RX-INFO LIMITED

RX-Info Primary and Secondary Care Platform

The RX-Info platform provides data assist pharmacy in primary and secondary care. It is split into modules including:
Define: helping hospitals analyse medicine expenditure when assessed against peers;
Refine: monitoring drug use in an individual hospital;
AdiOS: monitoring drug abuse;
Exend/Exend+: assisting in managing purchase performance and improve cost management.

Features

• Measure medicines usage, compared to peers
• Chart progress towards antimicrobial CQINN compliance
• Collate drug usage through different supply routes
• Identify VAT-efficient routes
• Drug financial tracking and forecasting
• Full ATC DDD BNF DM+D Local drug compatibility
• Portability of reports to pdf, png image graphic and Excel
• Allows Controlled Drug audits to be completed
• Tracks more than 1,200 abusable drugs

Benefits

• Cost saving
• Greater management transparency
• Identify medicines in their stock holdings across all locations
• Management of high unit stocks
• Identify possible medicine misuse
• Peer comparison - assess performance against other trusts etc

£2,500 a licence a year

• Free trial available

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at colin@rx-info.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

595791528322979

Contact

Colin Richman
07929198905
colin@rx-info.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Software is currently hosted within the NHS infrastructure so as to maximise security. Planned maintenance is subject to NHS timescales.
• System requirements: Upload software to be installed locally.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: All queries are dealt with in accordance with NHS required response times. Level 3 (minor) is usually addressed within 1 working day. Level 2 and 1 queries are subject to agreement.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support levels are bespoke to client requirements but generally set at levels 1,2 and 3 - with 3 being for minor issues and 1 being critical. Level 3 is dealt with generally within 1 working day and level 1 and 2 are dealt with within hours.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will provide users with online and, if they prefer, face to face training. Once the system is set up, we usually provide a morning training session.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Users have full access to their data. This can be downloaded and exported into CSV at their own instigation.
• End-of-contract process: Cost is an site licence fee. We can provide consultancy services at an hourly/fixed rate.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: API allows users to upload their data to the various applications daily.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Whilst the functionality of the services is available for all license holders, there are various modules that can be purchased including Define which compares organisations alongside other organisations and then exend which tracks drug usage and levels.

Scaling

• Independence of resources: Service is fully accessible via online and so users have control over how they use or access the service. We have staff that work constantly on ensuring that data integrity is maintained. All service requests are diarised and agreed in advance including training.

Analytics

• Service usage metrics: Yes
• Metrics types: Full usage stats are available for management showing access by department and data accessed.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data is exported via an application onsite computers. This uploads data to the RX-Info. Data can be analysed and then exported into Excel.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We provide a service level guarantee of 99.5% calculated against a month. Users can have access to service credits or extended licence terms for default.
• Approach to resilience: Available on request.
• Outage reporting: Generally this will be done via email alerts and call handling.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: All users operate through approved password and user name management. Users can be restricted (depending on client requirement) as to what functions they can access and see.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials plus
• Information security policies and processes: Organisation has a clear management structure. Any breach/error in the services is immediately reported to director level individuals to enable actions to be followed. All policies are fully documented. We hold update meetings with all staff every week so as to ensure that any changes, implementation issues etc are addressed and implemented.; ; We have inhouse legal capacity to assist with any data issues (should they ever arise).

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes to the system go through full acceptance and bug checks before implementation. Version control is maintained at all time. Any security issues are logged and categorized into incident level criticality. ; ; In the event of any breach/error, we are able to ring-fence the impacted part of the service so as to limit any potential issue. As the data used is coming from health bodies, any loss/integrity of data is minimised as this can be reloaded once the issue is addressed.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We operate a continual assessment of the systems so as to minimise any errors or threats. If need be, the system can be restricted or closed so as to enable us time to address and fix errors.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All incident are dealt with in accordance with its critical assessment level. Any reported or identified issues are immediately updated to senior director level individuals to assess and address. We operate on a completely transparent basis with clients so that they are kept informed and updated at all times.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Full incident reporting is available as needed and this can be tailored to individual client requirements. In the event of issues impacting across the platform, clients are notified by email and kept update throughout.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: NHS Network (N3)

Social Value

• Social Value:

  Social Value

  Tackling economic inequality

  Tackling economic inequality

  System helps the NHS manage its resource and costs efficiently especially in respect of drug and stock control. Objective is to ensure that the NHS maximises is value to end users.

Pricing

• Price: £2,500 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Full access to the system is allowed on a trial basis. This is usually limited to a maximum of 3 months.
• Link to free trial: NA

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at colin@rx-info.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.