MEDICAL MANAGEMENT SYSTEMS LIMITED

Meddbase

Meddbase is a Cloud-based Healthcare software to manage Occupational Health. With a robust foundation built on security and efficiency, Meddbase fosters global scalability while enhancing the overall healthcare experience.

Features

• Occupational Health
• Health Surveillance
• Case Management
• Online Booking Portal
• Primary Care
• EHR
• Analytics Module
• Billing Module
• Telehealth
• Vaccinations

Benefits

• Simplify tasks and stressors allowing focus on improving employee wellbeing
• Enhances productivity, and reduces administrative burden and stress
• Fully browser based and secured compliance
• Access records, automate referrals and repetitive tasks within case management,
• Streamline and automate workflows for Occupational Health
• Reporting and analytics, data driven decisions.
• Eliminate manual steps
• Advanced functionality, modular and scalable features
• User-friendly navigation
• Save costs and time

£15,200 an instance

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at wtemple@meddbase.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

477007998632578

Contact

Will Temple
02078426290
wtemple@meddbase.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • Internet Connection: ADSL 8.0 Mb/s or Better
  • Operating System: Windows 10 & 11, OSX 10.14 & 10.15
  • Browser: Mozilla, Chrome, Edge

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Ticket Acknowledgement - 5 Mins; Target Response Time: 30 Mins
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Meddbase is committed to provide Omni-channel support to our customers and users through a variety of channels;; ; Knowledge Base: Users can help themselves and reduce time and number of support requests. From frequently asked questions into a searchable library of help articles, videos, and documentation.; ; Support Telephone: Access customer support regardless of the channel. Supporting users wherever they are by accessing our support team seamlessly through our telephone contact numbers on our support hub and website.; ; Support Desk:Connect with the support team directly and get help from our team of experts. Our support team regularly use video conferencing to ; support with all needs as required.; ; Account Manager: A dedicated account manager can support you with any persistent issues or act as a point for urgent escalations within Meddbase.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We support users through project onboarding, training, and system implementation in nine phases:; ; Phase 1: Pre-Project Initiation - Transitioning from sales to project processes, meeting key team members.; Phase 2: Project Kick-off - Reviewing documentation, initiating a project kick-off call.; Phase 3: Requirements & Solution Design - Gathering requirements, understanding processes.; Phase 4: Meddbase Training - Offering introductory and indept training sessions.; Phase 5: Configuring Your System - Tailoring Meddbase to your needs.; Phase 6: User Acceptance Testing (UAT) - Completing end-to-end UAT.; Phase 7: Pre Go-live - Approaching project go-live.; Phase 8: Post Go-live: Stabilisation - Adapting to the new system.; Phase 9: Project Completion and Handover - Providing a Project Closure Document (PCD).
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We provide a full copy of data base via. CSV format.
• End-of-contract process: If our partnership with the customer comes to an end, all the invoices will be settled, and Meddbase will provide the data at no additional charges,

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Meddbase offers API for Occupational Health Portals, in our roadmap today we are also working on an FHIR API for our main application.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Meddbase is a completely customizable solution, which allows our customers to independently fully configure it to match their business process including the user journey, pathways and reports.

Scaling

• Independence of resources: We offer a robust cloud based solution that is independent of each customer including the environment and threshold of service.

Analytics

• Service usage metrics: Yes
• Metrics types: Within Meddbase, there's a report builder module that can support service usage reports. This can be generated by self or by request as well.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Meddbase users are data controllers of their on data and have access to their full data and can export as required, in CSV. formats.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The Company provide a 99.4% uptime commitment for the System to the Client. If the Company falls below the 99.4% uptime commitment and the Client’s access to the System is affected, the Client may request service credit to the Client account for future use.
• Approach to resilience: Meddbase ensures service resilience through a robust cloud infrastructure and strict adherence to security standards. Our system architecture utilises two geographically separated UK-based data centres to facilitate near real-time data replication and service continuity. This dual-centre approach enhances our system's fault tolerance and availability, ensuring that client data remains accessible and secure, even during a partial system failure. Moreover, all data centres used adhere to ISO 27001 standards, providing further assurance of our operational resilience and security compliance. We also employ Azure's infrastructure-as-a-service for international clients, with default-enabled availability zones to minimise downtime and maximise resilience against regional disruptions. These measures ensure that Meddbase delivers a highly reliable and secure service to all users, irrespective of their location.
• Outage reporting: There's a public dashboard link is available on the Meddbase System which notifies users.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: We offer 2 FA and SSO to our clients, it is for our clients to ensure that, they are enabled.
• Access restrictions in management interfaces and support channels: Meddbase restricts access to management interfaces, support channels using several stringent controls.We utilise role-based access control (RBAC) across our systems to ensure that access is granted based on specific roles and responsibilities of users,thereby adhering to the principle of least privilege.Multi-factor authentication (MFA) is enforced for all our employees accessing sensitive systems and areas,providing an additional layer of security. We also enable our clients to implement geographical and IP-based restrictions to tailor access controls to their specific needs. These measures are supported by continuous monitoring and logging of access activities to promptly identify and respond to any unauthorized access attempts.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRQA
• ISO/IEC 27001 accreditation date: 13 January 2023
• What the ISO/IEC 27001 doesn’t cover: The scope of this approval is applicable to the technical; and organisational measures relevant to all systems and; processes directly involved in the protection of personal; health data and other special category data processed in; the context of the supply of custom electronic health; records management software to the healthcare industry,; according to the Statement of Applicability V1.n. All; systems and processes which do not have the direct; exposure to the personal health data and other special; category data, are excluded from the scope of this; certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Meddbase is dedicated to safeguarding information through rigorous policies and processes aligned with ISO 27001:2013 standards. Our Information Security Management System (ISMS) encompasses comprehensive policies for access control, asset management, change management, cryptography, and incident handling. We ensure adherence to these policies through an established governance structure that includes the Meddbase Board, the Executive Management Team, and a Governance, Risk, and Compliance (GRC) Working Group. Our security framework mandates regular internal audits, management reviews, and continuous improvement practices to adapt to emerging threats. The ISMS is underpinned by a clear accountability framework, with defined roles for the Executive Team, Heads of Departments, Process Owners, and all employees. Compliance is monitored by the GRC Working Group, and non-conformities are addressed through corrective actions. Regular training and awareness programs reinforce our commitment to information security across the organization.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our configuration and change management processes track service components throughout their lifecycle, ensuring continuous alignment with security and compliance standards. Each change undergoes a thorough security impact assessment, requiring a minimum of two approvals. Our approach integrates regular penetration testing and compliance with ISO27001:2013 standards to safeguard against potential security risks introduced by changes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management process is proactive and rigorous. We assess potential threats to our services by conducting regular penetration tests and employing real-time security monitoring. Patches are deployed swiftly following a thorough testing phase to ensure compatibility and system integrity—typically within 48 hours for critical vulnerabilities. We source information on potential threats from industry-leading security advisory services, as well as from alerts issued by the National Cyber Security Centre (NCSC) and our network of cloud infrastructure providers, ensuring a comprehensive approach to threat intelligence.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Meddbase employs continuous protective monitoring using advanced intrusion detection and prevention systems to identify potential compromises. On detecting a possible security breach, our incident response team is immediately alerted. The team assesses the severity and responds according to predefined protocols, aiming to contain and mitigate any impact promptly. We are committed to a rapid response, typically initiating action within an hour of detection, to safeguard data integrity and service continuity effectively.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management processes are structured and predefined for various common events to ensure swift and effective response. Users can report incidents through a dedicated support team, available via multiple channels including a helpdesk system, email, or phone. Following an incident, we deliver detailed reports to the relevant stakeholders, documenting the incident's nature, impact, response activities, and any required follow-up actions. These reports are aimed at providing transparency, facilitating continuous improvement, and upholding our commitment to security and client service excellence.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Various social activities supporting climate change and paperless office work.

  Covid-19 recovery

  Work from home flexibility, hygiene follow instructions in office - keep distance, wash hands etc.

  Tackling economic inequality

  Following standard UK pay wages and compensating each employee fairly and following inclusivity across the organsiation.

  Equal opportunity

  Diversity inclusion, gender equality, fair recruitment process, open job postings etc.

  Wellbeing

  Mental health programs, sufficient holidays, Gym memberships and well-being app support.

Pricing

• Price: £15,200 an instance
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at wtemple@meddbase.com. Tell them what format you need. It will help if you say what assistive technology you use.