NEUREX AI LIMITED

Neurex iPACS : AI Powered Image viewer, exchange & reporting platform

Neurex iPACS is AI Powered Medical Image Management, Sharing and Exchange Platform. It ensures image and data integrity, high-availability, and performance. AI automates report generation, image annotations and operate inside, outside and across the NHS trust network, using compression and encryption. Our proprietary PACS viewer is highly optimised for cloud.

Features

• Extendable and scalable Cloud platform
• Secure and trusted Cloud Storage
• AI generated study report and image annotation
• Supports all modalities such as MR/CT/PET, CR, US & MG.
• Seamless HL7 integration with EPR
• Fast, secure transfer - DICOM, WADO, HL7
• Secure real-time image sharing to anyone, anywhere
• AI powered intelligent routing mechanism
• Comprehensive ACL to manage user roles and granularity in access.
• HIPAA and GDPR compliant

Benefits

• Minimize cost of storage, hardware maintenance, and IT infrastructure.
• Eliminate the need for CDs through cloud-based image sharing.
• Seamlessly integrate images into patient portals and EPR.
• Vendor agnostic flexible and scalable storage capabilities.
• Integrated reporting with EPR
• Reduced delays in reporting of radiology examinations
• Reduce workload pressures and quality concerns
• Reduce burden on radiologist and reduce backlogs
• Early detection of rare diseases using trained AI model

£400 to £1,200 a unit a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at anupam.das@thoughti.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

520118776638583

Contact

ANUPAM DAS
07442009457
anupam.das@thoughti.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Private cloud component runs on Windows Server 2012 R2 64-bit or higher and a minimum of 8 cores, 32GB memory and 250GB SSD
• System requirements:
  • Microsoft Windows Server 2012 R2 64-bit
  • Hardware 8 core, 32GB 250GB SSD
  • VPN access for installation and support
  • TLS enabled for access to Neurex Platform
  • Signed SSL certificate

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 9:00 - 17:00 Monday to Friday support response. Tickets can be logged at any time.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Client support is provided at no extra cost, and is included in standard terms and conditions of contract. For Severity 1 issues customers may contact support via the support telephone number. For Severity 2,3,4,5 issues customers may contact Support via the Neurex Support Portal as well as emails via 'support@neurexhealth.ai'. When an issue is reported by a customer, the Support team will respond to the customer within the time designated by the SLA identified in the customer's contract. All clients will be provided an Account Manager and a Support Lead. Support is provided 9:00 to 17:00 UK Monday to Friday excluding public holidays.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite training, online training and user documentation are all provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Standard functionality within the solution enables customer data to be extracted via either a SQL database or csv format file extraction.
• End-of-contract process: At the end of the contract user accounts for the customer site would be disabled and any private cloud components of the solution would also be disabled. Customer data both in terms of input and results can be extracted from the solution as part of standard functionality.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile version is for ambient scribing and dashboard view.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Documented APIs are available which allow integration between Neurex RevFlow and other local systems. APIs provide access to automated coding and analysis capabilities, as well as the ability to load clinical narrative documentation into the system. All system set up and configuration processes are undertaken directly through the system's user interface.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Single tenant hosting provision.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data is made available via APIs and or ETL, as well as SQL dump or csv file extractions.
• Data export formats:
  • CSV
  • Other
• Other data export formats: SQL Dump
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • HL7
  • FHIR Resource

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The SLA provided for the service is available between 9:00 and 17:00 Monday through Friday, excluding public holidays.
• Approach to resilience: Each layer in the Neurex architecture is distributed across availability zones. Because availability zones are geographically separated data centers with independent access to power and networking, operations continue even if one or two availability zones become unavailable. In addition, the database storage layer leverages the cloud provider’s resilient; storage service to provide highly durable, costeffective storage. When a transaction is committed in Neurex, the data is securely stored in the cloud; provider’s highly durable data storage, which enables data survival in the event of the loss of one or more disks, servers, or even data centers. It is designed for eleven 9s (99.999999999%) of data durability.
• Outage reporting: Public dashboard at https://status.neurexhealth.ai/; ; Anyone can subscribe to e-mail alerts via the above status page

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Authentication requirements configurable. ; Username/password authentication with or without MFA.; OAuth 2.0 either with built in or external OAuth server.; Federated authentication & SSO with configurable identify providers via Okta, AD FA or other SAML2.0 compliant service.
• Access restrictions in management interfaces and support channels: Management Interfaces and support channels are secured using roles applied to users to maintain the separation of ability of users. The system is designed to allow only specific and absolutely necessary users the ability to alter authentication and authorisation. Default permission for new users is always set to deny all access until it is specifically granted by and administrative account.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Level of access is determined by user role. Process for authentication for management access is exactly the same as all other user authentication.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: HIPAA
• Information security policies and processes: Neurex has an Information Security Policy and an IT Code of Practice which are reviewed by each employee as part of induction and signed as reviewed before any access is granted to Neurex systems. The Neurex HIPAA Manual sets out policies and procedures relating to technical, physical, and administrative controls in support of the HIPAA legislation. As part of HIPAA an annual risk assessment is undertaken and reviewed covering physical, technical and administrative safeguards. All employees undergo compulsory HIPAA training as part of induction and annual HIPAA refresher training. HIPAA compliance is backed off to a HIPAA compliant hosting partner hipaavault.com Neurex has an appointed Privacy and Security Officer.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All software updates are handled by Neurex themselves with no user intervention.; Security announcements, services alerts, pending behaviour changes and release history are available at https://community.neurexhealth.ai/announcements ; ; Anyone can subscribe to e-mail notifications of any of these announcements from the same page
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats at the hosting level are assessed on an ongoing and proactive basis by our hosting partner hipaavault conforming to CSA CCM v3/SSAE-16. The exact details are subject to non disclosure. Threat testing is undertaken regularly in relation to the Neurex product components of the service. Issues identified are mitigated inline with their severity and impact. Monthly vulnerability testing of the overall service take place utilising industry standard independent cyber risk management software.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Protective monitoring of the service is provided by our hosting partner hipaavault. Full details of this are subject to a non disclosure.
• Incident management type: Supplier-defined controls
• Incident management approach: An incident can pertain to a number of areas across the service. Incidents from customers will be raised with the Neurex Support team through phone, portal or email and logged on our industry standard support system. Common FAQs are available through this system also. Should an incident relate to the hosting then it can be escalated to Neurex.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  We endeavour to do our best in fighting climate change and have made an active effort to switch our delivery to remote working vs onsite delivery where possible, thus reducing our travel & impact on the environment.

Pricing

• Price: £400 to £1,200 a unit a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: For educational medical schools and health tech departments of NHS organizations, we offer a limited time free version for joint research and proof of concept.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at anupam.das@thoughti.com. Tell them what format you need. It will help if you say what assistive technology you use.