Beamtree UK

RippleDown Auditor

RippleDown Auditor automates real-time reviews of all data, ensuring accuracy across data entry, billing, and specimen reception, flagging suspected errors as they arise. It brings financial governance, visibility, and optimisation to pathology business processes. RippleDown Auditor can be managed by Administrators with zero requirement for IT or programming skills.

Features

• Web application accessible
• Remote access accessible
• Knowledge builder - Build algorithms without IT coding knowledge
• Cornerstone: Feature which shows real life example cases
• Auditor: Enables end users to audit "High-Risk" cases
• LabQ: A data mining tool for data extraction
• Translator: Enables client to provide an alternate language translation
• Administrator: To manage all the Knowledge Bases and users

Benefits

• RippleDown Auditor has real time performance web based dashboards
• RD Auditor immediately identifies data entry errors
• RD Auditor increases invoicing accuracy
• Managed by subject matter experts (Pathologists, Clinicians, Scientist, Admin etc)
• No programming skills required
• Infinite rule building capability
• Data agnostic

£0.25 a transaction

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.nobbs@beamtree.com.au. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

393204757145400

Contact

Jennifer Nobbs
07400836269
jennifer.nobbs@beamtree.com.au

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Beamtree conducts scheduled maintenance outside of business hours to minimize interruptions. Any maintenance windows will be communicated within the application.; ; There are no constraints on the application's use from the user's perspective, other than the requirement of access to modern web browsers and appropriate network resources and bandwidth. ; ; License is locked to MAC address.
• System requirements:
  • Only require RippleDown license which is locked to MAC address
  • Linux or Windows Server 2012+ that can support Java 17

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Automated response within 15minutes
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: BMT will provide telephone support during the support hours to assist the licensee in identifying any issues contained within the Licensed Software.; ; Requests for support can also be submitted by email.; ; Onsite support: Upon receipt of a written request from the Licensee, BMT will provide the Licensee on-site software support services at a mutually agreed time and in such event where the Licensee requests on-site support in which case the Licensee agrees to pay BMT all reasonable costs associated with the provision of on-site support, including charges for BMT's reasonable personnel, travel, lodging and miscellaneous expenses related to such on-site support. ; ; First-level support: BMT will provide basic help desk services, and this will typically include initial call handling, call logging, assignment of call priority and queue placement and escalation to second-level support as required.; ; Second-level support: BMT will provide second level support. Second level support will provide more detailed problem diagnostic services as well as any problem duplication for identifying complex problems and licensed software defects that cannot be resolved by the first level support. ; ; Third level support: BMT will engage a support specialist or third party, for product design problem analysis, and to formally escalate problems.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The RippleDown (RD) team (Head of Diagnostics, Operations Manager, Application specialist, IT Engineers and Developers) will work with the client's teams including Executives, Senior Leaders, Pathologists, Laboratory Teams, Subject Matter Experts and IT Teams from end to end. This includes (but not limited to):; *Planning of implementation process and building of the solution (IT and laboratory technical); *Installation of the software solution; *Configuring of the software solution; *Training and competency assessment (Onsite and remote as appropriate); *Training for the Client's IT team; *Go-live support (Onsite and remote as appropriate); *Post Go-live support (Onsite and remote); *Future Solution planning (E.g. for Knowledge base expansion); *Periodic Health-checks, performance analysis, review monitoring and discussions with leaders as required; *Refresher/On going competency training as required; *User group meetings will also be organised by BMT from time to time. ; Electronic implementation and user guides, relevant technical specifications , software update guides will be provided as required.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The data belongs to the customer. We do not perform any data extraction when the contract ends.
• End-of-contract process: Within price of contract the following steps are followed when contract ends:; 1. Client notifies Beamtree of intention to terminate contract by set date, including if a copy of the client's data stored by Beamtree is required or if destruction of all data is required.; 2. Beamtree disables data ingestion for client organisation on agreed date, and disables secure data transfer keys.; 3. Beamtree disables client access to application on agreed date, and creates a copy of data or deletes all data stored by Beamtree.; 4. Letter is provided to client confirming all data held by Beamtree has been deleted (where data is deleted) within 60 days of client contract end date.; Any additional requirements required by a client organisation at the end of the contract over and above the steps outlined above can be negotiated with Beamtree for an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: RippleDown Auditor is a web-based application. Users access it through major web browsers to interface and interact with the platform.; ; RippleDown Auditor does require a thick client for administrative functions.; ; The application can be interfaced to the LIS. E.g (but not limited to); - REST; - HL7; - Ultra; - CSV
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None, but is being planned.
• API: Yes
• What users can and can't do using the API: Our API can:; - request to interpret the case; - can also request for status of the case previously sent
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: There are many configurable items within RippleDown Auditor. It is encouraged that the configurable items are configured by the end users being the Pathologists, Laboratory Team or subject matter experts (or IT teams if that is the preference), after all RippleDown Auditor was created by Pathologists (or specialist end users) for Pathologists (or specialist end users). Some of the configurable items include (but not limited to):; *Unlimited customisation of the rules/algorithms limited by the end user's imagination. Note: This solution is assisted by AI technologies such as the Syntax assistant; *Configurable data outputs ; *Configurable data inputs enabling the client to choose what data inputs are used for rule/algorithm building.; *Highly Configurable administration permissions or end user workflow and use of the RippleDown Auditor solution; *Configurable que function enabling visibility of the correct workflow for the correct end-user as determined by Key Operators. ; *Configurable visual elements within the reports or fields to highlight fields/items of interest or clinical significance

Scaling

• Independence of resources: Users generally work on separate sessions.

Analytics

• Service usage metrics: Yes
• Metrics types: RippleDown Auditor have a Dashboard functionality that provides key analytic statistics
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Obfuscation and optional database encryption.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported via Excel/CSV or HTML
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel (.xlsx)
  • HTML
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: RSA Encryption
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: Optional encryption in database

Availability and resilience

• Guaranteed availability: This will be tailored to the client. RippleDown Auditor has a high availability feature (estimated at 99%)
• Approach to resilience: RippleDown Auditor is a high availability solution and also has the following features (but not limited to):; *Daily back-up; *Ability to restore from backup; *Incoming and outgoing messages are also backed up.
• Outage reporting: N/A

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: A role-based access will be implemented with specific permission groups that allow access to administrator module.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: ISO9001, ISO13485
• Information security policies and processes: We proactively integrate security governance into our business operations, underpinned by established policies and industry frameworks, and maintain a dynamic, strategic yearly roadmap for risk remediation and control implementations. Through continuous audits, monitoring, and staff training, we ensure ongoing improvement, while regularly refining our practices to stay aligned with evolving standards and threats, thereby fostering a vigilant and responsive security posture organization-wide.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our change management policy ensures IT changes are safe and efficient, emphasizing trust, risk assessment, and clear communication. We use version control for robust testing and follow a structured path from development to staging to production. This process, along with strict security and operational readiness reviews and tests, maintains system stability while allowing for quick responses to urgent unplanned changes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management process is designed to identify, analyze, prioritize, and remediate cybersecurity threats efficiently. We assess potential threats through a combination of vulnerability scanning tools (Rapid7, AWS inspector, Snyk and more), threat intelligence feeds, and external reports, ensuring a comprehensive understanding of potential risks. Patches are deployed rapidly, adhering to our SOP which mandates specific time frames for remediation based on the severity of the vulnerability.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our monitoring systems, including SIEM, IDS, and EDR, swiftly identify potential security breaches. Our Cyber Security Incident Response Team (CSIRT) categorizes the incident based on its severity and impact, and immediately initiates containment, eradication, and recovery procedures as per our detailed Incident Response Plan. Critical issues are tackled within an hour to reduce impact. Our methodical approach and incident categorization ensure efficient, effective responses.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The Beamtree quality management system has been developed to maintain certification against:; *ISO9001:2015; *ISO 13485:2016 + A11:2021; ; and to comply with; *IEC 632304:2016 + A1:2015; *ISO 14971:2019 + A 11:2021; *IEC 62366-1:2015; *IEC 832304-1:2017

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: NHS Network (N3)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  RippleDown Auditor is a complete digital solution that connects to the LIS/EMR enabling digital workflows, reflex testing and the immediate correction of data entry errors. These digital workflows while allows for significant workflow efficiencies also reduces carbon footprint as they:; ; *are paperless contributing to minimising the use of non-renewable materials; *minimises the requirement for unnecessary re-testing/re-work and the subsequent use of additional testing material due to human errors; ; Moreover, by minimising the use of non-renewable materials and additional testing materials, RippleDown Auditor reduces carbon footprint and ultimately contributes to fighting climate change.

  Covid-19 recovery

  RippleDown Auditor can create and automate patient-centric reports at scale. Utilising RippleDown Auditor can enable the client's molecular teams to potentially create and automate patient centric Covid-19 workflows and reporting and ultimately enabling for improved patient outcomes contributing to Covid-19 recovery. ; ; Moreover, RippleDown Auditor as an online digital accessible application, also supports remote and virtual/hybrid working models (if required) enabling effective social distancing and ultimately contributing to Covid-19 recovery.

  Tackling economic inequality

  RippleDown Auditor minimises the need for unnecessary re-work/re-testing though digital automation while also automating exceptionally patient centric reports. This contributes to potentially optimising patient testing, frequency of testing and also specificity of patient testing and reporting. ; ; In turn, these functions not only create for the ultimate patient outcome and care but also has the potential to reduce the overall cost of public health testing contributing to a more sustainable and accessible public health system and ultimately tackling economic inequality.

  Equal opportunity

  Beamtree contributes to equal opportunity employment, supports workforce equality, diversity in all forms and is against modern slavery.

  Wellbeing

  RippleDown Auditor improves the Well Being of clients and the patient community that the client supports by:; * Automating routine laboratory process and reporting enabling clients (such as Pathologist or Administrators) to be free from mundane tasks and to focus on high value, clinically significant processes and reporting; * Automating simple and complex reflex testing saving precious Pathologist time from mundane task contributing to Pathologist workforce well being; * Capturing errors from Data entry operators and allowing for immediate error correction, informing data entry operators and trainers in real time to enable greater workforce engagement, better quality training and more time to focus on higher value works.

Pricing

• Price: £0.25 a transaction
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.nobbs@beamtree.com.au. Tell them what format you need. It will help if you say what assistive technology you use.