Kainos Software Ltd

Evolve EMR-as-a-Service

Evolve-an award-winning Medical Record platform supporting Digital Maturity programmes through the removal of paper from the care process. Provided as a fully managed service, delivered securely using Microsoft Azure’s cloud. Secure, audited storage and management of patient documentation, enabling paperless working through the configuration of digital workflows and electronic forms.

Features

• Fully managed service, delivered securely via the cloud.
• End-to-end network, server, database, application management through Microsoft Azure.
• ISO27001 security (NCSC aligned) and ISO20000 service management accredited.
• Deployed in cloud with advanced security measures and tooling.
• Access patient records instantly via mobile devices and desktops.
• Interoperability with EPRs based on HL7 standards including Spine.
• eReferrals, iPad offline access, clickthrough to other clinical systems.
• Access information quickly through a simple, intuitive user interface.
• Digital patient records and electronic document management.
• Highly configurable and scalable, used by 150,000 clinicians.

Benefits

• Electronic forms and workflow enables paperless working.
• Improved information sharing and collaboration across systems and teams.
• Constant access to the latest Evolve functionality when released.
• Release IT staff for other priorities, improving clinician efficiency.
• Reduced management overhead – Kainos manages the end-to-end service.
• Maximised availability – Resiliency and Disaster Recovery (DR) built in.
• Reduced risk – protected by Azure and enhanced operational security.
• Adopt Cloud safely – real experience migrating mission critical services.
• Supports digital maturity and paperless working.
• Supports the Government’s 2020 personalised health and care agenda.

£280,000 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at presales@kainos.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

415922797861880

Contact

Gareth Black
028 9057 1100
presales@kainos.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Details of the Evolve EMR-as-a-Service in the Cloud service are included in the attached service definition document and T&Cs.
• System requirements:
  • SQL Server licensed by the Customer for on-premise and cloud.
  • Appropriate internal network, external network and connections.
  • On premise servers and PCs where local scanning is required.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our standard support response times range from 60 minutes to 2 days depending on the incident categorisation and prioritisation as defined in a tailored service level agreement (SLA) per service.; The tailored SLA also defines the agreed hours of support service available which can range from 24x7 to weekdays 09:00 to 17:00.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: For some of our clients in support, we have configured collaborative groups using the likes of MS Teams to allow the client real-time interaction with support engineers.
• Web chat accessibility testing: We can configure collaborative groups using the likes of MS Teams to allow the client real-time interaction with support engineers.; However, we have not performed any specific testing with assistive technology users.
• Onsite support: Yes, at extra cost
• Support levels: Our mature cloud support service blends continued service improvement with defect resolution, to ensure user needs, business goals, and performance targets are realised and user satisfaction is maximised.; ; We offer a range of support levels (3rd & 4th line) that are aligned to the client’s support requirements and defined in a tailored service level agreement. Our support methodology is based on the rigour of ITIL and the flexibility of Agile principles and a Dev Ops culture. This blend results in a robust break-fix service and pragmatic service targets which are ITIL-aligned and underpinned by our ISO 9000, ISO 20000, and ISO 27001 accreditation.; ; Support is included as part of the service cost.; ; A typical support team is led by a technical account manager who is responsible for day-to-day support and allocation of support requests to multiple cloud support engineers. This approach provides a resilient support service with sufficient cover to ensure all support requests are managed in an effective and efficient manner.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We have introduced carefully selected inline help and tutorials to allow new users to get accustomed to the solution quickly. ; ; Service users have access to online help within the majority of the screens to explain their purpose and assist in making the best use of solution functionality. ; ; Optional onsite end-user and admin training are available on request.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Kainos shall make the Evolve Web API available to provide the Customer with the capability to extract data from within Evolve.
• End-of-contract process: Upon the end of the contract, Kainos will provide the Customer with a temporary extension to the licence for the Evolve Web API (including documentation), free of charge to facilitate the extraction process. ; ; After the end of the contract, the Evolve service will be provisioned for a period of one month to enable the Trust to extract the required data from Evolve. Following extraction of the data, disposal schedules can be configured to trigger the destruction of the electronic records stored within Evolve. Configuring retention and disposal schedules is a topic covered in the Evolve for Records Managers training course. Evidence of destruction would be provided via audit logs of the disposal process. ; ; Kainos will provide this assistance on a time and materials basis (at the applicable rate card). ; ; Expenses incurred in conjunction with these services, including the use of third-party equipment or services e.g. third-party hosting charges required for transition, will be chargeable to the Customer.

Using the service

• Web browser interface: Yes
• Supported browsers: Internet Explorer 11
• Application to install: Yes
• Compatible operating systems:
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Evolve for iPad has been optimised for mobile devices running on the iOS platforming, leveraging native iOS capability including offline working and security.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: We have two service interfaces. The first is a browser-based web client, the second is a native iOS mobile application used with iPad devices.
• Accessibility standards: None or don’t know
• Description of accessibility: During the development of Evolve EMR, the user's voice was the focus of the User Stories used to design the solution. This solution design is user-centric to drive through the importance of ease of use and to allow users to quickly and easily find the clinical information they need.
• Accessibility testing: Kainos has a team of highly experienced usability experts who have conducted extensive usability testing with a wide range of end-users including users of assistive technology. Further details are available on request.
• API: Yes
• What users can and can't do using the API: The Evolve Web API uses a REST based industry-standard interface for accessing clinical patient data and for accessing Evolve functionality. Its interface provides a simple way for external client applications to be developed to communicate with Evolve based on HTTP requests and where data can be returned in JSON or xml format. The Evolve Web API also provides customers with a means of direct integration with Evolve from their existing clinical systems by allowing them to access and retrieve information from an Evolve patient record. The customers are also free to develop their own applications that can make use of the Evolve Web API.; ; Roles, groups, and scope are used to limit user access to specific API functions. ; ; REST resources are provided within the API to manage the following areas of functionality within Evolve:; ; • Authentication; • Reference Lists; • Patient Lists; • Patients; • Patient Documents; • Patient Imaging Studies; • eForms and Workflow; • Living Forms; • Folders; • Logging ; • Smart Bookmarks ; • Pathology.
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: What - ; A high level of configurability allows individual customers to customise to their own specific requirements and to introduce functionality at a rate that suits them. ; ; How - ; Out-of-the-box and customised templates within the solution provide a highly flexible customisation approach. Customers can create their own electronic forms and workflows to meet ever-changing requirements without the need for developers.; ; Who - ; Business users can customise Evolve EMR, programming skills are not required. Electronic forms and workflows can easily be customised or created by administrators using available data sets.

Scaling

• Independence of resources: Evolve EMR runs on a dedicated cloud instance of a highly scalable cloud-hosted platform. As such the service will be sized appropriately to support the demands of the user base.

Analytics

• Service usage metrics: Yes
• Metrics types: • Service Availability; • Patient access; • User activity; All are delivered via a mix of graphical reports.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data in Azure Storage is encrypted and decrypted transparently using FIPS 140-2 compliant 256-bit AES encryption, this applies to all Azure storage types used by the Evolve solution that are used to store sensitive data.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: CSV and HL7 exports are supported as standard.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: HL7
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats: HL7

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: The Evolve architecture is designed for continuous operation, and a target availability level of better than 99.9% is anticipated (excluding planned maintenance). Planned maintenance episodes are minimised as much as possible and are only required in exceptional circumstances – non-disruptive approaches to software release, patching, and database maintenance are used to maximise the availability of the solution.; ; Resilience techniques such as load balancing, replication of data, and duplication of server roles are employed to minimise the impact of component failure. Extensive monitoring and alerting tooling is deployed at all tiers; this enables issues to be quickly identified and addressed, often without end-user impact.
• Approach to resilience: Available on request.
• Outage reporting: API, email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Other: Active Directory integrated.; ; Evolve leverages Microsoft Active Directory and users can authenticate using Integrated Windows authentication for single sign-on. Users can also authenticate manually with their Active Directory domain credentials.
• Access restrictions in management interfaces and support channels: Access is controlled via username and password authentication, linked to Active Directory.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 12/03/2020
• What the ISO/IEC 27001 doesn’t cover: Scope covered under this certification: Information security in relation to the design, development, testing and support of IT solutions delivered using distributed working practices in accordance with Statement of Applicability version 6.0.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: As an ISO27001 certified company Information Security is an important consideration for Kainos; in line with our responsibilities it is our policy to ensure that: ; • Information will be protected against unauthorised access. ; • Confidentiality of information will be assured. ; • Integrity of information will be maintained. ; • Regulatory and legislative requirements will be met. ; • Business continuity plans will be produced, maintained, and tested. ; • Information security training will be available to all staff. ; • All breaches of information security, actual or suspected, will be reported to, and investigated by the Kainos Information Security Manager and communicated appropriately to customers.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have an established configuration and change management approach in line with our ISO 20000 service management process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our operational management team monitors metrics from our vulnerability management software in addition to the service provided by our hosting provider.; • Maintain a list of assets that are assessed against industry notifications; • Manage subscriptions to vulnerability notification services; • Regular use of vulnerability scanning software; • Use of external managed security services that assess threat vectors and provide proactive advice/intelligence; • Regular internal and independent testing of infrastructure and applications; • Operate an internal security working group that proactively publishes information about vulnerabilities and best practices.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: • Use of specialist intrusion detection systems; • Regular security testing and baselined results; • Proactive analysis of security and system event data; • Response to an incident is dependent on perceived impact, threat, and exposure – it could range from no response being necessary through to full incident response involving senior business individuals and law enforcement agencies; • Security incident management process is implemented; • Security-related incidents assessed and responded to in line with support processes.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Pre-defined processes -Kainos Support Services is certified by the British Standards Institute as operating an IT Service Management System that complies with the requirements of ISO 20000. ; We have an established incident management process as part of ISO 20000. ; ; Reporting Incidents - Users can report incidents directly via our dedicated Service Desk, by email, or online via the Kainos Incident Management System (KIM). ; ; Incident Reports - Evolve produces timely, reliable, accurate reports for informed decision making, effective communication, and quality management. Kainos provides the client with formal monthly reporting detailing performance against the SLA and agreed Key Performance Indicators (KPI).

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Kainos commits to working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria. ; Delivering social value is something we do ‘with’ our clients, not something we do ‘to’ them – we will therefore facilitate a ‘kick-off’ co-creation workshop with you to develop a shared plan of action. ; The plan will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when), and how we will monitor, measure and report on our commitments/the impact of our proposals.; ; Related to ‘Fighting climate change’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract: ; • MAC 4.1 Deliver additional environmental benefits in the performance of the contract including working towards net-zero greenhouse gas emissions. ; • MAC 4.2 Influence staff, suppliers, customers, and communities through the delivery of the contract to support environmental protection and improvement.; ; Example reporting metrics of benefits delivered under the contract may include: People-hours spent protecting/improving the environment under the contract, Number of green spaces created under the contract, reduction in emissions of greenhouse gases, reduction in water use, and reduction in waste to landfill.
• Covid-19 recovery:

  Covid-19 recovery

  Kainos commits to working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria. ; Delivering social value is something we do ‘with’ our clients, not something we do ‘to’ them – we will therefore facilitate a ‘kick-off’ co-creation workshop with you to develop a shared plan of action. ; The plan will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when), and how we will monitor, measure and report on our commitments/the impact of our proposals.; ; Related to ‘Covid-19 recovery’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract:; • MAC 1.1: Creation of employment, re-training, and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high-growth sectors. ; • MAC 1.2: Support for people and communities to manage and recover from the impacts of COVID-19, including those worst affected or who are shielding. ; • MAC 1.3: Support for organisations and businesses to manage/recover from the impacts of COVID-19, including where new ways of working are needed to deliver services. ; • MAC 1.4: Support for the physical and mental health of people affected by COVID-19, including reducing the demand for health and care services. ; • MAC 1.5: Improvements to workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions ; ; Example reporting metrics of benefits delivered under the contract may include: Number of FTE employment for those made redundant due to COVID-19, people-hours supporting local community integration related to COVID-19, and percentage/number of the supply chain to have implemented the 6 standards in the Mental-Health-at-Work commitment.
• Tackling economic inequality:

  Tackling economic inequality

  Kainos commits to working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria. ; Delivering social value is something we do ‘with’ our clients, not something we do ‘to’ them – we will therefore facilitate a ‘kick-off’ co-creation workshop with you to develop a shared plan of action. ; The plan will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when) and how we will monitor, measure and report on our commitments/the impact of our proposals.; ; Related to ‘Tackling Economic Inequality’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract:; • MAC2.1: Create opportunities for entrepreneurship and help new organisations grow.; • MAC2.2: Create employment/training opportunities for people who face barriers to employment, are located in deprived areas, and in industries with known skills shortages or high growth sectors. ; • MAC2.3: Support educational attainment including training schemes; • MAC 3.1: Create a diverse supply chain including new businesses/entrepreneurs/start-ups/SMEs/VCSEs/mutuals. ; • MAC 3.2: Support innovation and disruptive technologies throughout the supply chain to deliver lower cost, higher quality goods/services. ; • MAC 3.3: Support the development of scalable and future-proofed new methods to modernise delivery and increase productivity. ; • MAC 3.4: Demonstrate collaboration and a fair/responsible approach to working with supply chain partners. ; • MAC 3.5: Demonstrate action to identify/manage cyber security risks in the delivery including in the supply chain.; ; Example reporting metrics of benefits delivered under the contract may include: Number of FTE employment/apprenticeship/training opportunities created, learning interventions delivered, start-up/SME/VCSE/mutuals opportunities awarded, and relevant supply chain metrics e.g. Cyber Essentials certification and adoption of NCSC 10 steps.
• Equal opportunity:

  Equal opportunity

  Kainos commits to working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria. ; Delivering social value is something we do ‘with’ our clients, not something we do ‘to’ them – we will therefore facilitate a ‘kick-off’ co-creation workshop with you to develop a shared plan of action. ; The plan will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when), and how we will monitor, measure and report on our commitments/the impact of our proposals.; ; Related to ‘Equal opportunity’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract: ; • MAC 5.1: Demonstrate action to increase the representation of disabled people in the contract workforce. ; • MAC 5.2: Support disabled people in developing new skills relevant to the contract, including through training schemes resulting in recognised qualifications; • MAC 6.1: Demonstrate action to identify/tackle inequality in employment, skills, and pay in the contract workforce.; • MAC 6.2: Support in-work progression to help people, including those from disadvantaged/minority groups, to move into higher-paid work by developing new skills relevant to the contract. ; • MAC 6.3 Demonstrate action to identify/manage the risks of modern slavery in the delivery of the contract, including in the supply chain.; ; Example reporting metrics of benefits delivered under the contract may include: Percentage/number of FTE disabled/under-represented people employed as a proportion of the total FTE including apprenticeships/training schemes, percentage/number of companies in the supply chain to have committed to the five foundational principles of good work, percentage of supply chain mapping completed, and people-hours devoted to supporting victims of modern slavery.
• Wellbeing:

  Wellbeing

  Kainos commits to working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria. ; Delivering social value is something we do ‘with’ our clients, not something we do ‘to’ them – we will therefore facilitate a ‘kick-off’ co-creation workshop with you to develop a shared plan of action. ; The plan will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when), and how we will monitor, measure and report on our commitments/the impact of our proposals.; ; Related to ‘Wellbeing’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract: ; • MAC 7.1: Demonstrate action to support health and wellbeing, including physical/mental health, in the contract workforce. ; • MAC 7.2: Influence staff, suppliers, customers, and communities through the delivery of the contract to support health and wellbeing, including physical and mental health.; • MAC 8.1: Demonstrate collaboration with users and communities in the co-design and delivery of the contract to support strong integrated communities. ; • MAC 8.2: Influence staff, suppliers, customers, and communities through the delivery of the contract to support strong, integrated communities.; ; Example reporting metrics may include: Percentage/number of the supply chain to have implemented measures to improve the physical and mental health and wellbeing of employees including the 6 standards in the Mental Health at Work commitment and mental health enhanced standards in ‘Thriving at Work’, and people-hours supporting local community integration e.g. volunteering/community-led initiatives.

Pricing

• Price: £280,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at presales@kainos.com. Tell them what format you need. It will help if you say what assistive technology you use.