attached service definition document and T&Cs.
• System requirements:
  • Up to date browsers (Chrome, Edge, Safari)
  • Om premise server and/or PCs where local scanning is required
  • Where necessary appropriate internal network and external network connections.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our standard support response times range from 60 minutes (P1 Incident) to 2 days depending on the incident categorisation and prioritisation as defined in a tailored service level agreement (SLA) per service.; The tailored SLA also defines the agreed hours of support service available which can range from 24x7 to weekdays 09:00 to 17:00
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Webchat has two levels:; 1) self help - FAQs and suggested solutions; 2) Live agent
• Web chat accessibility testing: We have not performed any specific testing with assistive technology users.
• Onsite support: Yes, at extra cost
• Support levels: We provide a technical account manager.; Support is provided as standard.; Custom levels of support can be provided. This involves discussing support required and will mean a custom quote.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Defined project template:; Configuration templates provided - service is setup as per provide templates; includes full training both onsite and/or remote; Customer Success Manager assigned to each account
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Export function to export notes and any attachments; Format CSV, PDF or JSON; Custom export service also provided - additional costs
• End-of-contract process: Data is archived or deleted as per contract.; Custom export service offered (if default options not acceptable) - additional cost; Customer Success Manager also provides end of contract support

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences. All services are available on both desktop and mobile
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: We provide a suite of documented APIs for our different services:; Patient Management; Booking Management; Payments; Secure Messaging; Notes Management; ; we provide these services through a FHIR Gateway.; Users can have different access rights which controls what changes can be made. ; Functionality is limited to teh published APIs functionality therefore there are limitations.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The platform has been built to be fully customisable. Who can customise and what can be customised is restricted through role based access control.; Look and feel, services, calendar, notification content, notes templates, patient intake, forms etc can all be customised to by customers.

Scaling

• Independence of resources: Our platform is architected to handle 000s of transactions per second. We use a serverless cloud architecture that auto scales to meet demand - both throughs and peaks.; The application has been through extensive performance testing to ensure that the quality of service is not impacted by demand.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide the following metrics:; Platform uptime and availability; Realtime view of current platform usage - logins (pass, failed and risk rating), appointments, triage, messages, payments, tasks, enquiries etc; Regular reports such as invoice analysis, most used services, DNA/Cancellations, schedule etc
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export data to pdf; or; we can provide a service to export the data in JSON format
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: Pdf

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.99% up time guaranteed in SLA
• Approach to resilience: Using AWS datacentres in both UK and Ireland.; https://aws.amazon.com/compliance/data-center/controls/; All infrastructure is stored as code (Infrastructure as a Service); All data backed up and where possible Point in time recovery (PITR) is enabled.; All our platforms work across multiple availability zones and regions. This allows us to achieve extremely short recovery time and recovery point objectives, as well as the highest levels of service availability.; Our Business Continuity Plan (BCP) outlines measures to avoid and lessen environmental disruptions. It includes operational details about steps to take before, during, and after an event. The BCP is supported by testing that includes simulations of different scenarios. During and after testing, we document people and process performance, corrective actions, and lessons learned with the aim of continuous improvement.
• Outage reporting: Public Dashboard; Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: All access requires username, password and MFA to authenticate.; ; All data is encrypted in transit and at rest. ; ; Aplication access is further controlled by role based access controls.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have a very robust ISMS in place. This includes a set of policies and procedures for systematically managing our organization's sensitive data. Our ISMS minimizes risk and ensure business continuity by proactively limiting the impact of a security breach.; We have coupled this with AWS Cloud Config and vigorous auditing to ensure our security policies are followed.; This forms part of our governance, risk and control framework. This gets reported to Board level on a monthly basis

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have a defined set of processes as defined in the Information Technology Infrastructure Library (ITIL). We use these processes as our framework for IT service management (ITSM) and IT asset management (ITAM) that allows us to align IT services with the needs of the business. Configuration Management and change management are part of these processes. ; All changes go through our change management process and configuration management processes. We have a 100% serverless environment so all changes have to go through our configuration and change management processes before they can be deployed. ; All changes are pen tested using OWASP framework.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our Security Operations team monitors metrics from our vulnerability management software in addition to the service provided by AWS our hosting provider.; • We maintain a list of assets that are assessed against industry notifications; • Regular use of vulnerability scanning software; • Managed Detection & Response (MDR). Use of external managed security services that assess threat vectors and provide proactive advice/intelligence. ; • Automated internal testing coupled with independent testing of infrastructure and applications
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Managed Detection & Response (MDR) in place; Includes proactive analysis of security and event based audit logs; Response to incident dependent on risk level - from no response required to automated or manual shutdown of systems; Security Incident Management in place aligned with our ISMS and ISO27001
• Incident management type: Supplier-defined controls
• Incident management approach: We have a defined set of processes as defined in the Information Technology Infrastructure Library (ITIL). We use these processes as our framework for IT service management (ITSM) and IT asset management (ITAM) that allows us to align IT services with the needs of the business.; ; Incident Management is one of these processes.; For P1 incidents users are expected to phone the support desk.; All other incidents and requests can be either emailed or logged through our support portal.; Incident reports for all P1 and P2 issues are emailed to all customers within 72hours of issue being resolved.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  At MyClinic365, we are committed to sustainability. Our operations are designed to get the most out of technology, without the need for more resources which impact our planet.; ; Using resources efficiently to reduce waste:; - We ensure all purchasing/resourcing decisions adhere to our Sustainability and Environmental Policy.; ; Playing our part to reduce emissions to improve health in the local community:; - Provide home-based virtual working opportunities to reduce travel/emissions.; - Efficient meetings: using video conferencing to meet virtually reducing the need for travel; We encourage staff to use public transport whenever possible and to work from home.

  Equal opportunity

  MS MAXIMS is committed to the policy of equal treatment of all employees and applicants, and requires all employees, of whatever grade or authority, to abide by and adhere to this general principle and the requirements of the Code of Practice issued by the Equal Opportunities Commission, the Commission for Racial Equality, under the Disability Discrimination Act.; ; It is the MyClinic365 policy to treat job applicants and employees in the same way, regardless of their sex, sexual orientation, age, race, ethnic origin or disability.; ; Furthermore, the organisation will monitor the composition of the workforce and introduce positive action if it appears that this policy is not fully effective.

Pricing

• Price: £5 to £100 a user a week
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Time limited trial periods available upon request

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.cooke@lacasa.care. Tell them what format you need. It will help if you say what assistive technology you use.