Magentus Software Limited

eConsent

Creation/management of digital patient consent to treatment forms. Service provides 2-way integration with EPR to combine selected patient demographic details with procedure risks, benefits and alternatives from library of over 2,000 procedures/treatments. These can be modified and produce a form tailored to the specific patient's needs. Two-stage consent is supported.

Features

• Fully browser based interface - device agnostic.
• Cloud hosted.
• Two way integration with EPR.
• Patient and user context launch.
• Database of over 2,000 procedures and treatments.
• Secure remote patient access to consent information.
• Digital signature capture.
• Complete searchable audit log of system events.
• Built in reporting suite.
• Scheduled data exports for business analytics.

Benefits

• Access via any browser with no need for client software.
• Full integration with EPR provides 100% accurate patient details.
• Save time with pre-population of risks, benefits and alternatives.
• Dynamically change content to provide customised patient output.
• Provides patient portal access and supports remote signing.
• Use event log to track every consent workflow event.
• Access consent form PDF from EPR or eConsent .
• Realtime reporting of consents by speciality, procedure and user.

£68,382 to £927,346 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk-sales@magentus.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

603732295439460

Contact

Paula Hadley
07512 303299
uk-sales@magentus.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: EConsent serves as an extension to the Trust EPR or PAS and can be launched in patient and user context from these systems. The system uses HL7 or FHIR integration to access patient demographic details and post back a PDF copy of the completed consent.
• Cloud deployment model: Private cloud
• Service constraints: The solution is offered as a fully hosted and managed solution within a private cloud\hosting provider. As a known solution offering there are no limitations\constraints to be aware of at this time.
• System requirements:
  • Offered as a fully hosted/managed solution within private cloud\hosting provider.
  • All compute requirements will be completed during service offering.
  • All storage requirements will be completed during service offering.
  • All software requirements will be completed during service offering.
  • All specification requirements will be completed during service offering.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The standard support model for eConsent is 8am to 6pm Monday to Friday; 24hr support is available subject to further agreement. Tickets can be logged with severity levels 1 (highest) to 4 (lower).
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: • eConsent is provided to our customers with a contracted level of support to meet their high availability and performance requirements. ; • This is provided under an annual support and maintenance fee, itself aligned to the volume of consents per annum required by the customer.; • In addition, the solution is provided in a Cloud hosted environment, again with an annual fee aligned to the volume of consents per annum required by the customer.; • All Magentus customers are provided with a Client Account Manager, while support for technical or cloud issues are provided by our experts to strict Service Levels under the terms of our customer contracts using our industry standard support desk processes.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training is provided via the Magentus Academy website which includes online training modules. These can also be integrated into SCORM compliant e-learning system. The website is accessible through a help button on the eConsent toolbar or direct URL link.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Any data requiring to be retained or exported for future use or reference will be exported from the system and supplied to the required end point in a secure manner in line with the client\new provider requirements.
• End-of-contract process: Any data requiring to be retained or exported for future use or reference will be exported from the system and supplied to the required end point in a secure manner in line with the client\new provider requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Screens are dynamically re-ordered and re-sized down to a minimum workable width of 320 CSS Pixels to support lower resolutions on mobile devices. Content remains the same.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The eConsent user interface is fully browser based and can be launched either in a normal browser window or inline with the EPR application where the launching application supports this functionality.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: EConsent releases are routinely assessed for accessibility using web accessibility tools.
• API: No
• Customisation available: Yes
• Description of customisation: At a system level, administrative users have full control over procedure content and are able to customise default risks, risk categories, benefits, alternatives and links to additional content (either URLs or version controlled patient information leaflets). Users and specialities can be defined and minimum grade levels set for procedures to prevent the selection of inappropriate procedures. In addition, administrators can control access rights and set up document workflows to link separate consent and medical forms. All such customisation is accessible only to users with appropriate administrative rights. ; Individual users can set up personalised lists of frequently accessed procedures and set up a saved signature to "autosign" when an appropriate input device is not available. Users can also have a personalised contact number assigned which will be inserted into any consent forms they generate so that the patient can contact the appropriate office directly if required.

Scaling

• Independence of resources: Cloud hosted system resources are scalable based on current demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Users can access a number of reports relating to consents generated (filterable by speciality, type and user), consent confirmation status etc. for a selected date range. The report information is a real time report on their live system data.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data extraction for business analysis purposes is included as part of system support and data is delivered in CSV format to an agreed secure endpoint.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: Patient demographic data imported with PMI load/updated via HL7/FHIR messaging

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Magentus manages availability by an agreed uptime % of 99.9%, measured by running synthetic scripts on a reference workstation housed in the client's environment. The service is liable for service credits where the availability service level is not achieved, which increased on a sliding scale to recognise that as the system down time increases then the service liability becomes more significant and Magentus lose 1 % of the Support Charge as follows: Availability Service Credit 99.9% 0% 99 – 99.89 2.5% 98 – 98.89 5% 97 – 97.89 7.5% 96 – 96.89 10% 95 – 95.89 12.5% 94 – 94.89 15% 93 – 93.89 17.5% Less than 93% 20% The availability calculation will exclude permitted downtime (up to two hours per month) and shall be deemed available when the software is available on the reference workstation
• Approach to resilience: The solution will be deployed on a IaaS platform, with any local failures being recovered from automatic with minimal loss of service. The solution is also replicated to another data centre to ensure restoration of service in the event data centre loss\failure
• Outage reporting: The service is monitored 24/7 for performance and availability points, all alerts are reported to the support team to resolve, with this being via a callout process outside of business hours.

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: Clinicians - The system will be integrated with active directory, clinicians will therefore login with their AD credentials to create a new consent request.; ; Consent request will be sent to the user with a link, they will require confirmation of DOB for login, passwords can be created for future uses.
• Access restrictions in management interfaces and support channels: Users will be entered into a active directory group which will give them the appropriate permissions within the service, this could either restrict access of give them higher permissions.
• Access restriction testing frequency: Never
• Management access authentication: Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 25/08/2022
• What the ISO/IEC 27001 doesn’t cover: Not Applicable. Magentus deliver software and services specialising in healthcare systems and this is all covered in our ISO 27001 certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Magentus follows the policies laid down under ISO 27001, Cyber Essentials +, with security monitoring tools of the solution rapid7 and CrowdStrike reporting within a tiered process to SecOps and being looked at and resolved within their status.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The service will be monitored for performance and security points, using tools to report issue back to Magentus. Any points requiring a change to the service will be done via a request for change process which is a documented procedure. Should any change requirements need a change to the code and therefore a new release of the software a release process will be followed which includes security check points SAST and DAST with OWASP as part of this. General alerts for technicalities used within the solution are checked, track presented for risk assignment and resolution by the Magentus SecOps team.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: CrowdStrike is used with Rapid7. These are monitored by Magentus 24/7 via the Sec Ops team. These tools include ratings for criticality, based on things like CVSS scores, and triage is performed by the Sec Ops team. A documented process will be followed to confirm the alert, record and report, determine categorisation, notify key stakeholders, resolve, and patch. Patches will be completed within an agreed request for change process as required, or within an agreed maintained window dependent on categorisation and approval for change.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring tools used on our solutions are refreshed with new potential compromises with alerts being created for our security teams as they are identified as possible risks. All risks/incidents are managed immediately at the time they are identified.
• Incident management type: Supplier-defined controls
• Incident management approach: Magentus Service complies with BS ISO/IEC 20000-1:2018. Predefined common events such as changes are controlled using our CAB process. ; Magentus provide a Service Model document describing how users can raise tickets for incidents. Incident reporting takes the form of periodical Service Review meetings as per contract.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  Magentus is already measuring its Full Scope emissions and discloses these via the CDP platform and through the Health Family Supplier Portal Evergreen Assessment. ; Since 2021, Magentus Group has undergone annual externally-managed carbon assessments and has put in place carbon-reduction initiatives such as increased Greenpower acquisition and waste recycling. Each year Magentus Group offsets its residual Scope 1, 2, and 3 emissions using validated projects that align with the UN Sustainability Goals. Magentus EMEA has a net zero by 2050 commitment, and has formulated a carbon reduction plan (CRP) which includes specific, measurable, and reportable targets that can be reported to relevant stakeholders in the Framework and in the broader NHS community.

  Tackling economic inequality

  Magentus celebrates the unique contribution of every colleague regardless of their racial origin or nationality. As a global business we recruit people from a diverse range of backgrounds to ensure we have talented people capable of delivering exceptional products that help to deliver better health outcomes for all. We recognise this is a good foundation, but we need to do more.; We will take the following actions to deliver against this target: ; · Signing the BITC Race at Work Charter to demonstrate our commitment to delivering this objective.; · Ensuring our recruitment partners actively source and promote candidates for our leadership roles from Ethnic Minority Backgrounds.; · Ensuring our recruitment adverts are visible on sites that target ethnic minority candidates such as ethnicjobsite.co.uk which is an accredited Crown Commercial Service (CCS) supplier on the G-cloud network.; · Ensuring all candidates understand our zero-tolerance stance for any form of discrimination so they know they will experience a positive and welcoming working culture.; · Appointing an Executive Mentor for each Ethnic Minority Leader to support their career development within our organisation.; · Training all our Management Team about unconscious bias and ensuring they are aware of our commitment to increasing the number of leaders on the contract who are from an Ethnic Minority Background by 20%.; · Offering a full range of flexible working options to ensure that employees are able to observe any religious/cultural commitments during their working hours.; · Offering a public holiday swap programme that enables Ethnic Minority Employees to spend time with their loved ones in line with their specific race/religion/cultural backgrounds such as working Christmas Day and having Eid off instead.

  Wellbeing

  Magentus believes exceptional customer service result from dedicated, well-trained, and healthy people. As such we place the highest emphasis on health and wellbeing and have created a working environment free of stigma where speaking about mental health is as normal as speaking about having a headache. ; Our Chief People Officer is responsible for delivering this commitment.; KPI; The number of days of absence attributable to mental health conditions such as anxiety/stress/depression will be less than 20% of our total monthly absence.; Our investment in promoting positive mental health equates to around £6,000 per annum.; Action Plan; We will:; · Ensure that all new employees hired to deliver the contract will have a nominated buddy to support them from their first day of employment, signposting them to our various mental health support networks including our dedicated Mental Health First Aiders, and helping to remove any feelings of isolation they may have when working on customer sites and away from home for protracted periods. ; · Continually promote activities that draw attention to mental health and wellbeing through our dedicated Health and Wellbeing Team Magentus Social. ; · Regularly advertise and support awareness days such as “R U OK day” in Australia and “Mental Health Week” in the UK.; · Offer all employees on the contract 2 days per year of paid volunteer time in recognition that volunteering is not only good for the community but also for positive mental health. ; · Offer all employees on the contract the opportunity to book regular informal ‘coffee chats’ to build team engagement and positive mental health.; · Ensure all people employed on the contract are reminded monthly about our support networks including Mental Health First Aiders and EAP.

Pricing

• Price: £68,382 to £927,346 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at uk-sales@magentus.com. Tell them what format you need. It will help if you say what assistive technology you use.