Skip to main content

Help us improve the Digital Marketplace - send your feedback

  1. Digital Marketplace
  2. Lot 2: Cloud software
  3. Evolve EMR-as-a-Service
Kainos Software Ltd

Evolve EMR-as-a-Service

Evolve-an award-winning Medical Record platform supporting Digital Maturity programmes through the removal of paper from the care process. Provided as a fully managed service, delivered securely using Microsoft Azure’s cloud. Secure, audited storage and management of patient documentation, enabling paperless working through the configuration of digital workflows and electronic forms.

Features

  • Fully managed service, delivered securely via the cloud.
  • End-to-end network, server, database, application management through Microsoft Azure.
  • ISO27001 security (NCSC aligned) and ISO20000 service management accredited.
  • Deployed in cloud with advanced security measures and tooling.
  • Access patient records instantly via mobile devices and desktops.
  • Interoperability with EPRs based on HL7 standards including Spine.
  • eReferrals, iPad offline access, clickthrough to other clinical systems.
  • Access information quickly through a simple, intuitive user interface.
  • Digital patient records and electronic document management.
  • Highly configurable and scalable, used by 150,000 clinicians.

Benefits

  • Electronic forms and workflow enables paperless working.
  • Improved information sharing and collaboration across systems and teams.
  • Constant access to the latest Evolve functionality when released.
  • Release IT staff for other priorities, improving clinician efficiency.
  • Reduced management overhead – Kainos manages the end-to-end service.
  • Maximised availability – Resiliency and Disaster Recovery (DR) built in.
  • Reduced risk – protected by Azure and enhanced operational security.
  • Adopt Cloud safely – real experience migrating mission critical services.
  • Supports digital maturity and paperless working.
  • Supports the Government’s 2020 personalised health and care agenda.

Pricing

£280,000 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at presales@kainos.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

4 1 5 9 2 2 7 9 7 8 6 1 8 8 0

Contact

Kainos Software Ltd Gareth Black
Telephone: 028 9057 1100
Email: presales@kainos.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Details of the Evolve EMR-as-a-Service in the Cloud service are included in the attached service definition document and T&Cs.
System requirements
  • SQL Server licensed by the Customer for on-premise and cloud.
  • Appropriate internal network, external network and connections.
  • On premise servers and PCs where local scanning is required.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our standard support response times range from 60 minutes to 2 days depending on the incident categorisation and prioritisation as defined in a tailored service level agreement (SLA) per service.
The tailored SLA also defines the agreed hours of support service available which can range from 24x7 to weekdays 09:00 to 17:00.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
For some of our clients in support, we have configured collaborative groups using the likes of MS Teams to allow the client real-time interaction with support engineers.
Web chat accessibility testing
We can configure collaborative groups using the likes of MS Teams to allow the client real-time interaction with support engineers.
However, we have not performed any specific testing with assistive technology users.
Onsite support
Yes, at extra cost
Support levels
Our mature cloud support service blends continued service improvement with defect resolution, to ensure user needs, business goals, and performance targets are realised and user satisfaction is maximised.

We offer a range of support levels (3rd & 4th line) that are aligned to the client’s support requirements and defined in a tailored service level agreement. Our support methodology is based on the rigour of ITIL and the flexibility of Agile principles and a Dev Ops culture. This blend results in a robust break-fix service and pragmatic service targets which are ITIL-aligned and underpinned by our ISO 9000, ISO 20000, and ISO 27001 accreditation.

Support is included as part of the service cost.

A typical support team is led by a technical account manager who is responsible for day-to-day support and allocation of support requests to multiple cloud support engineers. This approach provides a resilient support service with sufficient cover to ensure all support requests are managed in an effective and efficient manner.
Support available to third parties
No

Onboarding and offboarding

Getting started
We have introduced carefully selected inline help and tutorials to allow new users to get accustomed to the solution quickly.

Service users have access to online help within the majority of the screens to explain their purpose and assist in making the best use of solution functionality.

Optional onsite end-user and admin training are available on request.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Kainos shall make the Evolve Web API available to provide the Customer with the capability to extract data from within Evolve.
End-of-contract process
Upon the end of the contract, Kainos will provide the Customer with a temporary extension to the licence for the Evolve Web API (including documentation), free of charge to facilitate the extraction process.

After the end of the contract, the Evolve service will be provisioned for a period of one month to enable the Trust to extract the required data from Evolve. Following extraction of the data, disposal schedules can be configured to trigger the destruction of the electronic records stored within Evolve. Configuring retention and disposal schedules is a topic covered in the Evolve for Records Managers training course. Evidence of destruction would be provided via audit logs of the disposal process.

Kainos will provide this assistance on a time and materials basis (at the applicable rate card).

Expenses incurred in conjunction with these services, including the use of third-party equipment or services e.g. third-party hosting charges required for transition, will be chargeable to the Customer.

Using the service

Web browser interface
Yes
Supported browsers
Internet Explorer 11
Application to install
Yes
Compatible operating systems
  • IOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Evolve for iPad has been optimised for mobile devices running on the iOS platforming, leveraging native iOS capability including offline working and security.
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
We have two service interfaces. The first is a browser-based web client, the second is a native iOS mobile application used with iPad devices.
Accessibility standards
None or don’t know
Description of accessibility
During the development of Evolve EMR, the user's voice was the focus of the User Stories used to design the solution. This solution design is user-centric to drive through the importance of ease of use and to allow users to quickly and easily find the clinical information they need.
Accessibility testing
Kainos has a team of highly experienced usability experts who have conducted extensive usability testing with a wide range of end-users including users of assistive technology. Further details are available on request.
API
Yes
What users can and can't do using the API
The Evolve Web API uses a REST based industry-standard interface for accessing clinical patient data and for accessing Evolve functionality. Its interface provides a simple way for external client applications to be developed to communicate with Evolve based on HTTP requests and where data can be returned in JSON or xml format. The Evolve Web API also provides customers with a means of direct integration with Evolve from their existing clinical systems by allowing them to access and retrieve information from an Evolve patient record. The customers are also free to develop their own applications that can make use of the Evolve Web API.

Roles, groups, and scope are used to limit user access to specific API functions.

REST resources are provided within the API to manage the following areas of functionality within Evolve:

• Authentication
• Reference Lists
• Patient Lists
• Patients
• Patient Documents
• Patient Imaging Studies
• eForms and Workflow
• Living Forms
• Folders
• Logging
• Smart Bookmarks
• Pathology.
API documentation
Yes
API documentation formats
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
What -
A high level of configurability allows individual customers to customise to their own specific requirements and to introduce functionality at a rate that suits them.

How -
Out-of-the-box and customised templates within the solution provide a highly flexible customisation approach. Customers can create their own electronic forms and workflows to meet ever-changing requirements without the need for developers.

Who -
Business users can customise Evolve EMR, programming skills are not required. Electronic forms and workflows can easily be customised or created by administrators using available data sets.

Scaling

Independence of resources
Evolve EMR runs on a dedicated cloud instance of a highly scalable cloud-hosted platform. As such the service will be sized appropriately to support the demands of the user base.

Analytics

Service usage metrics
Yes
Metrics types
• Service Availability
• Patient access
• User activity
All are delivered via a mix of graphical reports.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
Less than once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Data in Azure Storage is encrypted and decrypted transparently using FIPS 140-2 compliant 256-bit AES encryption, this applies to all Azure storage types used by the Evolve solution that are used to store sensitive data.
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
CSV and HL7 exports are supported as standard.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
HL7
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
HL7

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
The Evolve architecture is designed for continuous operation, and a target availability level of better than 99.9% is anticipated (excluding planned maintenance). Planned maintenance episodes are minimised as much as possible and are only required in exceptional circumstances – non-disruptive approaches to software release, patching, and database maintenance are used to maximise the availability of the solution.

Resilience techniques such as load balancing, replication of data, and duplication of server roles are employed to minimise the impact of component failure. Extensive monitoring and alerting tooling is deployed at all tiers; this enables issues to be quickly identified and addressed, often without end-user impact.
Approach to resilience
Available on request.
Outage reporting
API, email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
Other: Active Directory integrated.

Evolve leverages Microsoft Active Directory and users can authenticate using Integrated Windows authentication for single sign-on. Users can also authenticate manually with their Active Directory domain credentials.
Access restrictions in management interfaces and support channels
Access is controlled via username and password authentication, linked to Active Directory.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
12/03/2020
What the ISO/IEC 27001 doesn’t cover
Scope covered under this certification: Information security in relation to the design, development, testing and support of IT solutions delivered using distributed working practices in accordance with Statement of Applicability version 6.0.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
As an ISO27001 certified company Information Security is an important consideration for Kainos; in line with our responsibilities it is our policy to ensure that:
• Information will be protected against unauthorised access.
• Confidentiality of information will be assured.
• Integrity of information will be maintained.
• Regulatory and legislative requirements will be met.
• Business continuity plans will be produced, maintained, and tested.
• Information security training will be available to all staff.
• All breaches of information security, actual or suspected, will be reported to, and investigated by the Kainos Information Security Manager and communicated appropriately to customers.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have an established configuration and change management approach in line with our ISO 20000 service management process.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our operational management team monitors metrics from our vulnerability management software in addition to the service provided by our hosting provider.
• Maintain a list of assets that are assessed against industry notifications
• Manage subscriptions to vulnerability notification services
• Regular use of vulnerability scanning software
• Use of external managed security services that assess threat vectors and provide proactive advice/intelligence
• Regular internal and independent testing of infrastructure and applications
• Operate an internal security working group that proactively publishes information about vulnerabilities and best practices.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
• Use of specialist intrusion detection systems
• Regular security testing and baselined results
• Proactive analysis of security and system event data
• Response to an incident is dependent on perceived impact, threat, and exposure – it could range from no response being necessary through to full incident response involving senior business individuals and law enforcement agencies
• Security incident management process is implemented
• Security-related incidents assessed and responded to in line with support processes.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Pre-defined processes -Kainos Support Services is certified by the British Standards Institute as operating an IT Service Management System that complies with the requirements of ISO 20000.
We have an established incident management process as part of ISO 20000.

Reporting Incidents - Users can report incidents directly via our dedicated Service Desk, by email, or online via the Kainos Incident Management System (KIM).

Incident Reports - Evolve produces timely, reliable, accurate reports for informed decision making, effective communication, and quality management. Kainos provides the client with formal monthly reporting detailing performance against the SLA and agreed Key Performance Indicators (KPI).

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Kainos commits to working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria.
Delivering social value is something we do ‘with’ our clients, not something we do ‘to’ them – we will therefore facilitate a ‘kick-off’ co-creation workshop with you to develop a shared plan of action.
The plan will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when), and how we will monitor, measure and report on our commitments/the impact of our proposals.

Related to ‘Fighting climate change’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract:
• MAC 4.1 Deliver additional environmental benefits in the performance of the contract including working towards net-zero greenhouse gas emissions.
• MAC 4.2 Influence staff, suppliers, customers, and communities through the delivery of the contract to support environmental protection and improvement.

Example reporting metrics of benefits delivered under the contract may include: People-hours spent protecting/improving the environment under the contract, Number of green spaces created under the contract, reduction in emissions of greenhouse gases, reduction in water use, and reduction in waste to landfill.
Covid-19 recovery

Covid-19 recovery

Kainos commits to working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria.
Delivering social value is something we do ‘with’ our clients, not something we do ‘to’ them – we will therefore facilitate a ‘kick-off’ co-creation workshop with you to develop a shared plan of action.
The plan will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when), and how we will monitor, measure and report on our commitments/the impact of our proposals.

Related to ‘Covid-19 recovery’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract:
• MAC 1.1: Creation of employment, re-training, and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high-growth sectors.
• MAC 1.2: Support for people and communities to manage and recover from the impacts of COVID-19, including those worst affected or who are shielding.
• MAC 1.3: Support for organisations and businesses to manage/recover from the impacts of COVID-19, including where new ways of working are needed to deliver services.
• MAC 1.4: Support for the physical and mental health of people affected by COVID-19, including reducing the demand for health and care services.
• MAC 1.5: Improvements to workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions

Example reporting metrics of benefits delivered under the contract may include: Number of FTE employment for those made redundant due to COVID-19, people-hours supporting local community integration related to COVID-19, and percentage/number of the supply chain to have implemented the 6 standards in the Mental-Health-at-Work commitment.
Tackling economic inequality

Tackling economic inequality

Kainos commits to working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria.
Delivering social value is something we do ‘with’ our clients, not something we do ‘to’ them – we will therefore facilitate a ‘kick-off’ co-creation workshop with you to develop a shared plan of action.
The plan will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when) and how we will monitor, measure and report on our commitments/the impact of our proposals.

Related to ‘Tackling Economic Inequality’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract:
• MAC2.1: Create opportunities for entrepreneurship and help new organisations grow.
• MAC2.2: Create employment/training opportunities for people who face barriers to employment, are located in deprived areas, and in industries with known skills shortages or high growth sectors.
• MAC2.3: Support educational attainment including training schemes
• MAC 3.1: Create a diverse supply chain including new businesses/entrepreneurs/start-ups/SMEs/VCSEs/mutuals.
• MAC 3.2: Support innovation and disruptive technologies throughout the supply chain to deliver lower cost, higher quality goods/services.
• MAC 3.3: Support the development of scalable and future-proofed new methods to modernise delivery and increase productivity.
• MAC 3.4: Demonstrate collaboration and a fair/responsible approach to working with supply chain partners.
• MAC 3.5: Demonstrate action to identify/manage cyber security risks in the delivery including in the supply chain.

Example reporting metrics of benefits delivered under the contract may include: Number of FTE employment/apprenticeship/training opportunities created, learning interventions delivered, start-up/SME/VCSE/mutuals opportunities awarded, and relevant supply chain metrics e.g. Cyber Essentials certification and adoption of NCSC 10 steps.
Equal opportunity

Equal opportunity

Kainos commits to working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria.
Delivering social value is something we do ‘with’ our clients, not something we do ‘to’ them – we will therefore facilitate a ‘kick-off’ co-creation workshop with you to develop a shared plan of action.
The plan will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when), and how we will monitor, measure and report on our commitments/the impact of our proposals.

Related to ‘Equal opportunity’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract:
• MAC 5.1: Demonstrate action to increase the representation of disabled people in the contract workforce.
• MAC 5.2: Support disabled people in developing new skills relevant to the contract, including through training schemes resulting in recognised qualifications
• MAC 6.1: Demonstrate action to identify/tackle inequality in employment, skills, and pay in the contract workforce.
• MAC 6.2: Support in-work progression to help people, including those from disadvantaged/minority groups, to move into higher-paid work by developing new skills relevant to the contract.
• MAC 6.3 Demonstrate action to identify/manage the risks of modern slavery in the delivery of the contract, including in the supply chain.

Example reporting metrics of benefits delivered under the contract may include: Percentage/number of FTE disabled/under-represented people employed as a proportion of the total FTE including apprenticeships/training schemes, percentage/number of companies in the supply chain to have committed to the five foundational principles of good work, percentage of supply chain mapping completed, and people-hours devoted to supporting victims of modern slavery.
Wellbeing

Wellbeing

Kainos commits to working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria.
Delivering social value is something we do ‘with’ our clients, not something we do ‘to’ them – we will therefore facilitate a ‘kick-off’ co-creation workshop with you to develop a shared plan of action.
The plan will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when), and how we will monitor, measure and report on our commitments/the impact of our proposals.

Related to ‘Wellbeing’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract:
• MAC 7.1: Demonstrate action to support health and wellbeing, including physical/mental health, in the contract workforce.
• MAC 7.2: Influence staff, suppliers, customers, and communities through the delivery of the contract to support health and wellbeing, including physical and mental health.
• MAC 8.1: Demonstrate collaboration with users and communities in the co-design and delivery of the contract to support strong integrated communities.
• MAC 8.2: Influence staff, suppliers, customers, and communities through the delivery of the contract to support strong, integrated communities.

Example reporting metrics may include: Percentage/number of the supply chain to have implemented measures to improve the physical and mental health and wellbeing of employees including the 6 standards in the Mental Health at Work commitment and mental health enhanced standards in ‘Thriving at Work’, and people-hours supporting local community integration e.g. volunteering/community-led initiatives.

Pricing

Price
£280,000 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at presales@kainos.com. Tell them what format you need. It will help if you say what assistive technology you use.