Medical Audits Limited

Healthcare Auditing, Surveillance, Incident Reporting and Quality Assurance Software

Mobile auditing software platform for hospitals and healthcare.
Monitor compliance, manage risks, close non-compliances, track issues. Purchase any of our 80+ ‘off the shelf’ systems or add all your own hospital's audits.
Real time data, complete flexibility and seamless expansion are standard in Medical Audit’s dependable, unique, user friendly platform.

Features

• Clinical Audit software
• Cleaning audit software, Infection Control audits, Soft FM software
• Real Time Digital Dashboards
• Web Based Management and Reporting System
• Data Analysis, patterns and trends
• Flexible audit scheduling
• Surveillance software for healthcare associated infection
• Compatible with smart phones, tablet computers etc.
• Mobile Auditing software for Healthcare
• Works with and without Wi-Fi

Benefits

• Monitor and evidence compliance
• Mobile auditing and surveillance in hospitals
• Immediate access to results - real time dashboards
• Standardise processes
• Tripled audit capacity - as reported by current users
• Reduced HCAI and cost savings reported by current users
• Measure KPIs and Patient Outcomes
• Huge time savings in data collection & report generation
• Powerful education and training tool
• Evidence compliance for CQC and NHS Improvement

£130 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ann@medicalaudits.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

396184744031763

Contact

Ann Higgins
0121 2708865
ann@medicalaudits.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Community cloud
• Service constraints: Planned Maintenance;; Medical Audits will carry out planned maintenance without affecting service. Generally this will the carried out outside of office hours to ensure maintenance is during periods of anticipated low traffic and by carrying out planned maintenance on part, not all, of the network at any one time.
• System requirements:
  • No minimum system requirements other than access to intermittent Wi-Fi
  • Works on any device connected to internet
  • Works with or without wi-fi
  • No need to download any apps

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email Support; We respond to customer emails with 6 hours - office hours and within 12 hours evenings and weekends.; Helpdesk support ; Phone support is also provided for support issues during office hours; Email support is provided but during and out of office hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Hours of Support: Monday to Friday 9am to 6pm as part of a service level agreement.; Support facilities can include and is not limited to the following: ; ; Helpdesk Support: ; ; Helpdesk support will be provided by telephone and email.; When appropriate, we will endeavour to give an estimate of how long ; a problem may take to resolve. ; Medical Audits will keep the Customer informed of the progress of problem resolution. ; Our support staff will attempt to solve a problem immediately or as soon thereafter as possible. ; ; Remote logged in support: ; Medical Audits, where necessary, can remotely login to provide support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: • Once a Medical Audit’s customer decides to implement Medical Audits TS+, we will immediately prepare their cloud environment, commence configuration and system set up and agree a training schedule to suit the customer.; • The new customer will supply basic hospital information to include in the system and agree set up and configuration requirements.; • The standard system set up and training approach is provided as per the pricing document. ; • Our staff are highly experienced and have a wealth of expertise in change management and auditing processes. We therefore support a range of services which may be considered useful for end user engagement and process readjustment. These services are available based on specific customer requirements and are subject to the SFIA rate card.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video clips
• End-of-contract data extraction: All our data is directly extractable into excel. Users can do this at any time during the contract or when the contract ends. ; Our standard approach in line with our SLA is: ; To provide and offline the customer’s data. ; After 90 days (or earlier upon customer confirmation) the data in the data centre will be deleted.; User accounts will also be deleted. ; Where applicable, decommissioned devices are formatted and physically destroyed to prevent any possibility of data being retrieved.
• End-of-contract process: All our data is directly exportable into excel and users can do this at any time.; Our standard approach in line with our SLA is: ; To provide and offline the customer’s data. ; After 90 days (or earlier upon customer confirmation) the data in the data centre will be deleted.; User accounts will also be deleted. ; Where applicable, decommissioned devices are formatted and physically destroyed to prevent any possibility of data being retrieved.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile service has all the features of the desktop service.; The user interface has been specifically designed and developed for mobile access on both phones and different sized tablet computers.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Our system is customisable by users (based on role access); ; We have designed over 80 audit and risk management systems based on best practice standards. These are peer reviewed and designed to meet CQC and NHS standards.; Users can customise audits if they wish.; User can add their own audits to our system; We can add customers own audits for them if they prefer.; Configuration; We set the system up with customer’s own hospitals, wards and departments as part of implementation. ; The customer can then change and update these as the need arises. ; If we have added rooms, customers can easily edit and change these.; The customer can also easily change email recipients, set up users and alter report features and outputs.

Scaling

• Independence of resources: We utilise load balancing to manage traffic and distribute workloads across resources to ensure users aren't affected by the demand of other users. We have complete control over the maximum demand on our resources and can scale up as necessary base on the number of customers and their peak demands. For our customer this means a dynamically scaleable solution because users only consume the amount of online computing resources they actually want. We continue to monitor traffic on our servers and can increase the capacity as required thus guaranteeing users are unaffected by demands of other users.

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide data on storage usage. However we don't charge customers based on the usage. We can provide data on users accessing the system dates, times and length of time accessing. We can also provide specific user data such as audit results by user and number of observations entered etc.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: All our data is directly exportable into excel by users at any time.; The process is very simple.; Service Migration:; Medical Audits commits to returning all customer data as requested. We are happy to support migration requests. Pricing for service is according to our SFIA rate card. ON request, data in our data centre can be deleted.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Excel
  • PDF
  • JPEG
• Data import formats: Other
• Other data import formats:
  • Talk to text
  • Touch screen select from options
  • Type in data

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Performance and Availability ; ; The performance of the service is guaranteed 99.99% availability.; ; SaaS Updates ; ; Licensed Customers will be entitled to receive Software updates when they are made generally available to Medical Audits TS+ customers. ; ; Financial recompense is offered via Service Credits.
• Approach to resilience: Data centre set up is available on request.
• Outage reporting: Any outrages such as unplanned downtime are emailed directly to customers. ; Urgent issues are phoned directly to the customer superuser.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to information is restricted to authorised users who have a bona-fide business need to access information and a formal policy controls access to management privileges which are on a need to know basis only. User accounts with special access privileges (e.g. administrative accounts) are not used for day to day basis and are used for the minimum time required to carry out the specified tasks.; Administrative access is reviewed on a regular basis. Passwords on admin accounts are changed every 60 days. A list of the people who have admin accounts is maintained and stored securely.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials Security Certified
  • ISO 9001 2015
  • IASME CYBER ASSURANCE LEVEL 1
  • GDPR

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: ISO 9001 2015 accredited company.; Cyber security certified; IASME certified. Medical Audits complies with relevant information security legislation including but not limited to Data Protection Act 1998, 2018, Computer misuse act 1990, the common law of confidence, the human rights act 1998 and the electronic communications act 2000.
• Information security policies and processes: Our Information security is managed and overseen by our technical director who has overall responsibility for security in the business. Our technical director is also our data protection officer. We have a standalone security policy that forms part of our ISO 9001 2015 accreditation document. This policy is reviewed as part of our ISO accreditation process and is also in the event of any security near miss or incident.; The policy is distributed to employees and directors at induction and is part of their contractual obligations. The policy refers to the following:; IPR and legal requirements- staff and personal security are included.; - Business continuity measures; - Security incident management; - Security from malware and intrusion; -Computer and network security; -Physical and environmental security; ACCESS MANAGEMENT; Asset management- staff have access on a needs only bases.; Access is controlled by strong user passwords and user access levels.; Access to premises is controlled by security locks, alarm, 24 hour CCTV etc.; PERSONAL SECURITY; Staff recruitment - reference checking, data protection, IPR, access codes passwords etc. are all included in personal security.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: No new systems, new applications or system modifications are permitted without review and approval of our Director of Technology. ; All Security requirements are checked and also managed and approved by our Director of Technology. ; All changes to information systems applications or networks are approved by the Technical Director before implementation.; All non required standard software is removed from our devices as part of the device set up.; All auto-run programmes are disabled on configuration for use in the organisation. ; All customer data is held on dedicated encrypted servers in Tier 3 server warehouse certified to ISO 27001
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: A vulnerability scan is carried out biannually on our system. Potential new threats, vulnerabilities or exploitation techniques which could affect the service are assessed and corrective action is taken, All our computers are running windows 10 or windows 7 and are set to install updates automatically from Microsoft. Our Mobile tablets have our own operating system version in place and are supported and continually updated by our sub contracted IT provider. According to our strict change management process, known vulnerabilities are tracked by our Technical Director until mitigations have been deployed.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The web application uses Microsoft SQL database, protected from outside connections by the firewall, which is configured to only allow connections to the database from the web application. Event & log files are regularly checked for unusual activity. Anti-malware software installed on all computers & mobile devices an is set to auto update every hour. All the operating systems and hardware are supported by a supplier and have the appropriate licences. Malicious website protection is constantly enabled. Software is set to run anti-malware software daily against all stored data. Firewalls are used to protect the computer network and the devices.
• Incident management type: Supplier-defined controls
• Incident management approach: Users have access to a structured online incident reporting form. Process updates are fed back within publicised timescales.; Internally any events identified are recorded in an incident electronic log and reviewed weekly by the IT director to investigate any patterns or updates required or immediately for urgent events.; Predefined processes are in place for common events e.g.slowing of the web application ensuring incidents and near misses are reported to he director of IT and investigated. Records are kept of the outcome of all security incident investigations in accordance with our ISO 9001 2015 accreditation process.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

  Covid-19 recovery

  Improve workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions.

  Tackling economic inequality

  Support the development of scalable and future-proofed new methods to modernise delivery and increase productivity.; - Demonstrate collaboration throughout the supply chain, and a fair and responsible approach to working with supply chain partners in delivery of the contract.

  Equal opportunity

  Influence staff, suppliers, customers and communities through the delivery of the contract to support disabled people

Pricing

• Price: £130 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We are happy to provide a free trial of the software. The potential customer will be provided with the majority of the functionality of the system for an agree period of time. We provide onsite support for trials.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ann@medicalaudits.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.