MEDAPPS PTY LTD

Med App

Med App is a healthcare focused mobile app and web dashboard for delivering clinician orientation, workforce engagement, wellbeing and hospital efficiency. We do this through best in class clinical orientation and engagement tools as well as automation and workflow tools for hospital administrative and education staff.

Features

• Upload and edit HTML, PDF, Excel, images, external links
• Upload numbers to a ‘direct-dial’ directory
• Send push notifications to user roles and cohorts.
• Send trackable, personalised messages to individual users or role groups
• Automate event push notifications, surveys, QR code attendance and reports
• Create and send survey templates and link to Events
• Create, send and complete form templates via mobile app
• Custom groups for use with Announcements, Events, Surveys and Forms
• Full service customer success and support
• Analytics, benchmarking and reporting

Benefits

• Save 5 minutes for every 1 minute in the app
• Orientate clinicians before they arrive on site
• Communicate relevant information and communications to specific cohorts
• Offline access to key content
• Automate and streamline education and assessment workflows
• Remove paper processes in the hospital education and administration

£2 to £10 a user a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at duncan@med.app. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

375641429750737

Contact

Duncan Paradice
61409749779
duncan@med.app

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Some features may not be available if subscription arrangements are chosen that do not include those linked features.
• System requirements:
  • IOS 11 and greater
  • Dashboard browser Edge (within last 5 versions)
  • Dashboard browser Chrome (within last 5 versions)
  • Dashboard browser Firefox (within last 5 versions)
  • Dashboard browser Opera (within last 5 versions)
  • Android 6 and greater

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: During weekday business hours response times are generally less than 5 min.; Non-business days/hours responses will generally be next business day (however may be less in some circumstances). If a customer requires greater response times outside of normal business hours this can be arranged.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We have not conducted any specific chat testing. However the service we use to deliver the in-app / dashboard chat has been built to comply with the relevant standards.
• Onsite support: Yes, at extra cost
• Support levels: Med App has a single tier of support that comes with the standard Med App subscription service. This pricing can be found in the relevant pricing sections.; Med App aims for on-site implementation support however has effectively implemented in both the UK and Australia in a fully remote model.; Every Med App account has an assigned Customer Success Manager who is the dedicated point of contact for that site. The Customer Success Manager can receive technical queries and issues and channel to the relevant team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide full implementation support including account, location and discipline configuration and setup. Initial on-boarding of Buyer’s Data for new locations/disciplines/units. Initial dashboard training for new locations/disciplines/unit managers. Go-live support and communications.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Online
• End-of-contract data extraction: They can download themselves direct from the dashboard before the contract ends, or request a database export from the Med App support team.
• End-of-contract process: Any assistance with export of content, logs, or other custom reports will be an additional cost. Users will continue to have full access to the dashboard and app with full feature access (as per the subscription) until the end of the contract period.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile is primarily for end users (clinicians) while the desktop is for the hospital administration and management staff.; Some features are available via the desktop for all users such as event sign-on, survey completion and form completion.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Users will be required to liaise with the Med App product team to determine use cases, requirements and setup of access to the Med App API.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Med App has a high capacity to manage demand on the system by multiple users at once. We also use auto-scaling to ensure resources are available when needed.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide aggregated usage data for a customer account. Either on a quarterly basis or on request. There is a wide range of metrics that we report on, some of the primary ones are sessions per user, total sessions, active users, most viewed content, dashboard activities and feature engagement.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can download the data as it was uploaded to the platform via the dashboard or they can run reports for some features within the app. Mobile users can export attendance data directly. Any other custom requests for specific data can be made to the Med App support team.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • PDF
  • JPEG
  • PNG

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: During the term of the applicable subscription agreement, the Service Provider will use reasonable efforts to achieve a Monthly Uptime Percentage of at least 99.5% for any calendar month.; ; Service credits are issued as a financial reimbursement if the Service Provider does not meet the Service Provider SLA for a particular month of the ordered term. If the uptime percentage is not met for a Customer we will provide the applicable remedy set forth in the SLA.
• Approach to resilience: Available on request.
• Outage reporting: Public notice board and email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: We use the principle of least privilege to provide users who require access to management interfaces and support channels with with the the lowest access that they need to do their job. We also enforce individual login credentials and 2FA (2FA enforcement may depend on the specific management portal or support channel being accessed).
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Queensland eHealth Cloud Security Assessment
  • New South Wales eHealth Security Assurance Framework (PSAF)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: All our security policies, processes and regular reviews are mapped to the ISO 27001 standard and monitored through our Drata automated monitoring platform. ; Under our current governance system we have assigned Security and Privacy Officers. These roles are not standalone and currently sit with personnel in other executive roles (primarily due to organisational size). The executive team also conducts a security review on a quarterly and annual basis.; ; All security policies and plans have an assigned author and reviewer and are reviewed on an annual basis.
• Information security policies and processes: All our security policies and processes are mapped to the ISO27001 standard. We use an automated security platform called Drata to automate monitoring of controls and security weaknesses as well as ensure all staff are complying with those policies. We also use this platform to automate review, follow up and task allocation for security policy process and review.; Med App has executive level staff that are responsible for privacy and security. These staff report directly to the CEO.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our processes are defined in our Change Management policy which includes details of configuration management and the configuration management plan.; Briefly, this includes using configuration management tools within our cloud provider to standardise and automate configuration, ensuring there is a clear chain of approval that is required for all changes moving through the environment hierarchy, automated tooling to generate documentation and record previous versions and a rigorous testing regime that includes the use of automated testing services and human based testing that includes assessment of potential security issues.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our approach to vulnerability management is defined within our Vulnerability Management Policy.; Briefly, vulnerabilities are assessed on an ongoing basis using automated platforms such as Drata Agent, AWS scanning and security testing tools, Auth0 scanning and security testing and Cloudflare scanning. Additional periodic security scans of systems are done using a combination of external open-source and commercial vulnerability testing tools.; Patches are deployed in line with our policy depending on the severity level. from Critial (within 24 hrs) to Low (using best efforts).; Information about threats are obtained from the assessment platforms used as well as regular management security reviews.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our approach is determined by relevant policies including Vulnerability Management Policy, Incident Response Plan and Disaster Recovery Plan.; Potential compromises may come from automated scanning tools, customer notifications or internal identification.; Response times will depend on the severity level of the compromise or incident. However once notification of a potential compromise has occurred the relevant policy will be activated and assessed accordingly. Generally though, our response to any potential compromise (regardless of potential severity) is immediate and a fix or patch is worked on until resolved. Regular communications are always maintained with affected customers.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management approached is defined within our Incident Response Plan.; All potential incidents are dealt with according to this plan as there are not common events that occur within our platform that meet the level of an incident.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Wellbeing

  Covid-19 recovery

  Ensuring all healthcare professionals are capable, confident and efficient in their work. Given significant clincian burnout from the pandemic and future staff shortages it is essential that health services continue to deliver solutions that support all clinicians, education and administrative staff to deliver the best care possible. Med App is focused on improving clinician practice and wellbeing.

  Wellbeing

  As a software as a service tool focused on ensuring healthcare professionals are capable, confident and efficient in their work, we believe a key component is being able to deliver wellbeing information and resources alongside practical information that helps make them better at their job. We provide easy access to local wellbeing information and resources, ensuring people feel free to access this information and also provide evidence based baseline wellbeing information where needed. Given the significant clinician burnout and workforce shortages it is essential that healthcare organisations deliver solutions that support them rather than hinder.

Pricing

• Price: £2 to £10 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at duncan@med.app. Tell them what format you need. It will help if you say what assistive technology you use.