Standalone and Integrated Electronic Prescribing System
CLEO SOLO EPS is an Electronic Prescribing Solution for Urgent Care and Outpatient Prescribing settings. Developed as a Covid-19 response to enable instant e-prescribing capability, using FHIR messaging standards, CLEO SOLO EPS gives clinicians instant prescribing capability without the need for any systems integration.
Features
- Standalone or Integrated Electronic Prescribing System
- Configurable formulary search, able to utilise Multilex and DM+D
- Supports the use of multiple cost codes across a service
- Prescription ID Confirmation sent via SMS to the patient
- Inutitive to use, requiring only a 5 minutes of training
- Used in a variety of clinical secondary care outpatient settings
Benefits
- Electronically dispense to a pharmacy of the patient’s choice
- Reduction of incidents including lost/stolen/illegible FP10s
- Reduction in travelling for patients to collect paper prescriptions
- Flexibility for prescribers such as prescribing out of hours
- Ability to prescribe quickly in an emergency
- Reduction in travel time and processing time for prescribers
- Reduction in time spent by staff ordering FP10 Prescription pads
- Reduction in stationary costs
Pricing
£38,145 an instance a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
4 1 9 6 7 3 3 2 1 0 4 0 5 4 2
Contact
CLEO SYSTEMS 24 LTD
Richard Burton
Telephone: 07753 902650
Email: richard.burton@cleosystems.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- Users must have Smartcard access, have reliable and functional devices to run the service, and pass all Acceptance Testing locally.
- System requirements
-
- Windows 10 1709 onwards
- Dual Core 2Ghz processor or faster
- Minimum Memory dedicated to CLEO 512MB (usually uses 240mb)
- Optimal resolution of 1920x1080 (lower resolutions involve scrolling)
- Install space 100MB per user
- .net Framework 4.8 runtime
- NHS Digital Identity Agent V2 onwards
- Java Runtime Environment V8 32bit (requirement of NHS Identity Agent)
- Gemalto Middleware (requirement of NHS Identity Agent)
- Health and Social Care Network (“HSCN”) Connectivity
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Within 1 hour for critical issues (phone only), within 8 for questions.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
- CLEO Systems exercise reasonable endeavours to respond to reports of Incident Service Levels in accordance with: P1 - 1 hour Critical, system down, complete loss of connectivity and/or service for all users - 4 Business Hours for fix or agreed work around. P2 - 2 hours High priority, major component of the client ability to operate, is affected. Loss of connectivity and/or service for some users. System or device fault which has a major impact on service performance or availability - 8 Business Hours for fix or agreed work around. P3 - 8 hours Core business unaffected but the issue is affecting multiple users. Problem or fault which has moderate impact on service but is not business critical - 3 Business Days for fix or agreed work around. P4 - 8 hours The issue is inconvenient but affecting limited number of users and/or workarounds are available. Problem or fault which has minor impact on service but requires resolution - 7 Business Days for fix or agreed work around. The guaranteed availability for our service is 99.9%.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- CLEO Systems provide the following services to onboard new users: - An initial demo to provide an overview of the system. - An online "live" training session, that can be recorded for future use. - An end user training guide. - An Administrator's training guide. - Weekly project calls to discuss actions, issues, risks and track milestone progress. - Technical workshops. - Train the Trainer sessions. - Post go-live support.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- CLEO Systems will create handover documentation to ensure knowledge transfer if that is deemed as required by the customer. Data will be transferred via SFTP in CSV format at the date agreed in conjunction with your contractual notice period. Data will be deleted supplier side after the SFTP file has been submitted, at an agreed date no longer than 3 months after contract expiry, including a certificate of completion.
- End-of-contract process
- CLEO Systems has adopted the retention periods set out in the Records Management Code of Practice for Health and Social Care 2016, Appendix 3. The retention schedule will be reviewed annually or as necessary to reflect changes in law. All data storage devices are purged of sensitive data before disposal. Where this is not possible, the equipment or media is destroyed by a technical WEEE service provider and a destruction certificate received. This is arranged with the CLEO IG Team to be logged accordingly. Any data that needs to be retained by the buyer, should be requested in writing. If data extracts are required for any purpose, then these may be subject to additional costs. Exit plans will be executed in accordance with the notice time period within your contract, either early or upon natural contract expiry, following which: CLEO Systems will switch off CLEO services at the date agreed in conjunction with your contractual notice period and data extractions will take place, as described above.
Using the service
- Web browser interface
- No
- Application to install
- Yes
- Compatible operating systems
- Windows
- Designed for use on mobile devices
- No
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 A
- Description of service interface
- The interface is an intuitive, easy-to-use system designed to be familiar to healthcare professionals. We use straightforward navigation for the system, laid out in a sensible manner for optimal use.
- Accessibility standards
- None or don’t know
- Description of accessibility
- CLEO SOLO EPS has been developed to enable instant prescribing, using FHIR messaging standards, meaning clinicians can prescribe using seamless spine integration, in a variety of settings. Intuitive to use with only a 5-minute instruction video covering everything needed for your clinician to get going.
- Accessibility testing
- None at this point.
- API
- Yes
- What users can and can't do using the API
- INCOMING
- API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Users with admin rights are able to add sites, setup users and make many other changes that will be run through by the account manager and trainers.
Scaling
- Independence of resources
-
Proactive monitoring is in place, which alerts in real time should services meet thresholds that we have set and that we do proactively monitor (during a daily meeting) this to ensure our resources.
Capacity management is undertaken to ensure when new contracts are awarded, the planning of required resources is factored into the infrastructure builds.
Load balanced servers ensure capacity needs are spread across the data centres.
Analytics
- Service usage metrics
- Yes
- Metrics types
- We provide a regular export of all data and usage, available via SFTP which can be incorporated into a data warehouse or dashboard - this can be setup to view whatever metrics are preferred and is fully auditable.
- Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- We provide the export of user data as a service.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
- CLEO Systems guarantee the availability of our systems at 99.9%. In the unlikely event that this level of service is not met, then any refunds accrued would be as defined in the individual contracts that we agree with our customers.
- Approach to resilience
-
Resiliency is built into the regional data centres that have availability zones.
Further information is available on request. - Outage reporting
-
In the rare event of a service wide outage occurring, our defined process states the following:
The first step we undertake is to identify the severity of the outage, as this helps us communicate the precise details to our service users. In the even that the outage is caused by a third party, we would seek information from them to distribute.
A service support lead would be identified, and they would be responsible in managing the team through the execution of the resolution plan and communications to our service users.
Any workarounds available to our service users should be included in our communications.
All notifications to our service users would be to their nominated contacts email addresses, as defined during the onboarding of their service. A service status webpage will also be made available.
The notification will include:
• Services affected
• Severity level
• Issue description
• Actions required
• Next update timing
• Additional details (if any)
• Steps already completed
As per our standard processes, following any high severity support incident, a full report will be created and shared with affected service users.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Limited access network (for example PSN)
- Username or password
- Access restrictions in management interfaces and support channels
- Access is managed through permissions and role based controls, which are managed by Admin users. In addition to this, access to NHS Spine Services are control through end user Smartcards which have specific roles and activities applied. Access to our support channels is managed through having named users that are set up on our Support Portal, with usernames and passwords.
- Access restriction testing frequency
- Less than once a year
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 12/06/2023
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- NHS Data Security and Protection Toolkit certification
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- We fully support the principles of governance and recognises its public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, information about patients and colleagues. To do this, we abide by these principles: • To protect our computer systems from misuse and to minimise the impact of service breaks through compliance with the standard ISO27001/2 and the development procedures to manage and enforce this. • Will ensure that the Health Records within its control are held, retained, and disposed of, in accordance with the guidance in Records Management: NHS Code of Practice. • We will ensure that all information recorded by ourselves is accurate, complete and available appropriately, and we will use all appropriate means to ensure that it complies with the relevant Data. • Protection legislation, including The Data Protection Act, The UK General Data Protection Regulation and associated Codes of Practice issued by the Information Commissioner’s Office. • CLEO are also Cyber Essentials Plus and DSPT certified. CLEO’s Chief Executive Officer has responsibility for the Data Security & Protection Policy. The implementation of, and compliance with, is delegated to the SIRO, the Caldicott Guardian and the Data Protection Officer (DPO).
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
We begin with understanding why the change is needed, what will be different, what needs to happen, measuring risks associated with the change and how improvements can be measured.
The details must then be recorded using a Change Control form, which captures the reasons for the change, what the change entails, all security considerations, key dates, plus the associated risks/costs. This is then reviewed with the Change Management Board. The Board will determine if the change can proceed.
Following the change, results will be monitored, and key learning will be recorded.
If successful, the change can then be fully adopted. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We receive regular CareCert alerts regarding software and application vulnerabilities from NHS England and key suppliers. We are mandated to patch any high CareCert alerts within 14 days and critical within 72 hours. We have a weekly Security meeting where we track all pending CareCert actions and assess risks. We also have active monitoring in place – using an Enterprise SEIM and SOC solution that informs us of potential threats.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
We receive regular CareCert alerts regarding software and application vulnerabilities from NHS England and key suppliers.
We are mandated to patch any high CareCert alerts within 14 days and critical within 72 hours.
We have a weekly Security meeting where we track all pending CareCert actions and assess risks.
We also have active monitoring in place – using an Enterprise SEIM and SOC solution that informs us of potential threats. - Incident management type
- Supplier-defined controls
- Incident management approach
- Incidents can be reported to our Service Desk via the customer portal, by email or by telephone. All incidents are logged within our Service Desk application and progress can then be tracked. The priority of the incident will be agreed between the Service Desk and our customers. Our Service Desk team are fully trained on all aspects of our applications and have pre-defined processes for managing incidents. Our service desk will issue Service Incident Reports as required and in accordance with contractual agreements.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- NHS Network (N3)
- Health and Social Care Network (HSCN)
Social Value
- Social Value
-
Social Value
Fighting climate changeFighting climate change
We embrace the requirement to achieve sustainability and add social value as defined in the Social Value Act 2012. We will make a continued difference across the UK through the provision of services that have a positive impact on people’s lives, on a personal and community level. Wherever possible, we will also prioritise the use of sustainable business practices, which will minimise negative impacts on the environment while making the best use of resources.
Our commitment to social value is demonstrated by our Group Gold Social Enterprise Mark - this is the highest level of Social Enterprise, awarded following a robust independent review. The Social Enterprise Gold Mark evidences best practice in key points across three key areas including governance, business ethics and financial transparency. We work within a set of values and principles that are underpinned by a responsibility to the different communities in which we operate. Our group has gained compliance with the UK Government Energy Savings Opportunity Scheme (ESOS) Phases 1 & 2 with the Environment Agency. The ESOS Scheme runs in four-year phases, we are now in Phase 3. Because of the work undertaken to comply with ESOS we have identified at least 90% of energy use throughout the organisation and made recommendations to save on its use. We record emissions that we can directly control (our Carbon Footprint) to support the NHS in their Net Zero Plan/Green Plan
Pricing
- Price
- £38,145 an instance a year
- Discount for educational organisations
- No
- Free trial available
- No