BIG PICTURE MEDICAL LTD

BPM solutions

BPM Platform offers highly configurable and modular no-code toolset to manage healthcare data based on OpenEHR specifications. The platforms offers capabilities to visually model clinical pathways, widgets, health applications, complex integrations and workflows across various healthcare systems.

Features

• Low-code tools for rapid pathway design and development
• Platform uses Data from multiple sources presented in single view.
• Clinically rich and interoperable data standards with Blocks
• Library of Pathway and Block templates configurable to use cases.
• An enriched experience with embedded charts and communication capabilities.
• Configurable low-code workflow engine for healthcare data integration
• An extensible catalog of connectors including NHS APIs
• Hero: Customisable data catalog using innovative semantic layer
• Configurable governance and quality tools managing data across healthcare systems
• Configurable transformation language toolsets supporting mappings across data standards

Benefits

• Access to a unified view of the patient
• Complement and augment existing systems (EHR, EPR)
• Rapidly and safely create and transform pathways and treatment protocols
• Capture and display correct data to the right people
• Integrate legacy and modern systems regardless of underlying data standards
• Modernise and extend the capabilities of existing healthcare systems
• Augment and integrate intelligent services with the existing healthcare systems

£75,000 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alan@bigpicturemedical.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

544327769943197

Contact

Alan Bonfield
+447939129791
alan@bigpicturemedical.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Our low-code no-code platform that allows integrating with a range of healthcare systems using different healthcare standards (including OpenEHR/FHIR/HL7/Proprietary formats) and also develop a range of clinical/health applications
• Cloud deployment model: Public cloud
• Service constraints: Maintenance arrangements are planned with the customer. Support is limited to none End of Life Operating Systems. The cover for hardware configurations is determined per customer, but largely includes Windows or Apple-based Operating Systems.
• System requirements:
  • Internet connection: Broadband wired or wireless (5G/4G/LTE)
  • Internet Speed: 8+ Mbps up minimum. CPU/RAM/HDD:
  • Big Picture device integration software requires additional 2GB HDD
  • The service is browser-based, therefore runs on all systems
  • Screen Resolution768px minimum width

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 - 4 helpdesk hours response time, P2 - 6 helpdesk hours response time, P3-P5- two business days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Tier 3 (Subject Matter Support) - Big Picture Medical Support Team; Role: Specialised support, handling the escalation of complex issues; Responsibilities:; - Escalation point for Tier 2 (customer’s application support team); - Customer-facing solution development; - Collaboration with engineering and development teams; - Incident Management; ; Tier 4 (Subject Matter Specialists) - Big Picture Medical Engineering and Development Teams; Role: Highly specialised experts, handling the most complex issues; Responsibilities:; - In-depth technical analysis and solution development; -Problem Management; - Collaboration with BPM Support
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Users are provided with a knowledge base of articles and FAQs relating to core platform features and functionality. Configurable modules including Pathways and HDF configured on the platform are supplemented with module-specific guides, providing an overview of the capabilities and instructions including demo videos on how to use the specific features within the modules.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: To the extent that the HDF persists data, it is persisted in standards based format (Open EHR). Should the user require their data to be converted to another format for extraction, this is a core service function of the HDF. The HDF data transformation services would be used to convert from Open EHR to the preferred format (even if that format is legacy related to the user’s in house systems)
• End-of-contract process: Agreement to end contract: The offboarding process begins with notification of the intention to terminate services. This notification details on the timeline and procedures for offboarding.; ; Data Backup: Before data deletion or transfer, a backup of the customer's data is created to ensure that no data is lost during the offboarding process.; ; Data Transfer or Deletion: Depending on the customer's preference and contractual agreements, their data is either securely transferred to them or securely deleted from the provider's systems. This process follows industry best practices and regulatory requirements to ensure data privacy & security.; ; Account Closure and Access Revocation: All user accounts and access privileges associated with the customer's services are closed or revoked to prevent unauthorised access.; ; Final Billing and Settlement: Any outstanding payments or financial obligations are settled.; ; Confirmation and Documentation: Once the offboarding process is complete, both parties confirm that all necessary steps have been taken. Documentation of the offboarding process, including data transfer or deletion, is retained for audit and compliance purposes.; ; Throughout both the onboarding and offboarding processes, security and compliance with relevant regulations are of paramount importance. These processes are regularly reviewed and updated to reflect changes in technology, regulations, and best practices.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Patient servicing web application is responsive so can be viewed on a mobile, tablet and desktop device. There is no difference in functionality between the different screen sizes
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Our systems expose service interfaces to allow data interoperability and transformation through the use of REST API’s interoperable data standards including OpenEHR and FHIR and configurable custom data connector services
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Patient web application; Accessibility WCAG 2.1 AA, testing performed using browser plugins (AXE and Wave ) along with manual testing of accessible components like screen reading and keyboard controls by our QA & Design team.
• API: Yes
• What users can and can't do using the API: Authenticated/Authorised users can register system/service to access the platform; ; Authenticated/Authorised users can manage and execute workflows via platform APIs
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our service is fully configurable and customisable, with the ability for users to configure (either self-service or via our team) the data fields captured as well as the workflows through which the data passes. ; ; This customisation is via self-service tooling specific to our workflow engine, and can be executed either by our internal informatics teams or by customers themselves. Only users with appropriate permissions (as determined by the customer themselves) have access to make these changes.

Scaling

• Independence of resources: The platform is currently single-tenanted. As such, resources are entirely environment-independent, ensuring no impact on other customers.

Analytics

• Service usage metrics: Yes
• Metrics types: We have real-time dashboards providing key metrics on performance of our configurable pathways, including patient metrics and internal efficiency measures.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Cloud provider physical security controls, all data encrypted at rest using cloud provider managed functionality with application specific keys.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The configurable platform allows users to retrieve access to their data via our support channels in line with the individual contractual arrangements for each customer. This data is available in open standards formats including OpenEHR.; ; HDF allows users to format and export data in different formats including OpenEHR, FHIR, etc. other platform data is stored in traditional database that can be exported in different formats including CSV and Json.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats: Flexible connector model supports proprietary formats

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our system provides 99.6% availability.
• Approach to resilience: All production services utilise cloud-provider multi-AZ configuration, multiple application containers with automated health detection and failover, and automated backups.
• Outage reporting: Private alarm dashboards inside cloud provider console, alerts delivered to engineering teams via corporate messaging system.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is restricted through role-based access control (RBAC), requiring users to authenticate with unique credentials. Multi-factor authentication (MFA) enhances security. Additionally, environment access is limited to VPNs. Regular audits ensure compliance and identify unauthorised access attempts. Encryption and secure protocols safeguard data transmission. Training staff on security best practices fosters a security-conscious culture.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: UKAS
• ISO/IEC 27001 accreditation date: 05/07/2022
• What the ISO/IEC 27001 doesn’t cover: The certification covers the following scope: “Provision of a SaaS-based intelligent pathway technology to support collaborative healthcare delivery and clinical research within the; healthcare eco-system"
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: HIPAA Seal of Compliance

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have information security policies in place that align to our current ISO27001 certification.; ; We have a management structure for Information Security which consists of;; - ISMS Management Review Board; - InfoSec & Privacy Working Group (reporting to ISMS Man Rev Group).; ; We undertake regular internal audits to ensure that the ISMS is running effectively, and that staff are following policies. All staff have to formally attest to key Information Security Policies on commencement.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and change management is aligned with policies and procedures compliant with ISO 27001 / best practices. Software components are versioned and only deployed to production after multiple level review including code correctness, security standard compliance , and automated / manual testing. Unreviewed changes are not permitted, reviewers evaluate code against documented security and quality standards. Testing for quality and security is performed by automated best-practice review tools and a dedicated QA team, no code or configuration is released without passing testing. In addition, an architectural review group reviews all major system, design or configuration changes, including reviewing security aspects
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We utilise automation tools for vulnerability management by continuously monitoring project dependencies for known vulnerabilities. When vulnerabilities are detected, it automatically generates pull requests to update affected dependencies to their latest secure versions. It includes detailed security advisories, and integrates seamlessly with our version control system.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have malware protection software in place along with monitoring and alerting systems
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management policy and plan implemented, including incident response plans and streamlined for efficiency and effectiveness. Users report incidents through designated channels through dedicated helpdesk systems, facilitating prompt awareness. Major Incident reports are provided through comprehensive documentation, detailing the event's nature, impact, resolution steps, and preventive measures. These reports are disseminated via email notifications ensuring transparency and enabling stakeholders to stay informed. Our consistent adherence to structured procedures enhances problem-solving capabilities and fosters a proactive approach to handling incidents.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: NHS Network (N3)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  New distributed and collaborative care models enabled through our configurable platform facilitates (among others) patients receiving quality care from their own home or a nearby clinic - reducing the carbon footprint of traveling (by car/train/bus) into the hospital; ; In addition, our digital first solution reduces the need for paper products along the pathway

  Covid-19 recovery

  New distributed and collaborative care models enabled through our configurable platform has a direct positive impact on reducing appointment back logs, patient wait times, bed days and service costs for the NHS (which have all been exacerbated through Covid).

  Equal opportunity

  Our pricing structure allows both large, well funded trusts to be benefit from transformational change, as well as individual providers / researchers with the purchase of individual pathways.

  Wellbeing

  Our configurable platform enables more holistic models of care for patients, to include their mental, as well as physical, wellbeing

Pricing

• Price: £75,000 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alan@bigpicturemedical.com. Tell them what format you need. It will help if you say what assistive technology you use.