ToukanEyes Ltd

OpenERS (Eyecare Electronic Referrals and Imaging Diagnostics)

ToukanLabs is a professional services partner providing accredited implementation, training and support services for OpenEyes EMR for Ophthalmology. As a partner ToukanLabs ensures clinical data integrates with hospital workflows, existing PAS Systems and Ophthalmology devices. ToukanLabs is ISO9001, DSP Tool Kit and Cyber Essentials accredited.

Features

• Electronic Image storing and referrals
• Analytics data is provided real-time to support clinical auditing
• Ophthalmic Device Integration: IOL Biometry, Visual Fields, Fundus Camera, OCT
• Configurable Pathway workflows and triage functionality

Benefits

• PAS integration for role based work-lists facilitating direct patient selection
• Dashboards summarising referrals, responses and KPI analytics
• Web based light weight image diagnostics
• Streamlined image storing and referrals for efficiency.
• Real-time analytics aid clinical decision-making.
• Seamless integration of ophthalmic devices for comprehensive assessments.
• Customisable workflows and triage for optimised operations.

£2,500 to £6,500 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gulfam@toukanlabs.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

579048442608684

Contact

Gulfam Yunus
02080578877
gulfam@toukanlabs.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Configuration / Implementation / Integration / Training / Go-live Floor Walkers
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: The standard support contract is 18 months from ‘Go-Live’, however this can be changed through mutual agreement.
• System requirements:
  • Is accessed from any device capable of running a browser
  • Hosted in Private NHS Cloud or public cloud

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Target response is within 1 hour.; Response to critical incident is 15 minutes
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: ToukanLabs as standard will provide 3rd line support with the 1st and 2nd line support provided by the clients existing service desk.; Our support desk software can be linked to the clients, enabling support tickets to be passed to ToukanLabs without the need for re-keying, this then enables client tracking of all issues to resolution.; Standard support hours are 09:00 to 17:00 hours, however ToukanLabs is a global company and can offer a follow the sun support desk. ; ToukanLabs adheres to ITIL Service management practices and providing expecting service reporting at periodic and scheduled client reviews. We also provide a dedicated account manager who will hold regular review with the client stakeholder and user group.; Support costs are typically between £4,500 and £5,500 / month depending on the size of the implementation and support level required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Base service onboarding includes software installation, integration with active directory (LDAP), receiving patient and list update integration (HL7 ADT), system configuration guides, and user guides.; Supporting video clips will also be provided.; ; Additional onboarding services can be provided against our standard rate card, including:; - Pathway mapping ("as is" and digital "to be"); - Implementation; - Configuration; - Integration; - User Training; - Train-the-trainer Training; - Online Training Documentation; - Go-live Desk Notes; - Go-live Floor Walkers; - Ongoing Application Support and Maintenance; ; See price book for more details.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Virtual training videos
  • Interactive training with scored questions
  • Webinars
• End-of-contract data extraction: ToukanLabs provides a complete and open copy of the database to the customer at the end of the contract (via IG safe channels), in database export or SQL script format.; ; Other export formats or data migration services are available if required, upon request, charged against our standard rate card.; ; There is also the option for the provision of Full access to mysql database export facilities.
• End-of-contract process: Support & maintenance is removed. ; ; ToukanLabs will provide open access to the underlying data and the option to provide a complete and open copy of the database to the customer at the end of the contract (via IG safe channels), in database export or SQL script format.; ; Other export formats or data migration services are available if required, upon request.; ; Where ToukanLabs consultancy services are requested, these charges are on our published rate card.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None,; The application is designed to run in a web browser (Chrome/Edge), and also for use with pen and touch screen input mobile devices supporting Chrome browser.; The application also supports speech dictation from most 3rd party products.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: The user interface runs in a HTML5 standards compliant web browser.; Non-patient identifiable data submissions from community optometrists are via a RESTful API interface.
• Accessibility standards: None or don’t know
• Description of accessibility: All non-text content that is presented to the user has a text alternative that serves the equivalent purpose. Compatible with all desktop text to speech technology.
• Accessibility testing: Tested application with Dragon text-to-speech for dictation.
• API: Yes
• What users can and can't do using the API: Integrate with PAS, medical devices, Community Optoms and Hospital Acute EMR Systems; ; Support Interoperability Standards include:; HL7, FHIR, DICOM, REST; ; (Patient administration) PAS APIS and connection engine for interfacing into medical devices
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: OpenERS is highly customisable, and all aspects can be tailored to meet the operational and clinical needs of the Trust or Health Board.; ; Authorised end-users can customise the application using the administration screens, including reference data, workflow, user RBAC, triagem, Image diagnostic views.; ; Any other aspect of the application can be configured upon request.

Scaling

• Independence of resources: For cloud hosted environments, dynamic resource allocation is used where the provision of compute, memory and disk resources are assigned as and when required.; ; ToukanLabs applies good architectural principles such as dedicated 'Live' instance, a separate reporting service and user resource caps.

Analytics

• Service usage metrics: Yes
• Metrics types: Service usage metrics collected in the application, in the web server and database tier.; ; User metrics are captured through continuous load and performance testing to provide metrics such as, maximum theoretical load, notification of any improvement or degradation of performance following a software release, real time information of the current system health.; All metrics are available to be viewed by the client through an online dashboard.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: OpenERS comes with inbuilt report and data extract tools. ; ; Direct SQL extract tools can also be used.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: N3 / HSCN connection or encrypted connection with secure NHS cloud data centre.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: Secure closed network with Trust's hospital infrastructure or in secure NHS cloud data centre.

Availability and resilience

• Guaranteed availability: We offer several levels of availability:; - Same day service. Recover from failure within same day; - One hour service. Recover from failure within one hour; - High business continuity. Failover within 60 seconds; - Continuous availability through Synchronous replication which provides zero point recovery. (No Loss of data.)
• Approach to resilience: Cloud Hosted ; Minimum recommended resilience is Synchronous replication with zero point recovery in the advent of failure.; All cloud providers now provide a recognised level of the required resilience such UPS, Generators, multiply National Grid Feeds, SAN Disk replication, Fire protection etc.
• Outage reporting: ToukanLabs is currently able to report outages using the following methods:; - Public and private dashboards with current outage status; - Alerting via email to pre-defined distribution lists; - Text messages to a distribution lists; - Answer phone service with recorded with incident updates; - Direct status update to client service board where API integration is available,; The level of reporting and audience is defined in agreement with the client.; All service reporting is included in monthly service reports.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Integration with Trusts Active Directory/LDAP or SAML Authentication services.
• Access restrictions in management interfaces and support channels: Management interfaces are restricted via HSCN and authenticated access.; ; The application has local Role Base Access Controls (RBAC) assign to authenticated users, to control access to application data and functions.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • DCB029
  • Cyber Essentials
  • Working toward ISO 27001 certification
  • NHS DSP-Toolkit
  • ICO Data protection Certificate

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials; NHS DSP-Toolkit
• Information security policies and processes: Information Security Management System (ISMS) documentation is managed in accordance with our ISO 9001 quality assurance process and procedures,; ; ToukanLabs are working towards ISO 27001 accreditation

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes are assessed and approved by an independent board and presented as a controlled release; ; The OpenSource Software is managed and stored within GitHub repository, ; Feature development, bug fixes and development requests are managed with Atlassian JIRA whereby formal software release configuration management processes are used. ; All Releases are tracked from development, through system test and user acceptance testing environments, where sign off is required by the customer before being released to live. ; ; A mixture of automated testing tools, load and performance and manual testing scripts are used to ensure code integrity.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our software undergoes DCB029 clinical certification and risk assessment. ; ; Server stack software is upgraded regularly as part of our standard support and maintenance service, e.g. Operating system, web server and data base security patches applied. A security review is performed annually, or sooner if required and any risks/issued mitigated with an action plan formulated. ; Application fixes from service management and bug fix procedures are usually deployed in a quarterly maintenance release, unless a more urgent release or hot fix is required and deployed with agreement with the customer.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Automated monitoring tools look at system and application logs, server metrics, including CPU, Disk, Memory, and Network utilisation. ; Triggered incident tickets are automatically created in our service management tool for action by support engineers. ; Other checks are performed by service desk personnel on a daily basis.
• Incident management type: Supplier-defined controls
• Incident management approach: We have full ITIL service management processes including, but not limited to; Incident management procedures, problem management, route cause analysis, bug fix procedures, release management processes.; ; Users report incidents to our service desk, via our support portal, email, or telephone. Incidents are tracked through 1st, 2nd, and 3rd line support escalation as required. ; ; A monthly service report is produced and this is reviewed in monthly service review meetings with our service manager and the Trust/customer.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  The OpenERS Electronic Referral System (ERS) significantly enhances patient wellbeing by facilitating streamlined and efficient healthcare delivery. By providing clinicians with comprehensive access to patients' medical histories, treatment plans, and diagnostic information in a centralised platform, OpenERS enables more informed decision-making and personalised care. This comprehensive view of patient data reduces the risk of medical errors, ensures continuity of care across different healthcare settings, and promotes timely interventions. Additionally, features such as appointment reminders, prescription management, and patient education resources empower patients to actively engage in their healthcare journey, leading to improved treatment adherence and health outcomes. Overall, OpenERS plays a pivotal role in enhancing patient safety, satisfaction, and overall wellbeing through its innovative and patient-centered approach to healthcare delivery.

Pricing

• Price: £2,500 to £6,500 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Free demonstration service data is wiped periodically.; Cannot be used for 'real' patient data, test patient data must only be used.
• Link to free trial: https://demo.oe.toukan.co

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gulfam@toukanlabs.com. Tell them what format you need. It will help if you say what assistive technology you use.