Pathpoint® MSK
Pathpoint® MSK is a cloud-based system developed by clinicians and professional software developers, specifically to serve as a secure and centralised platform for community MSK service coordination and clinical workflow digitisation. Self-population of reports and letters, streamlining referral processes and linking community services such as physiotherapy, podiatry and occupational therapy.
Features
- Complete MSK management platform
- Access any time, anywhere, any device (device agnostic)
- Links with secondary care Orthopaedics
- Automatic populated letters and reports
- Facilitates fast referral to community teams
- Specifically designed for FCPs
- All diaries and patient lists coordinated
- Integrates with existing digital systems SystmOne and EMIS
- NHS e-RS and national personal demographics service (PDS) integration
Benefits
- Unparalleled oversight of the MSK pathway at regional level
- Effective communication between users, teams and institutions
- Minimisation of administration time
- Eliminates the use of paper
- Powerful data capture and auditing tool
- Updates in real time and improves efficiency
- Aids in information governance and data protection
Pricing
£48,500 an instance a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
4 4 9 9 2 5 2 9 7 9 4 6 1 6 0
Contact
Open Medical Ltd
Zak Suleman
Telephone: 0203 475 2955
Email: zak@openmedical.co.uk
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Pathpoint
- Cloud deployment model
- Public cloud
- Service constraints
- Requires N3 or HSCN access
- System requirements
- IE 11+ or Chrome/Firefox/Safari browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Week days - within 8 hours. Weekends - within 12 hours.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
Licence subscription includes:
Business-as-usual - single point-of-contact client support; managing delivery and resolution of service queries.
Extra-ordinary - 24 x 7 x 365 same-day on-site support to resolve high severity live system application related incidents. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Installation: The on-boarding program is designed to ensure minimal disruption to departmental working practices.
Week 1: A small team of trainers deployed to each department to provide full on-site, on-the-job training.
Week 2-4: Weekly one day training resource.
On-going: Training sessions coincide with the induction day of new clinical staff throughout the duration of the contract. Training assets: wall posters, eLearning video demonstrations, manuals, client support phone/email. - Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- End-of-contract data extraction
-
Contract termination does not result in service discontinuation. System remains live in read-only state.
Exported SQL files and a binary archives are generated and provided automatically.
Data extraction via JSON:API or FHIR API directly from the system is also available. - End-of-contract process
-
OpenMedical licenses are SaaS products.
Where recommissioning is not optioned at the end of subscription period, there are no additional costs.
The service remains available with a full read-only functionality and can be resumed at any time.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- No difference
- Service interface
- No
- User support accessibility
- WCAG 2.1 A
- API
- Yes
- What users can and can't do using the API
- Pathpoint MSK is a decoupled service that can be fully operated via APIs. JSON:API and FHIR APIs are available out of the box allowing all CRUD operations via basic or cookie authentication. Any authorised user of the service can make any changes allowed by their access role with no limitations.
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- ODF
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Pathpoint MSK out-of-the-box system pathway and interfaces modified to clinical team specifications.
The patient and clinical pathway entities are fully customisable and can be added, changed or removed (including specific data fields).
The refinements process is managed by OpenMedical's engineering team, in association with clinical team leaders.
Scaling
- Independence of resources
-
System's load balancing process automatically provisions additional VMs and containers. Upscaling system resources in response to request loads.
Furthermore OpenMedical employs a number of processor reduction techniques, including multiple cache-like layers for querying and outputs with forced tag and context cache expiration.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Our systems are designed to track, plan and review patient care.
Embedding coded-fields into the data-storage architecture allows OpenMedical to manipulate and present service metrics at a range of granularity levels.
Includes
Clinical; diagnosis/procedure specific data, temporal, demographic.
Health management: KPIs, referral source, time-of-day, year-on-year, service capacity/level boundaries. - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Authenticated users can export their data via the JSON:API / FHR API / directly via the user interface as an CSV file.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Our standard Service Level Agreement guarantees 99.9% server uptime.
Any unscheduled service outage for more than 1 hour after reporting is refunded at its full subscription price for the outage duration. - Approach to resilience
- Available on request
- Outage reporting
- The service reports any outages via a public API, by email alerts to all clinical team leads and nominated secondary addresses.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Limited access network (for example PSN)
- Username or password
- Access restrictions in management interfaces and support channels
-
Client determines access requirements to match their specific organisational needs.
Role-based and team-based access system manages system's restrictive access controls, constraining user functionality assignment; including writing, editing and viewing.
Team-based permissions are dependent on data-originating teams. Role-based access restricts system-wide processes and data such as management, user-auditing and interface channels. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 04/10/2023
- What the ISO/IEC 27001 doesn’t cover
- NA
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- N3 Assurance
- IG Toolkit
- Cyber Essentials
- HSCN Code of Conduct
- Cyber Essentials Plus
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- N3 Assurance and NHS Digital IGT
- Information security policies and processes
-
The following policies are used to capture and monitor security: Data Protection Policy, Information Risk Policy, Information Security Policy, Network & Mobile Security Policy, Pseudonymisation Policy, Recruitment and Contracting Policy, Secure Data Transfer Procedure, eTrauma System Level Security, eTrauma Data Flow Mapping.
A dedicated team with the responsibility to monitor the above is contactable at ig@openmedical.co.uk. All security policies are reviewed every 6 months internally and verified every year independently.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Change management policies ensure all the changes are assessed, approved, implemented and reviewed in a controlled manner. All changes will be recorded in the service management tool following an explicit process: Recording of all changes, Classification, Risk assessment for their risk, Impact and business benefit, Approval and authorisation, Coordination for implementation of changes, Post implementation review, Post implementation feedback.
- Vulnerability management type
- Undisclosed
- Vulnerability management approach
-
The vulnerability management process follows a mandatory workflow:
- Preparation
- Vulnerability scan
- Remediation actions definition
- Remediation actions implementation
- Vulnerability scanning - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Compromise scanning: Three-way data surveillance, including database and binary data tracks identification alteration. Daily reconciliation of all IP access logs outside the N3 network.
Compromise response: Suspected authentication/access or integrity immediately escalated to engineering and infrastructure team for assessment and action.
Confirmed compromises: Reported as per the Information Risk Policy to SIRO, senior management, ICO, NHS Digital and the client organisation Information Security and IG teams. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Recorded incident reporting and pre-existing incident response processes are in-place.
All incidents and adverse events are reported and recorded according to Information Risk Register Policy and cross-referenced to the Disaster Recovery and Business Continuity Plans.
IG SIRIs will be managed in accordance with the Incident Management Procedure.
All incidents are reported to SIRO, senior management, ICO, NHS Digital and the client organisation immediately.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- NHS Network (N3)
- Health and Social Care Network (HSCN)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
At Open Medical, we are dedicated to taking action against climate change and reducing our carbon footprint. Our software solutions not only improve healthcare efficiency but also contribute to environmental sustainability. And we are also conducting grant-funded research to help the NHS achieve net-zero greenhouse gas emissions.
Our software features, such as remote consultations, remote monitoring, and detailed data-capture, help to reduce patient travel and lower CO2 emissions. For example, one Trust using our virtual fracture clinic platform saved 57,220 kg of CO2 in a year, equivalent to 29 round trips between London and New York.
We are focused on influencing our staff, suppliers, customers, and communities to support environmental protection. We promote a paper-light approach, encourage cycling to work, and discourage the use of single-use plastic. Implementing an electric company fleet, ride-sharing, and virtual training sessions help us reduce our environmental impact from travel for product implementation.
Through these initiatives, we are committed to moving towards a sustainable future while maintaining the high-quality care we provide.Covid-19 recovery
Our cloud-based solutions, which can be accessed from any device from anywhere, enabled healthcare providers to deliver uninterrupted, high-quality care throughout the pandemic. We were recognised with the “Best COVID-19 Solution for Community Care” HealthTech Digital Award, underscoring our commitment to addressing complex healthcare challenges. And despite the pandemic, we continued to support medical professionals and employed additional staff to ensure the continuation of our services.Tackling economic inequality
We develop all our software products in-house to maintain quality and cost-effectiveness. Our technology itself is scalable, future-proof, and designed to modernise healthcare delivery while boosting productivity.
We value collaboration with our clients and aim to work together in a fair and responsible manner. We consider ourselves partners, dedicated to ensuring our products provide maximum value to healthcare organisations.
Cybersecurity is a top priority for us, and we have robust systems in place to protect our operations and our clients' information. All our digital solutions are secure by design.
To support economic equality, we create job and training opportunities within our company. We invest in our workforce by providing a thorough 2-week onboarding process for new employees, introducing them to our mission, products, and policies. We offer ample opportunities for skill development and career growth, believing that by investing in our employees, we contribute to a more balanced and equitable economy.Equal opportunity
We are committed to fostering an inclusive and diverse workplace. We believe in equal opportunity for all and welcome people from all backgrounds. We understand that a diverse workforce provides a more comprehensive perspective, reflecting the society we serve.
To empower our team, we offer skill development training and mentorship programmes. These initiatives are designed to enhance industry-relevant skills, leading to accredited qualifications and career progression within the company.
We stand firm against any form of inequality within our team. Our commitment to fair employment practices includes equal opportunities for skills development and fair pay structures. We actively address any disparities and strive to maintain an equitable environment.
We take a strong stand against modern slavery. Our onboarding process includes comprehensive training on identifying and managing the risks associated with modern slavery, particularly in our supply chain. Our policies and standard operating procedures adhere to these principles, ensuring an environment that respects and protects human rights.Wellbeing
Our company firmly believes that our employees are our most valuable asset, which is why we foster an environment that prioritises their overall health and wellness. This commitment extends to providing mental health days, compassionate leave, and private health insurance, reflecting our dedication to supporting both mental and physical health. We also advocate for a diverse and inclusive workspace where every individual's wellbeing is respected and nurtured.
Moreover, our health-focused approach goes beyond our internal team and includes our suppliers, clients, and the wider community. We leverage digital solutions to enhance the experiences of clinicians and patients, aiming to prevent burnout and enhance patient outcomes. This broad commitment to health and wellness is a testament to our belief in the importance of nurturing the wellbeing of our entire community.
Pricing
- Price
- £48,500 an instance a year
- Discount for educational organisations
- No
- Free trial available
- No