CARD MEDIC LIMITED

CardMedic

CardMedic provides a safe way of bridging communication barriers in healthcare at the point of care. CardMedic is a digital library of pre-scripted, pre-translated content replicating common clinical conversations with patients and service users. Users can 'flex' CardMedic scripts to multiple language variations, read-aloud, 'easy read' and BSL.

Features

• Always on
• Device agnostic
• All content pre-scripted, validated and translated
• Sign language videos
• Live translate function
• Read-aloud
• Easy Read variants written by speech & language therapists
• Dozens of languages already supported
• Works offline

Benefits

• Improve outcomes for patients
• Improve health literacy
• Improve health equity
• Reduce delays caused by communication barriers
• Reduce costs of language service provision
• Reduce risk of misdiagnosis and mistreatment
• Improve medication compliance
• Reduce risk of litigation

£1,080 to £31,680 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jimgabriel@cardmedic.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

557256146918351

Contact

Jim Gabriel
07500048764
jimgabriel@cardmedic.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Users should always use the latest versions of the OS or browser.; ; Mobile Operating Systems:; • Apple iOS; • Android; ; Browsers:; • Microsoft Edge; • Google Chrome; • Mozilla Firefox; • Safari; ; CardMedic app version should be kept up-to-date on mobile devices to ensure latest features and content.; ; Users can select the video and audio content they wish to download; to their device for ‘Offline Working’ (to enable access to CardMedic when the mobile device is not connected to the internet).; ; Users are advised to keep their download preferences up-to-date as new content and languages are released over time.
• System requirements:
  • Supported browsers for web app: Edge, Chrome, Safari, Firefox
  • Supported OS for mobile devices: Apple iOS, Android
  • Latest versions of browsers / OS are supported
  • CardMedic mobile app must be kept up to date

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: CardMedic shall use all reasonable endeavors to resolve issues raised through the Support Services promptly, and in any case in accordance with the following time periods:; (a) Critical: [4 Business Hours];; (b) Serious: [8 Business Hours];; (c) Moderate: [4 Business Days]; and; (d) Minor: [10 Business Days].; (e) Change request: each to be evaluated and defined as project work which may be charged for separately.; Questions are triaged to the above.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: The standard CardMedic Service Level Agreement is extended to all customers. The costs of support are included in the subscription for CardMedic. Each customer has a human counterpart at CardMedic who looks after the account and helps the customer to achieve success. Contact with the support desk initially happens via email. ; ; Interpretation; - Business Hours: Monday to Friday from 0900-1700, excluding public holidays.; - Term: The subscription, usually 12 months; ; Contact; - Support email address.; - CardMedic ensures that the support email is operational and adequately staffed.; ; The Platform is designed to be operational 24 hours a day, 365 days a year and, as such, can be fully utilized outside of the designated business hours.; ; CardMedic will notify the Customer 48 hours prior to any planned downtime (exceptional circumstances).; ; Issues are categorized thus: ; (a) Critical: [Software inoperable];; (b) Serious: [core function significantly impaired];; (c) Moderate: [core function impaired but not seriously, or a non-core function is significantly impaired]; and; (d) Minor: [any impairment of the Software not falling into the above categories; and any cosmetic issue affecting the Software].; (e) Change request: a suggestion outside of a system issue to enhance the platform.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our Client Engagement team works with new customers to take them from zero to fully live, working to the customer's project goals in terms of where to start deploying and how rapidly to scale. The model cascades train-the-trainer style deployment support via clinical champions in each new department or specialty as they come online with CardMedic. We start with template project plans for the initial year, with weekly client engagement support meetings at the start and monthly by year end. The initial project lead on the customer side needs to be available for a minimum of 0.2 FTE (i.e. at least one day per week) before go-live, and minimum 0.1 FTE thereafter (half a day per week). The greater the commitment, the faster the deployment.; ; The CardMedic Client Engagement team supplies new customers with training, collaterals for training, artwork for comms support (posters, QR codes, demonstration videos, etc.). ; ; Training and client engagement meetings can take place online or onsite, however they usually happen online. Visits onsite to support deployments with floor-walking to socialise the proposition (and to survey staff and patients, if appropriate) is a standard part of most engagements.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customers subscribing to CardMedic are Data Controllers. Card Medic Ltd is the Data Processor. A data sharing agreement will be entered into defining the data being processed, the purpose, and the interactions. The data processed in CardMedic pertains to users working for the Data Controller. The data enables validation of users and analysis of usage. No special categories of personal data are stored in the CardMedic app by the Data Processor. No patient data is processed or stored in CardMedic. At all times, the data belongs to the customer. Data sharing occurs regularly during the contract for authentication, surveying and reporting purposes by the Data Controller. At the end of the contract, a final sharing of data will occur.
• End-of-contract process: CardMedic operates in two primary modes: paid, and unpaid. The paid for mode enables subscribing customers to have access to the full content library and support for client engagement. The unpaid mode allows unsupported access to a limited content library. The technical process of switching off CardMedic is straightforward: the Data Processor (Card Medic Ltd) changes the permissions for all users registered with the customer (the Data Controller) from paid to unpaid, thus restricting the access by all those users to unsupported access to a limited content library. For the Data Controller, the process may (optionally) incur an extra step of removing the app (or access to the app) from staff devices. ; ; Prior to taking this step, the Data Controller should alert all staff via communications that CardMedic will no longer be available. This communication step is in the interests of clinical safety as staff who have come to rely on CardMedic need to know that they will no longer be able to.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Differences are largely cosmetic or device specific. In principle, the mobile app and the web app are equivalent in function and operation. An example of a device-specific difference is the microphone: any speech-to-text functionality requires a working microphone; if the device does not have a microphone, speech-to-text is not available.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Content can be customised. This allows CardMedic to contain scripts that are specific to the customer and exclusively visible to that customer.; It is possible for CardMedic to create the customer-specific version of the content library on behalf of the customer. It is not currently possible for customers themselves to directly edit the content library, however.

Scaling

• Independence of resources: The service is supplied on the Amazon cloud (AWS) so the AWS guarantee is our guarantee.

Analytics

• Service usage metrics: Yes
• Metrics types: Customers receive at regular intervals a password-protected list of CardMedic registered users who belong to their organisation, in order for the Data Controller to: ; - monitor uptake of the CardMedic app in their organisation, ; - (optionally) request CardMedic end user feedback and/or ; - (optionally) request specific engagement from CardMedic end users. ; Data usage pertaining to cards and language variations used is also reported.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
• Other data at rest protection approach: AWS compliant with Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: As of the date of the application to G-Cloud 14, exporting data is managed by the Data Processor (Card Medic Ltd) on behalf of the Data Controller (the user / customer). Regular meetings are set up during the subscription period in which the Client Engagement team for CardMedic liaise with representative users (usually clinical champions), and the latest data export is shared prior to or during these meetings.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: CardMedic is supplied with standard SLA terms to cover issues ranging from Critical (service unavailable, 4 business hours to fix), through Serious (core function impaired, 8 business hours to fix), Moderate (non-core function impaired or core function impaired but not significantly, 4 business days to fix), Minor (anything else not included above, and not a change request, 10 business days to fix), and Change Request (a suggestion outside a system issue, a request to enhance the platform). Please note that CardMedic is hosted by AWS, so by extension the CardMedic service level agreements (SLA) depend on the SLA for the AWS hosting services, which ought to be impeccable. That notwithstanding, CardMedic is not a mission-critical service, and is also relatively low cost. To date, we have not experienced irregular outages of any significance, so there is not yet any practicable structural policy of refunding users if guaranteed levels of availability are not met. All of our current customer contracts exclude terms for recompense and none of our current customers has requested terms for recompense.
• Approach to resilience: Available on request. CardMedic is software as a service (SaaS), hosted on AWS.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Through dedicated accounts and 2-factor authentication.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: NHS DSP Toolkit / Cyber Essentials
• Information security policies and processes: Card Medic Ltd has an IG policy framework designed to be inclusive of all CardMedic staff and roles. Security training begins with onboarding and continues throughout. Policies cover Data Protection, Data Quality, Data Security and Record Keeping.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change management is driven through our Product Roadmap and development process. Any required change is risk assessed prior to entering development. Where potential threats are identified a Penetration test will be conducted prior to release.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Any change to the business or product environment is assessed for potential threat prior to deployment.; ; Hot fix patches can be deployed within 24 hours, if the fix is to roll back to a prior release this can be conducted within a short timescale.; ; A technical and security risk assessment of every change.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Possible compromises are escalated immediately to the Managing Director and the incident management process is followed.
• Incident management type: Supplier-defined controls
• Incident management approach: Notified incidents are reported through a Support Desk and triaged. Dependent on the triage outcome the issue follows a standard prioritisation into the development team for investigation and resolution.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  CardMedic helps staff to bridge communication gaps with patients and service users in healthcare settings by giving staff access to a digital library of pre-scripted, pre-translated conversations. The use of a digital solution instead of face-to-face services saves the logistics and carbon-footprint of travel.

  Covid-19 recovery

  CardMedic was created initially in response to the Covid-19 pandemic, which led to staff struggling to communicate with patients in healthcare settings due to PPE, isolation, and noise levels in (for example) intensive care and critical care settings. Providing an alternative to spoken dialogue while enabling staff and patients to maintain a safe social distance is still a key benefit of CardMedic.

  Tackling economic inequality

  Health inequality and economic inequality are connected. Where there is deprivation, there is reduced health equity. Barriers to communication in healthcare occur more frequently where there are higher levels of poverty in the local population, a situation that is exacerbated by the predominance of transient and immigrant communities struggling to live affordably. Economic inequality is increased by health inequality, so this is a vicious circle. Providing a way of communicating equitably is a key ingredient in the following:; - Trust; - Education; - Health literacy; - Prevention; - Inclusivity...; ...leading to increased ability to function in a wage-earning society. CardMedic plays a significant role in this regard.

  Equal opportunity

  Health equity is all about the level playing field -- all patients and service users deserve equitable healthcare, and the ability to communicate is a key part of this. CardMedic is an enabler in this regard.

  Wellbeing

  By improving health literacy, patients will be better informed and feel empowered to engage in the shared decision-making process. Involving patients in managing their healthcare improves medication compliance, reduces incidence of mental health issues and lowers morbidity and mortality.

Pricing

• Price: £1,080 to £31,680 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The free version of CardMedic can be used via a browser (web app) or mobile app by anybody anywhere who successfully completes email validation. This version has limited content (emergency content only) and functionality, and is not supported. No time limit is applied.
• Link to free trial: https://app.cardmedic.com/signup

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jimgabriel@cardmedic.com. Tell them what format you need. It will help if you say what assistive technology you use.