PCMIS Case Management System

PCMIS is an easy to use digital case management system for mental health, CYP and NHS Talking Therapies (IAPT). PCMIS is a clinically proven and evidence based system. PCMIS supports a wide range of pathways, risk management, patient tracking and analysis, helping you to effectively monitor and report service activity.


  • Highly configurable and flexible system
  • Dynamic and granular real-time reporting options
  • Built-in, evidence based clinically proven risk management technology
  • Seamless integration with digital therapies and other clinical systems
  • Integrated Digital Pathway for online patient access and Spine Integration
  • Intuitive User Interface and system design
  • NHS Dataset compliant including IAPT and MHSDS data sets
  • Centralised appointment and slot booking system
  • Comprehensive Clinical Note section and Supervisor Notes
  • Pathways supported include IAPT, CYP, Staff Wellbeing and Complex Services


  • Effectively manage risk and prevent deterioration
  • Improve patient engagement with online digital patient portal services
  • Reduce time consuming administration tasks and processes
  • Achieve 360 view of service performance using dynamic reporting dashboards
  • Increase patient engagement with integrated SMS text communications
  • Ensure the highest levels of data quality, completeness and compliance
  • Enjoy full system access remotely and securely
  • Access comprehensive user guides and video walk-throughs for staff training
  • Integrate with a range of Digital Therapies and Clinical Systems
  • Reduce treatment and administration costs and increase outcomes


£4,950.00 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@pcmis.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

4 8 8 7 9 8 4 7 5 2 6 4 3 0 4


Telephone: 01904 321322
Email: enquiries@pcmis.com

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
A current supported web browser is required with at least 2Mbps Internet Connection.
System requirements
  • Current supported Web Browser including Edge, Chrome, Safari and Mozilla
  • Internet, VPN or HSCN/NHSNet Connection
  • Minimum Internet Speed of 2 Mbps

User support

Email or online ticketing support
Email or online ticketing
Support response times
Telephone and email support, 08:30-17:00 Monday to Friday. Excludes bank holidays and public holidays.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
A dedicated PCMIS client engagement manager will be assigned to the life time of the contract to monitor and review contract performance. System service management is proactively monitored and any issues raise automatic alerts to the PCMIS support team who will investigate as a priority.
The delivery of PCMIS is supported by a dedicated service desk team and is included within the contract as standard. Project management and system development team ensuring that an acceptable level of service is provided. We are passionate about providing a high quality service. 8 out of 10 services ranked PCMIS as good or very good in the following areas; customer contact and communication, data protection and security, PCMIS system functionality, compared to other IT systems and help desk support.
Support available to third parties

Onboarding and offboarding

Getting started
A dedicated Client Engagement Manager will be assigned to your service and a kick off meeting arranged to gather and elicit service requirements and project scope. A project plan and timescales will be produced and used to manage and track progress of system implementation. The PCMIS business team and BA team will undertake initial scoping and project management, system configuration and training needs analysis. UAT will be included to ensure sign off of system and that it meets service requirements.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Video Guides
  • DOCX
  • DOC
  • XLSX
  • XLS
End-of-contract data extraction
At the end of a contract, all service data will be returned to the organisation that holds the contract for that instance of PCMIS (the service), who is the Data Controller.

A single file transfer of the data will be sent to the service securely within thirty days following the termination of the contract. Data will be returned in a standard CSV format and uploaded documents attached to patient records will be returned in their original file format.
End-of-contract process
All data will be securely destroyed using industry standard NHS approved data destruction tools. A single full data extract is included within the price of the contract. Additional data extracts are chargeable, please see the rates card for pricing.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Service interface
User support accessibility
WCAG 2.1 AA or EN 301 549
What users can and can't do using the API
PCMIS supports a wide range of system integration capability using PCMIS API Web Services and coding standards including HL7, XML and JSON through integration with digital therapy platforms, national and local Trust integration engines.

The following interfaces have been developed and are currently operationally live:
Web API IAPT Portal eReferrals
Web API IAPT Patient Portal
Web API Platform integration with Digital Enabled Therapies
Web API eReferral registration integrated with Digital Enabled Therapies
Healthy London Partnership eReferral Integration
NHS Choices/NHS.UK eReferrals
NHS Spine
Postcode Lookup API
SMS Appointment Reminder API
Patient Portal Appointment Reminder API
Patient Experience PEQ SMS API
Patient Portal Choose and Book API
Patient Portal SMS API
Database Analytics API

Implementation and changes are coordinated via PCMIS Support.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
PCMIS includes a high level of flexibility and customisation, including the ability to add/remove and update data fields on data entry screens through assigned system permissions, including custom fields, customising drop down items, setting fields as mandatory and adding local reporting items.
PCMIS menus are tailored to access levels. Built in systems permissions grant/deny access to menu items and built-in user preferences can be set to customise individual view settings.
Display columns are configurable to allow users to select which details are to be included in the display.
PCMIS system configurability including custom fields, custom forms, letter templates and configurable care pathways can all be used to create and define local care plans.
Built in role based systems permissions allow users with the appropriate system access to add/amend reference data. These permissions are granular and can be setup to ensure only appropriate users can amend appropriate fields.
Granular system permissions and comprehensive audit trails ensure appropriate clinical access and governance is maintained.


Independence of resources
PCMIS operates on a dedicated server, data is not shared or accessible by any other organisation, guaranteeing data security but also high performance as the speed of the system will not affected by numbers of active users.

PCMIS is hosted on scalable infrastructure using state of art technologies and by default can support over1,000,000 patient records. The architecture of the storage capacity is designed not to impact the system operations.


Service usage metrics
Metrics types
PCMIS operates on a dedicated server, data is not shared or accessible by any other organisation, guaranteeing data security but also high performance as the speed of the system will not affected by numbers of active users.
We provide a high level of resilience and capacity using dedicated servers with fail-over to ensure high availability.Any performance or service delivery incidents are reported automatically using built in network system monitoring. PCMIS operates with spare capacity and additional capacity is available for future increased volumes.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data will be returned in a standard CSV format by PCMIS Support using a fully encrypted and secure transfer facility.
Data export formats
Data import formats
  • CSV
  • Other
Other data import formats
  • SQL
  • Excel
  • Word
  • PDF

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
All transferred data is fully encrypted throughout the entire technology stack. PCMIS is protected by five levels of security including internal and external E3 compliant firewalls and Elliptic Curve Cryptography (ECC) technology.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
All transferred data is fully encrypted throughout the entire technology stack using the latest Elliptic Curve Cryptography.

Availability and resilience

Guaranteed availability
Our average up time exceeds 99.9256%, which includes downtime for scheduled out of hours system patches (that may require a server restart). A service level agreement is available on request.
Approach to resilience
A high level of resilience is built into PCMIS to ensure the highest levels of availability.
The PCMIS application is hosted on infrastructure with built in fail-over and redundancy, including backup power generators with 24 hour backup power.
Outage reporting
Email alerts are used to inform services in advance of any planned maintenance. We aim to provide at least one week advance notice for maintenance and two weeks advance notice for system upgrades.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Role based access, application security controls, system permissions and firewall network restrictions are used to restrict system permissions, system access and access to management interfaces.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
NHS Digital Data Security Protection Toolkit (Level 3)

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
Cyber Essentials Plus.
NHS Digital Data Security and Protection Toolkit (DSPT) Level 3.
Information security policies and processes
PCMIS is Cyber Essentials Plus accredited, NHS Digital DSPT Approved and hosted within an ISO27001 compliant data centre. We have a dedicated internal security team and are annually audited by CREST security specialist. Controls and security policies are implemented to ensure patient data is protected at all times. Mandatory Information Governance/Data Security training is annually monitored for all staff. Spot checks are undertaken and all security policies are annually reviewed including Disaster Recovery, Business Continuity, Acceptable Use Policy,Secure Application Development, Physical Access, Patch Management and Anti-virus/anti-malware policy.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
ITIL best practice change management process is used to approve any security changes. Staff are ITIL qualified.Change requests are logged, risk assessment undertaken and approval process signed off prior to any configuration changes. The risk assessment process is used to identify and potential security impact. The requests for change(RFC's) are linked to Incident Management process to allow components to be tracked through their lifetime. Each release of PCMIS also includes Privacy Impact Assessment and Clinical Risk Assessment compliant with NHS Digital DCB160/DCB0129. Application development changes are tracked using centrally managed version control with access control.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
PCMIS receives automatic notification of any potential threats and vulnerabilities from security bulletins, from the specialist security team and direct from IT system suppliers. Application vulnerability scanning is undertaken, IT security specialist are used to assess any risks and critical patches are installed within 48 hours, following internal testing. Monthly released security updates are installed within 14 days of release.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
A dedicated security team proactively monitor security threats. Automated frequent vulnerability scanning is undertaken. Annual penetration testing is undertaken by external security specialists. Any identified threat would be responded to immediately.
Incident management type
Supplier-defined controls
Incident management approach
Incidents are reported to senior management immediately and the security and data protection team informed. An incident report is completed and reviewed by security and IG specialists to identify impact and actions taken compliant with best practice security and GDPR. Client will be contact immediately and actions are reviewed and implemented on all systems and processes involved in the incident to mitigate further risk and prevent further re-occurrence.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Connected networks
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)

Social Value

Fighting climate change

Fighting climate change

As a Software As A Service (SAAS) system provider our case management system and supporting digital technologies are designed to reduce paper use in service by automating and digitising a lot of tasks traditionally done by administrative and clinical teams. Our online eReferral forms and Patient Portal SMS functionality remove the need for paper form completion before and during appointments, and cut down significantly on the need for communicating with patients by postal letters.

As a wholly-owned subsidiary company of the University of York, we adhere to and support their Sustainability Plan which commits to carbon neutrality by 2030
Covid-19 recovery

Covid-19 recovery

As an employer we have supported our workforce through the Covid-19 pandemic, facilitating a safe working environment and encouraging a hybrid working approach to minimise risk.

As an NHS technology supplier we are actively involved in supporting the Covid-19 recovery through provision of digital triage and case management tools for a range of COVID-19 specific mental health services. We have also made COVID-19 related data items available in our system to support NHS and ONS (Office for National Statistics) data gathering as part of the ongoing effort to understand and overcome the impact of the pandemic.
Tackling economic inequality

Tackling economic inequality

PCMIS is a wholly-owned subsidiary company of the University of York. The University of York exists to aid public good. As such, the University has a range of scholarship funds, established to support students to come to York from underrepresented backgrounds including asylum-seeking students, those who have disabilities, those from Black and Minority Ethnic (BAME) backgrounds, as well those who are the first in their families to access higher education and those who are living in, or have lived in, the care system in the UK for neglected and abused children and young people.
Equal opportunity

Equal opportunity

As a wholly-owned subsidiary company of the University of York, PCMIS strives to be diverse and inclusive – a place where we can all be ourselves. The University particularly encourages applications from people who identify as Black, Asian or from a Minority Ethnic background, who are underrepresented at the University.
We offer family friendly, flexible working arrangements, with forums and inclusive facilities to support our staff.


PCMIS technology is clinically proven to facilitate better mental health care treatment outcomes. Our technology is utilised by a range of mental health and wellbeing services, from NHS IAPT or Staff Wellbeing Services to Eating Disorder Services and Student Support.

All technical development and system improvements are underpinned by innovative, evidence based mental health research, transforming clinical insight and study into real world impact. As a team we work towards one goal: Improving Patient Wellbeing.


£4,950.00 a unit a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@pcmis.com. Tell them what format you need. It will help if you say what assistive technology you use.