Skip to main content

Help us improve the Digital Marketplace - send your feedback

University Hospital Southampton NHS Foundation Trust

My Medical Record

My Medical Record is a patient online service predicated on an open personal health record platform. It provides NHS patients with access to their data and information to support remote or virtual follow-up, improving patient experience and delivering service efficiencies.

Features

  • Remote access via any internet enabled browser
  • Able to link to hospital systems for data integrity
  • Automated backup service
  • Scheduled automated reporting
  • One system accessible by both clinicians and patients
  • Scalable solution able to handle high volumes of patients
  • Two way secure messaging built into the system
  • Easy integration with other systems
  • Secure multifactor authentication for sign up
  • System develop using industry standard tools

Benefits

  • Available from any internet connected browser
  • Allows real time communication between clinicians and patients
  • Easy to use system for patients
  • Ensures patients are put on treatment and not missed
  • Easy access to patients lab and radiology results
  • Easy access to information about patients condition
  • Secure messaging between clinicians and patients
  • Single easy to use portal holding all patient information
  • Health surveys reduce unnecessary visits to hospital
  • Automation of results reduces manual tasks

Pricing

£10,000 to £20,000 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mymrenquiries@uhs.nhs.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

3 5 7 3 4 9 0 5 8 6 4 0 6 5 6

Contact

University Hospital Southampton NHS Foundation Trust Carl Maskelyne
Telephone: 07387076076
Email: mymrenquiries@uhs.nhs.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
  • Internet access (wi-fi or 3G or above) from your device
  • Microsoft Internet Explorer 11 or above
  • Microsoft Edge
  • Apple Safari version 10.15 for Mac or3.2.1 for Windows
  • Google Chrome version 100.0.4896 or above
  • Firefox version version 99.0 or above
  • Opera Mobile version 1.4.0 iOS and version 1.4.11 Android
  • Opera Desktop version 83.0.4254.70 for Windows or Mac
  • Available from laptop, desktop, tablet or mobile device
  • Mobile phone number for authentication purposes (advisable)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times are typically within an hour during normal office hours (Monday-Friday 9am-5pm) excluding bank holidays.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
My Medical Record has three levels of support.

There are no additional costs for accessing different levels of support as this access is provided as part of the ongoing maintenance agreement. This also includes hosting and access to any technical resources.

All customers have an account manager who can call upon product support specialists and developers as required.

Level one support can handle basic support queries and fixes.
Level two support is provided by our technical team for issues that may require some form of development or a technical change.
Level three support is provided by our senior team of product managers and developers. These support issues can be more complex or require developers to implement.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Upon contract award we set up a formal project plan with the customer.
We have a fully documented implementation process which we go through with all new customers including development of a user requirement document detailing all development requirements for the system. Where integration is required to populate either patient demographics or results a sub-project team is set up with required personnel both at My Medical Record and the customers. Once all documentation is complete the system will be developed in line with the specification following a robust quality assurance process and extensive internal acceptance before passing the system to the user for final testing.

As part of this plan we provide users with full training to use the system. The system is relatively intuitive so online training is typically 2 hours and in undertaken in small groups of users on Teams or Zoom conference calls. Prior to COVID we visited sites to train users but as most of our customers are NHS hospitals most prefer us not to visit unnecessarily.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
At the end of the contract if the customer wishes to move to another supplier we will work with the customer and new supplier to migrate all data in a safe and efficient manner as required. This will be in a structured format for import into any future systems.
End-of-contract process
At the end of any contract we recognise that the data held is owned by the customer. As such we undertake an export of all key patient information and provide this securely to the NHS trust in question as required. Once this is completed and accepted as valid by the customer we would delete all data in line with requirements under the data protection act. There are no additional charges for this work unless the data is to be supplied in a specific format. This would incur costs based on the time needed to complete this.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The system includes all of the same functionality but is responsive to the device accessing the service. My Medical Record has a 'mobile first' design and so automatically optimises when mobile devices are used to access the service.
Service interface
No
User support accessibility
WCAG 2.1 AAA
API
Yes
What users can and can't do using the API
My Medical Record have a team dedicated to integration with other systems. We are able to integrate through SDK/HL7/FHIR API.

Our open APIs enable pull/push with third party systems for all patient data, including dedicate APIs for checking if patients exist on the platform and registering new patients.

All integration work is managed by a dedicated team that work in conjunction with the customers technical team.

Subsequent changes to these links should be raised formally through a change request document. This work will then be completed working closely to the customers technical team.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
All aspects of the content and layout are configurable and we work with our customers to define what is best for them.

Additionally, protocols for healthcare professionals to follow in the treatment of patients can be configured as per local clinical guidelines. There are also templates that can be customised as required and this includes customisation of letter templates for patients.

The front page can be updated with the customers imagery, logo's and colour scheme.

All of these changes are made by the My Medical Record team at the request of the customer, typically at no additional cost.

Scaling

Independence of resources
Our service runs on the Microsoft Azure platform. This enables us to easily and quickly scale up the service to meet any unexpected demand. We are able to dynamically increase bandwidth, storage space, memory allocation and processor power.

The applications have been load tested to handle millions of patient records.

Analytics

Service usage metrics
Yes
Metrics types
The system has real-time metrics showing number of users, this includes usage/activity, active users, suspended, recalled, discharged and deceased patients.

There are many automated reports generated on a monthly basis showing system information and patients who have red flags indicating they have outstanding actions for their treatments. Where customers have a need for further bespoke reporting we can generate these reports either as one off ad hoc reports or automated monthly/weekly reports. Any data held within the system can be reported on.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Currently no users have moved from our system but the process should anyone wish to move is as follows:
1. Provide a minimum of 1 month notice requesting a copy of the data.
2. If data is required in a bespoke format a quote and timeline will be sent to the customer.
3. If the data is to be provided the My Medical Record Team will process this within a month and supply this in a secure manner to the customer.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The My Medical Record is hosted on the Microsoft Azure platform which guarantees 99.9% availability. The application itself it supported by a dedicated team who manage availability with the customer based on an agreed SLA.
Approach to resilience
My Medical Record is professionally hosted in the Microsoft Azure platform, offering very high levels of resilience. The failover and backup plans inherent within the cloud platform reduce the risk of significant/prolonged outage. Where additional resources are needed the team in Southampton are able to increase allocated memory, storage space, processing power or bandwidth. This can be done instantly through the online Azure portal.
Outage reporting
All outages are reported directly to customers via email with regular updates throughout any breaks in service. Additional information about the outage and expected resolution times are supplied once they can be ascertained.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
There is only limited management functionality but where this exists this is done via user permissions. All users access is via a username and password.
Access restriction testing frequency
At least once a year
Management access authentication
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
NHS DSPT toolkit

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We have been assessed by NHS Digital as conforming to the Interoperability Toolkit (ITK) and are connected for MESH.
We have self-assessed against the NHS Digital Data Security and Protection Toolkit Standard - standards met.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes to the system are tracked through a change control process. Changes to the system are undertaken in a development environment before being applied to a pre-production system for testing. Once fully tested for any potential security impact these are then deployed to the live server. At all times the servers are monitored for any suspicious activity.

Customers are engaged in QA processes and testing where relevant and our entire system is subject to regular penetration testing.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The team at My Medical Record have access to full audit logs at both server and application level and we have proactive monitoring processing this data and alerting as required. Where there any potential threat is identified via the support team address such threats. All server level security threats are patched immediately by Microsoft through the Azure Platform.

Our entire system is subjected to regular penetration testing.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Monitoring of the My Medical Record system is predominantly undertaken through the Microsoft Azure platform dashboard. Here we are able to identify any unusual or suspicious activity. If a security concern is identified this is investigated immediately. Where the threat is of particular concern we would take systems offline temporarily whilst the risk is eliminated.

The entire systems is subjected to regular penetration testing.
Incident management type
Supplier-defined controls
Incident management approach
All incidents reported to the My Medical Team are fully investigated. Customers are given clear timelines for the investigation and at this point a full detailed report on the incident is provided to the customer along with recommendations for resolutions as needed.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
NHS Network (N3)

Social Value

Fighting climate change

Fighting climate change

University Hospitals Southampton have a three year Green Plan which can be viewed here: https://www.uhs.nhs.uk/about-the-trust/about-uhs/sustainable-uhs
Covid-19 recovery

Covid-19 recovery

As an organisation Southampton University Hospitals NHS Foundation Trust has been at the forefront of the fight against COVID-19. In particular the My Medical Record application has enabled patients receiving many different forms of treatment to be managed without the need to visit hospitals and see consultants. This has enabled clinicians to focus on supporting patients with the greatest need during the pandemic.
Tackling economic inequality

Tackling economic inequality

As an NHS organisation we provide free healthcare to all irrespective of financial status. As a supplier of software to other NHS trusts we can ensure that we keep costs to a minimum allowing these organisations to channel more funds back into direct healthcare provision in their localities.
Equal opportunity

Equal opportunity

UHS is committed to developing a culture that embeds the effective management of equality, diversity and inclusivity in all that we do; providing the necessary resources and leadership to make this happen.

By commissioning annual reports on our workforce we can ensure that this object in not merely a paper exercise but is actually enforced.
Wellbeing

Wellbeing

As an organisation we promote wellbeing to both our patients and our staff. Internally there is a team of people and online resources available to ensure that all staff have access to any support they need easily and quickly.

Pricing

Price
£10,000 to £20,000 an instance a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mymrenquiries@uhs.nhs.uk. Tell them what format you need. It will help if you say what assistive technology you use.