Stratus
Stratus is a fully featured, browser based electronic document management application providing seamless integration with existing systems. Documents collated from multiple external sources are accessed via an intuitive user interface. New electronic forms can also be designed and deployed by the customer to enable new content creation.
Features
- Digital medical records from scanned documents or eForms
- Browser based access from any authenticated device on the network
- VNA & XDS integration to provide clinician access
- Windows AD/LDAP integration
- HL7 compliance and integration
- Device agnostic, designed for tablet use
- Patient timeline view incorporating HL7 clinic data
- Optional integrated form builder and release management process
- Automatic OCR function enabling document keyword search
- Intelligent document indexing via user defined templating
Benefits
- Access to clinical records from anywhere in the trust
- Provides a single view of multiple document sources
- Generate new content via user-defined, standardised forms
- Create virtual folders for sharing and MDT support
- Enjoy rapid access to the complete patient docuement history
- Go digital straight away with EDM & eForms
- Run faster and more reactive clinics
- Easily remove paper blockers in the system
- Centralise and bring to life patient documents
- Massively reduce paper storage costs
Pricing
£8,000 to £12,000 an instance a month
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
3 8 1 0 7 3 7 0 2 1 2 2 1 3 6
Contact
MAGENTUS EHR SOLUTIONS LTD
Kate Smith
Telephone: 01623 489 838
Email: kate.smith@wellbeingsoftware.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- None
- System requirements
- LINUX Server (no software licence required)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response to tickets is instant either via the online web ticketing system or call to the helpdesk. The fix time is covered in the Support Services. Response times are only available on a weekend and where a customer procures 24x7x365 services
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
EHI Provides support on a 9-5 or 24x7x365 basis. All service failures are logged with the EHI helpdesk and a severity level attached to each. EHI has agreed service levels in order to fix service failures within agreed targets (4 hours for a Severity 1; 12 hours for a severity 2; 5 working days for a severity 3 and next software release for severity 4). EHI uses on online logging tool for a full audit trail of the logging and resolution of service failures, which the customer is able to access.
EHI may refer a service failure back to a customer for further information, in order to be able to resolve the issue (this time is deducted from the fix time).
EHI will ensure that the software is available 99.9% of the time and typically measures this using synthetic scripts logging into the software on a workstation housed within the customer environment.
EHI provides reporting against service levels and monitoring of the system.
All upgrades are done during normal business hours unless otherwise agreed with the customer - Support available to third parties
- No
Onboarding and offboarding
- Getting started
- The system is generally supported via a Train the Trainer system where the Trust training team are fully skilled to provide training for Trust staff. User documentation and e-learning resources are available.
- Service documentation
- No
- End-of-contract data extraction
- We will work with the individual Trusts and the new service provider to ensure that data is extracted in a meaningful format.
- End-of-contract process
-
During, and towards the end of a contact term, EHI is able to provide an exit plan with customers to ensure an efficient transition of the services either back in house or to an alternative third party supplier. This will clearly set out the management structure in place, the activities in the final months of the contract and what the requirements are by the customer of the supplier in order to provide information in relation to the services.
The exit plan will identify assets to be transferred and any data migration requirements, how this is managed and any ongoing requirement for the suppliers software at the end of the contract term in order to support the transition of services. The exit plan will set out the suppliers chargeable services and how these are agreed between the parties including timing.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Screen layout is automatically scaled dependent on device screen resolution.
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
- All service set up is carried out by the supplier. The API provides a full suite of functionality for application level changes and user interactivity.
- API documentation
- No
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Administrators of the system can customise the user interface by means of access level control for individual users. This is managed via a built in administration tool.
Scaling
- Independence of resources
- We provide a fully scaleable service that distributes load evenly along the different application components preventing user experience bottle necks.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
The following metrics are provided via reports:
System access, files access, unique users
The Trust will also receive a regular service dashboard report detailing support incidents. - Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- In-house
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- No
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Standard reports can be scheduled to run at regular intervals or on demand outputting to a folder specified by the Trust.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
-
EHI manages availability by an agreed uptime % of 99.9%, measured by running synthetic scripts on a reference workstation housed in the customers environment.
EHI is liable for service credits where the availability service level is not achieved, which increased on a sliding scale to recognise that as the system down time increases then the EHI liability becomes more significant and EHI lose 1 % of the Support Charge as follows:
Availability Service Credit
99.9% 0%
99 – 99.89 2.5%
98 – 98.89 5%
97 – 97.89 7.5%
96 – 96.89 10%
95 – 95.89 12.5%
94 – 94.89 15%
93 – 93.89 17.5%
Less than 93% 20%
The availability calculation will exclude permitted downtime (up to two hours per month) and shall be deemed available when the software is available on the reference workstation. - Approach to resilience
- The application architecture supports multiple deployment options to support various levels of availability and redundancy depending on customer needs and risk assessment.
- Outage reporting
- Customers would be contacted directly to notify/report any service outages via agreed contact methods.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
Role based access to separate administration application restricts supervisor level functions.
Access to support is via agreed Trust support contacts. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 21/04/2018
- What the ISO/IEC 27001 doesn’t cover
- All accreditation's have been met.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
EHI has policies and processes in place to ensure that the organisation complies on an ongoing basis with the requirements of ISO27001. We have an audit schedule which ensures that all aspects of the security management system are audited on a frequent basis with a clear process for dealing with deficiencies identified through audits and managed to resolution (corrective actions plans).
All staff are trained in the security management system and also our security requirements for NHS Toolkit requirements.
All security policies are reviewed at least on an annual basis and the scope, context and the objectives of the system are reviewed regularly by the senior management team.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
EHI maintains a configuration management database that defines software components deployed at each installation including; Application Software Versions, Modules, Operating System, Database versions, software services, integration components & configuration. This data is used to manage risk as part of the change management process to identify relational and dependent component parts during the change advisory board (CAB).
During the CAB such elements reviewed are Security, Business Change, Capacity, Availability risks and relation to other changes that maybe taking place.
All changes to deployed systems are reviewed as part of the change management process. Request for changes (RFC) are reviewed at CAB. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Security advisories are put out by the underlying products that we use which we assess internally against current deployments. Any identified vulnerabilities have hot fixes and updates issued at the earliest opportunity.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Potential compromises are identified by our open source monitoring software as well as in house firewall rules. Clients will be notified of any compromises and these will be rectified at the earliest opportunity.
- Incident management type
- Supplier-defined controls
- Incident management approach
-
EHI has a mature ITIL aligned process that includes Incident, Problem, Event, Change, Configuration, Release and Capacity Management. Incidents are registered on the service desk system directly or by phone or email and are managed by the Incident Manager to ensure compliance with Service Levels.
Incident reports are either provided via the Service Desk Tool or emailed to the user with resolution details and root cause information etc.
Where a major incident occurs a major incident report is provided that identifies the resolution details and any forward actions that need to be implemented to prevent re-occurrences.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- NHS Network (N3)
Social Value
- Fighting climate change
-
Fighting climate change
In collaboration with our parent company, Citadel Group we are fully committed to the objective of being ‘carbon neutral’ in all our operations by 2022.
As a healthcare software supplier, Wellbeing Software has a relatively small carbon footprint as we do not manufacture any tangible goods. To identify our primary sources of carbon emissions we undertake annual greenhouse gas audits (completed by an independent auditor) which help us to identify the main sources of carbon emissions within our operations and this informs our mitigation plans. Our audits have revealed that our emissions are predominately generated due to our use of electricity to power our offices and data centres (around 41%). The second largest source of carbon emissions resulted from business travel (around 34%). No other activity accounted for more than 10% of our total CO2 emissions. In 2019/20 Citadel Group’s emissions had an estimated total output of 1,850.3 tonnes. As a result, we have used carbon offsetting with financial donations made towards reforestation projects in Uganda, Borneo and Cambodia and aligned with the UN Sustainable Development Goals. As a result of these measures Citadel Group’s operations are already classed as Carbon Neutral.
During FY21-22 we anticipate that our CO2 emissions will increase as Covid19 restrictions are lifted and more usual working patterns return. Our Board has fully committed to increase our investment in sustainable projects should our next audit show an increase in our CO2 emissions.
All our offices already use low energy lighting with smart zone technology – these automatically turn lights off when areas are not occupied. We already employ a ‘no printing’ mantra – encouraging all employees to read documents on screen and avoid printing. All of our offices have recycling facilities to separate waste streams at source.
Full Policy available on request.
Pricing
- Price
- £8,000 to £12,000 an instance a month
- Discount for educational organisations
- No
- Free trial available
- No