Skip to main content

Help us improve the Digital Marketplace - send your feedback

MEDAPPS PTY LTD

Med App

Med App is a healthcare focused mobile app and web dashboard for delivering clinician orientation, workforce engagement, wellbeing and hospital efficiency. We do this through best in class clinical orientation and engagement tools as well as automation and workflow tools for hospital administrative and education staff.

Features

  • Upload and edit HTML, PDF, Excel, images, external links
  • Upload numbers to a ‘direct-dial’ directory
  • Send push notifications to user roles and cohorts.
  • Send trackable, personalised messages to individual users or role groups
  • Automate event push notifications, surveys, QR code attendance and reports
  • Create and send survey templates and link to Events
  • Create, send and complete form templates via mobile app
  • Custom groups for use with Announcements, Events, Surveys and Forms
  • Full service customer success and support
  • Analytics, benchmarking and reporting

Benefits

  • Save 5 minutes for every 1 minute in the app
  • Orientate clinicians before they arrive on site
  • Communicate relevant information and communications to specific cohorts
  • Offline access to key content
  • Automate and streamline education and assessment workflows
  • Remove paper processes in the hospital education and administration

Pricing

£2 to £10 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at duncan@med.app. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 7 5 6 4 1 4 2 9 7 5 0 7 3 7

Contact

MEDAPPS PTY LTD Duncan Paradice
Telephone: 61409749779
Email: duncan@med.app

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Some features may not be available if subscription arrangements are chosen that do not include those linked features.
System requirements
  • IOS 11 and greater
  • Dashboard browser Edge (within last 5 versions)
  • Dashboard browser Chrome (within last 5 versions)
  • Dashboard browser Firefox (within last 5 versions)
  • Dashboard browser Opera (within last 5 versions)
  • Android 6 and greater

User support

Email or online ticketing support
Email or online ticketing
Support response times
During weekday business hours response times are generally less than 5 min.
Non-business days/hours responses will generally be next business day (however may be less in some circumstances). If a customer requires greater response times outside of normal business hours this can be arranged.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
We have not conducted any specific chat testing. However the service we use to deliver the in-app / dashboard chat has been built to comply with the relevant standards.
Onsite support
Yes, at extra cost
Support levels
Med App has a single tier of support that comes with the standard Med App subscription service. This pricing can be found in the relevant pricing sections.
Med App aims for on-site implementation support however has effectively implemented in both the UK and Australia in a fully remote model.
Every Med App account has an assigned Customer Success Manager who is the dedicated point of contact for that site. The Customer Success Manager can receive technical queries and issues and channel to the relevant team.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide full implementation support including account, location and discipline configuration and setup. Initial on-boarding of Buyer’s Data for new locations/disciplines/units. Initial dashboard training for new locations/disciplines/unit managers. Go-live support and communications.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
Online
End-of-contract data extraction
They can download themselves direct from the dashboard before the contract ends, or request a database export from the Med App support team.
End-of-contract process
Any assistance with export of content, logs, or other custom reports will be an additional cost. Users will continue to have full access to the dashboard and app with full feature access (as per the subscription) until the end of the contract period.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile is primarily for end users (clinicians) while the desktop is for the hospital administration and management staff.
Some features are available via the desktop for all users such as event sign-on, survey completion and form completion.
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
Users will be required to liaise with the Med App product team to determine use cases, requirements and setup of access to the Med App API.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Med App has a high capacity to manage demand on the system by multiple users at once. We also use auto-scaling to ensure resources are available when needed.

Analytics

Service usage metrics
Yes
Metrics types
We provide aggregated usage data for a customer account. Either on a quarterly basis or on request. There is a wide range of metrics that we report on, some of the primary ones are sessions per user, total sessions, active users, most viewed content, dashboard activities and feature engagement.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
Other locations
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users can download the data as it was uploaded to the platform via the dashboard or they can run reports for some features within the app. Mobile users can export attendance data directly. Any other custom requests for specific data can be made to the Med App support team.
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • PDF
  • JPEG
  • PNG

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
During the term of the applicable subscription agreement, the Service Provider will use reasonable efforts to achieve a Monthly Uptime Percentage of at least 99.5% for any calendar month.

Service credits are issued as a financial reimbursement if the Service Provider does not meet the Service Provider SLA for a particular month of the ordered term. If the uptime percentage is not met for a Customer we will provide the applicable remedy set forth in the SLA.
Approach to resilience
Available on request.
Outage reporting
Public notice board and email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
We use the principle of least privilege to provide users who require access to management interfaces and support channels with with the the lowest access that they need to do their job. We also enforce individual login credentials and 2FA (2FA enforcement may depend on the specific management portal or support channel being accessed).
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • Queensland eHealth Cloud Security Assessment
  • New South Wales eHealth Security Assurance Framework (PSAF)

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
All our security policies, processes and regular reviews are mapped to the ISO 27001 standard and monitored through our Drata automated monitoring platform.
Under our current governance system we have assigned Security and Privacy Officers. These roles are not standalone and currently sit with personnel in other executive roles (primarily due to organisational size). The executive team also conducts a security review on a quarterly and annual basis.

All security policies and plans have an assigned author and reviewer and are reviewed on an annual basis.
Information security policies and processes
All our security policies and processes are mapped to the ISO27001 standard. We use an automated security platform called Drata to automate monitoring of controls and security weaknesses as well as ensure all staff are complying with those policies. We also use this platform to automate review, follow up and task allocation for security policy process and review.
Med App has executive level staff that are responsible for privacy and security. These staff report directly to the CEO.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our processes are defined in our Change Management policy which includes details of configuration management and the configuration management plan.
Briefly, this includes using configuration management tools within our cloud provider to standardise and automate configuration, ensuring there is a clear chain of approval that is required for all changes moving through the environment hierarchy, automated tooling to generate documentation and record previous versions and a rigorous testing regime that includes the use of automated testing services and human based testing that includes assessment of potential security issues.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our approach to vulnerability management is defined within our Vulnerability Management Policy.
Briefly, vulnerabilities are assessed on an ongoing basis using automated platforms such as Drata Agent, AWS scanning and security testing tools, Auth0 scanning and security testing and Cloudflare scanning. Additional periodic security scans of systems are done using a combination of external open-source and commercial vulnerability testing tools.
Patches are deployed in line with our policy depending on the severity level. from Critial (within 24 hrs) to Low (using best efforts).
Information about threats are obtained from the assessment platforms used as well as regular management security reviews.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our approach is determined by relevant policies including Vulnerability Management Policy, Incident Response Plan and Disaster Recovery Plan.
Potential compromises may come from automated scanning tools, customer notifications or internal identification.
Response times will depend on the severity level of the compromise or incident. However once notification of a potential compromise has occurred the relevant policy will be activated and assessed accordingly. Generally though, our response to any potential compromise (regardless of potential severity) is immediate and a fix or patch is worked on until resolved. Regular communications are always maintained with affected customers.
Incident management type
Supplier-defined controls
Incident management approach
Our incident management approached is defined within our Incident Response Plan.
All potential incidents are dealt with according to this plan as there are not common events that occur within our platform that meet the level of an incident.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Covid-19 recovery
  • Wellbeing

Covid-19 recovery

Ensuring all healthcare professionals are capable, confident and efficient in their work. Given significant clincian burnout from the pandemic and future staff shortages it is essential that health services continue to deliver solutions that support all clinicians, education and administrative staff to deliver the best care possible. Med App is focused on improving clinician practice and wellbeing.

Wellbeing

As a software as a service tool focused on ensuring healthcare professionals are capable, confident and efficient in their work, we believe a key component is being able to deliver wellbeing information and resources alongside practical information that helps make them better at their job. We provide easy access to local wellbeing information and resources, ensuring people feel free to access this information and also provide evidence based baseline wellbeing information where needed. Given the significant clinician burnout and workforce shortages it is essential that healthcare organisations deliver solutions that support them rather than hinder.

Pricing

Price
£2 to £10 a user a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at duncan@med.app. Tell them what format you need. It will help if you say what assistive technology you use.