AxSys Technology Limited

Excelicare Ophthalmology

Excelicare's Ophthalmology Service supports general and sub-specialty requirements. The Service has been developed in collaboration with a leading Ophthalmologist and Vitreoretinal specialist to provide an extensive Ophthalmic dataset, underpinned by our EHR; Patient demographics, appointment scheduling, clinic management, orders/labs, clinical notes, worklists, role-based access, integrations, and analytics. (EMR, EHR, EPR)

Features

• Electronic Health Record solution.
• Patient registration and demographic management.
• Appointment scheduling, clinic management, and Online Booking.
• Document and media item management.
• Investigations: Refraction, Optical Coherence Tomography, Biometry, Visual Fields, Fundus.
• Supports Medical Retinal, Cataract, Diabetic Retinopathy, Glaucoma, Oculoplastics, Vitreoretinal.
• Patient technologies allow the patient to interact with the service.
• Real time reporting by the Service via Reporting Database
• Patient Summary screens for easy viewing of the patient's record.
• Web based solution.

Benefits

• Easy to use web based EHR.
• Allows a comprehensive longitudinal patient record to be maintained.
• Provide a 'Digital Front Door' for your patients.
• Comprehensive reporting and analytics.
• Online booking and management of appointments.
• Patient SMS e.g. for results and appointment notifications.
• Integrations with NHS API and common system within the NHS.
• Extensible architecture allowing the implementation to grow over time.
• Microsoft Azure Cloud offering with HSCN connectivity.
• HL7, FHIR and API integrations.

£76,800 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jackie.henderson@excelicare.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

460718771003038

Contact

Jackie Henderson
0141 840 5924
jackie.henderson@excelicare.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Excelicare can be integrated with other cornerstone NHS software services.
• Cloud deployment model: Private cloud
• Service constraints: Planned maintenance schedule an be agreed with the client.
• System requirements:
  • All system requirements are included in the managed cloud service.
  • Users access Excelicare through a modern browser, no plugins required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our online ticketing system is available 24hrs a day. Response times will vary based on priority of the ticket and the subscription service the client agrees to. Response and resolution times are detailed within the Service Definition. Our typical support model is Monday - Friday 8am to 6pm, but enhanced support offerings are available.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Excelicare provides clients with an online Support portal for raising and tracking tickets. Clients can raise tickets or change requests and have access to see the status of their tickets 24/7. All calls logged will be responded to with a ticket number for tracking purposes. Our support team is augmented by members from across our organisation eg CloudOps, DevOps and provide regular updates on ticket status to clients. ; Clients can choose from our standard or enhanced service levels, see the Service Definition for further information.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Excelicare provides a mixture of onsite training, online training and user documentation to onboard users to the Excelicare service.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Docx
• End-of-contract data extraction: Excelicare provides a process for doing this. This is part of our standard offboarding process which is detailed further within the customer's contract with Excelicare.
• End-of-contract process: The end-of-contact process will be defined within the contract we agree with the customer.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our patient technologies work on mobile devices. The main Excelicare client that is used by healthcare workers is designed to work on a device with a monitor, keyboard and mouse.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Excelicare has a modern and intuative user interface. Excelicare is access through modern browsers such as Edge, Chrome and Firefox.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Excelicare recommends the use of native operating system and browser features for zoom/magnification, read aloud and colour management for users that require assistive technology.
• API: Yes
• What users can and can't do using the API: The Excelicare API can be used by authorised users/systems to exchange data with the Excelicare platform. Excelicare's API supports standard REST integrations allowing API users to get data and post data to and from the Excelicare platform.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Excelicare is a highly customisable platform. Users can easily configure lookup lists, dictionary lists, user lists, location lists, their clinic build, user security and system configurations through adminstrative tools that are contained within the main Excelicare client. ; Users can only access the Excelicare administrative tools if they have role based access to them. ; Excelicare resources can configure a wide variety of content within a customer's deployment, including, data capture forms, workflows, care plans, dashboards, worklists, trackers, summary screens and integrations. Excelicare resources use a mixture of native Excelicare tools and frameworks to build and configure Excelicare content for a customer.

Scaling

• Independence of resources: Each client environment is contained in their own segmented network and data is contained in their own database. Excelicare's cloud is monitored and sized appropriately based on usage metrics.

Analytics

• Service usage metrics: Yes
• Metrics types: Cloud usage metrics; Application usage metrics; Support Desk usage metrics
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: Excelicare encrypts all data at rest using customer managed keys. Keys are stored in Azure's key vault.; Further details available on request.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Excelicare has various features within our application that allows users to export data out of Excelicare into XLS or CSV format. Data can be extracted from Excelicare's reporting database (SQL Server Database) by authorised users using 3rd party tools.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLSX
  • Data Transfer from SQL into a 3rd party data store.
  • API GET transactions in JSON format.
• Data import formats: Other
• Other data import formats: JSON via the Excelicare API

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Data in transit is encrypted at all points to ensure data integrity. Excelicare will always use HTTPS/TLS protocols to exchange data across different endpoints.; All web traffic will use HTTPS. ; Our Networks are protected by a Cloudgen Firewall which offers multi-layered security to stop zero-day threats and Cloudgen Web Application Firewall to provide a further layer of security for our Web application.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Excelicare will always use HTTPS/TLS protocols to exchange data within our network. We also practice network and storage isolation. We also strive towards zero trust.

Availability and resilience

• Guaranteed availability: Our SLA varies depending on which Managed Cloud Service tier is chosen: Standard Tier offers 99.80% uptime, Premium Tier offers 99.99% uptime. The uptimes exclude any agreed maintenance windows. System availability is measured over the period associated with normal access and use of the Excelicare services (Accountable Hours). Service availability is calculated per calendar quarter. Further details are available on request.
• Approach to resilience: Our environment has High availability inherantly built in to the design of our architecture. Further information is available on request.
• Outage reporting: Email alerts; Support Desk Portal

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Excelicare operates on a least privilage basis, only those personnel that that require access to perform their role will have access, this is controlled via RBAC
• Access restrictions in management interfaces and support channels: We require users to supply their user ID and Password and then 2 factor authentication, we secondary challenge to answer a security question
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Other
• Description of management access authentication: Excelicare requires all management access to the system to have MFA enabled and a complex password in line with our password policy. Details available on request.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: CQS/AxSys Technology Ltd, Shellman Compliance LLC/ Microsoft Azure
• ISO/IEC 27001 accreditation date: 07/05/2021 AxSys Technology Ltd. 28/11/2023 Ms Azure
• What the ISO/IEC 27001 doesn’t cover: Our Cloud hosting, this is covered by our cloud hosting company, Microsoft Azure.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • NHS Data Security Protection Toolkit.
  • Information Commissioners Office registration.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials.; Cyber Essentials Plus.; NHS DSPToolkit.; GDPR Compliance.
• Information security policies and processes: Excelicare approach to security governance is inline with our ISO 27001 processes. Excelicare has an ISMS group dedicated to updating and ensuring the procedures are adhered to. Our IT team audit users systems on a regular basis.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our components are monitored using Azure monitoring and our own monitoring service through their lifetime. Our change management process complies with ISO 27001 and Microsoft Azure's Change Management process
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our services utilise agentless scanners to discover vuilnerabilities in near real time, vulnerabilities are prioritized on the threat landscape. The vulnerability scans are updated with new threats every 24 hours.; Vulnerabilities prioritized as critical are assessed and any corrective actions are applied ASAP. Scheduled vendor patches are applied to UAT systems within 3 days of release and to production within 10 days. Vendor critical patches are scheduled to be applied in a timeframe agreed with the client.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our service is constantly monitored for any real-time events that threaten the security of our environment. The threat or event is automaticaly allocated a severity rating. Any High severity alerts are assessed and corrective actions are applied ASAP.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management process is in line with ISO 27001 requirements.; Clients will raise incidents via our online helpdesk or telephone, a triage process will set the priority of the incident. On resolution of the incident the case will be updated in our online helpdesk. Escalations can be made in line with our Incident management process in line with ISO 27001.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  Excelicare emphasizes a holistic and integrated strategy encompassing carbon reduction, energy efficiency, waste management, sustainable procurement, and green transportation to help our clients achieve their net zero carbon emissions target and sustainability commitments effectively. We are committed to working collaboratively with stakeholders and leveraging best practices in environmental stewardship to drive positive environmental outcomes for our client and the community they serve.; ; Excelicare has develop a Carbon Reduction Plan outlining specific strategies and actions to reduce carbon emissions across all operations and activities within the organisation, in accordance with PPN 06/21; • We are committed to halving our emissions by 2030; • We are committed to achieving Net Zero by 2040.; • Our CRP is published on our website and has the full backing of senior leadership.; • We are registered with the SME Climate Hub to facilitate our goals.; We will implement initiatives such as energy efficiency improvements, renewable energy adoption, and carbon offsetting measures to accelerate our progress towards achieving our Net Zero target.

  Tackling economic inequality

  Our approach to tackling economic inequality focuses on fostering a skilled and inclusive workforce while ensuring the resilience and sustainability of the supply chain. By addressing economic inequality through targeted skills development and promoting supply chain resilience, we aim to create meaningful opportunities for economic empowerment and prosperity for individuals and wider communities.

  Equal opportunity

  We fully support equal opportunity at all levels in our organisation. Excelicare's approach prioritizes inclusivity, fairness, and social responsibility in employment practices, aiming to create a diverse and equitable workforce where all individuals have the opportunity to succeed and thrive. To address equal opportunity in employment and skills, we adhere to the following approach:; ; Reducing the Disability Employment Gap:; Excelicare implement inclusive recruitment practices that consider the unique abilities and talents of all individuals including those with long-term health conditions. We offer development opportunities tailored to the needs of all employees, ensuring they have access to the skills and resources necessary for career advancement. We foster a supportive and inclusive work environment that promotes diversity and celebrates the contributions of all employees, regardless of their health status.; ; Tackling Workforce Inequality:; Excelicare utilises diversity and inclusion initiatives aimed at increasing representation and participation of underrepresented groups within our workforce. We use recruitment strategies that are inclusive of candidates from diverse backgrounds and underrepresented communities, including but not limited to ethnic minorities, LGBTQ+ individuals, and individuals with disabilities. We strive to implement unconscious bias awareness for hiring managers and decision-makers to mitigate biases in recruitment, promotion, and performance evaluation processes. Where appropriate we will support the creation of affinity groups and support networks for employees from underrepresented groups to foster a sense of belonging and provide opportunities for networking and professional development

Pricing

• Price: £76,800 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jackie.henderson@excelicare.com. Tell them what format you need. It will help if you say what assistive technology you use.