Cloud hosting (including HSCN) for Electronic Health Record Systems (EHR)
ToukanLabs is a professional services partner providing accredited implementation, training and support services for OpenEyes EMR for Ophthalmology. As a partner ToukanLabs ensures clinical data integrates with hospital workflows, existing PAS Systems and Ophthalmology devices. ToukanLabs is ISO9001, DSP Tool Kit and Cyber Essentials accredited.
Features
- Secure for Patient and Hospital Data
- Connectivity with Hospitals over site-to-site VPN or HSCN
- Robust, Scalable, Secure Technology
- Connectivity with Primary Care Organisations
- Connectivity with Secondary Care Organsations
- Connectivity with NHS central services
- Full DR Available
Benefits
- PID / IG Safe (Patient Identifiable Data / Information Governance)
- Securely Cloud Host your NHS & Research Applications
- Suitable for small or large applications
- Secure, Safe, Reliable
Pricing
£1,000 to £2,000 a server a month
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
6 1 9 9 0 4 6 4 4 4 5 2 7 8 3
Contact
ToukanEyes Ltd
Gulfam Yunus
Telephone: 02080578877
Email: gulfam@toukanlabs.com
Service scope
- Service constraints
- Our service offers flexibility in supporting both Linux and Microsoft Hosted Solutions, as well as integration with major Cloud hosting providers. Compatibility with other solution platforms may be subject to review and evaluation based on specific requirements and technical considerations.
- System requirements
-
- Software Licence costs are the responsibility of the supplier
- Hospitals and organisations are responsible for configuring their own infrastructure/systems.
- Device integration subject to client having a valid DICOM license.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Initial response within 1 hour.
Resolution times determined by assigned incident priority and agreed SLAs. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
ToukanLabs as standard will provide 2nd and 3rd line support with the 1st line support provided by the clients existing service desk.
Our support desk software can be linked to the clients, enabling support tickets to be passed to ToukanLabs without the need for re-keying, this then enables client tracking of all issues to resolution.
1st line support can be provided, however this is yet to be requested.
Standard support hours are 08:00 to 18:00 hours, however ToukanLabs is a global company and can offer a follow the sun support desk.
ToukanLabs adheres to ITIL Service management practices and providing expecting service reporting at periodic and scheduled client reviews. We also provide a dedicated account manager who will hold regular review with the client stakeholder and user group.
Support costs are typically between £4500 - £5500 depending on the size of the implementation and support level required. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- To help users start using our service, we provide comprehensive onboarding support tailored to their specific needs. Our base service onboarding includes essential components such as software installation, LDAP integration, and HL7 ADT integration for patient and list updates. Additionally, users receive detailed system configuration guides, user guides, and supporting video clips to facilitate a smooth transition. For those requiring further assistance, we offer a range of additional onboarding services at our standard rate card, including pathway mapping, implementation, configuration, integration, user training, train-the-trainer training, online training documentation, go-live desk notes, go-live floor walkers, and ongoing application support and maintenance. Our goal is to ensure that users have all the resources and support they need to effectively leverage our service and maximise its benefits. For more information on additional onboarding services and pricing details, please refer to our price book.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
-
- Virtual training vidoes
- Interactive training with scored questions
- Webinars
- End-of-contract data extraction
- When the contract ends, users have access to their data through a comprehensive process facilitated by ToukanLabs. We provide a complete and open copy of the database to the customer via secure channels, either in database export or SQL script format, ensuring seamless data extraction. Additionally, users have the flexibility to request other export formats or data migration services as needed, which are charged according to our standard rate card. Furthermore, we offer the option for full access to MySQL database export facilities, enabling users to efficiently extract and manage their data according to their requirements. Our aim is to ensure a smooth and transparent transition for users, empowering them to securely access and retain their valuable data beyond the contract period.
- End-of-contract process
- At the end of the contract, support and maintenance services are discontinued, and no additional actions are necessary as the OpenEyes application is OpenSource. ToukanLabs ensures seamless transition by providing open access to the underlying data, offering the option for users to receive a complete and open copy of the database via secure channels in database export or SQL script format. If users require other export formats or data migration services, they can request them, with charges detailed on our published rate card. Additionally, for any ToukanLabs consultancy services requested, charges are applied according to our standard rate card. We aim to provide transparent and flexible options for users to access and manage their data efficiently at the end of the contract period.
Using the service
- Web browser interface
- Yes
- Using the web interface
- Users can access OpenEyes through a web interface, enabling them to perform various tasks such as updating patient records, viewing clinic work lists and clinical device reports, accessing statistics and analysis, recording operation notes, and administering clinical trials. However, there may be limitations to setting up or making changes through the web interface, depending on the specific configuration and administrative permissions granted to users.
- Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
- OE is designed to run in Chromium.
- Web interface accessibility testing
- Not applicable
- API
- No
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Using the command line interface
- Role based access controls will be used to allow authorised users to perform functions on hosted environments, as agreed as part of service commissioning. Command line operations may include, running data loading, processing, or extraction routines, resetting test or training environments etc.
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- For cloud hosted environments, dynamic resource allocation is used where the provision of compute, memory and disk resources are assigned as and when required. ToukanLabs applies good architectural principles such as dedicated 'Live' instance, a separate reporting service and user resource caps.
- Usage notifications
- Yes
- Usage reporting
-
- SMS
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Number of active instances
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Hardware containing data is completely destroyed
- Equipment disposal approach
- A third-party destruction service
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Application databases
- System installs
- System configurations
- Medical data files
- Images, videos, and other media files
- Backup controls
- Backup scope and schedules are configurable and will be agreed as part of service commissioning.
- Datacentre setup
-
- Multiple datacentres with disaster recovery
- Multiple datacentres
- Single datacentre with multiple copies
- Single datacentre
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection between networks
- HSCN connection can be established if required.
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection within supplier network
- Secure closed network with Trust's hospital infrastructure or in secure NHS cloud data centre.
Availability and resilience
- Guaranteed availability
- We offer several levels of availability: - Same day service. Recover from failure within same day - One hour service. Recover from failure within one hour - High business continuity. Failover within 60 seconds - Continuous availability through Synchronous replication which provides zero point recovery. (No Loss of data.)
- Approach to resilience
- Client Hosted Minimum recommended resilience is Asynchronous replication at 15 minute intervals to a secondary or DR data center. Hardware design is recommended to following N+1 redundancy where there must be at least two single component failures before a service incident occurs. E.g. Power suppliers, disks, memory dims. The design is recommended to provide controlled failover to enable the replacement of any failed parts without impact the OpenEyes service. Cloud Hosted Minimum recommended resilience is Synchronous replication with zero point recovery in the advent of failure. All cloud providers now provide a recognised level of the required resilience such UPS, Generators, multiply National Grid Feeds, SAN Disk replication, Fire protection etc.
- Outage reporting
-
ToukanLabs is currently able to report outages using the following methods:
- Public and private dashboards with current outage status
- Alerting via email to pre-defined distribution lists
- Text messages to a distribution lists
- Answer phone service with recorded with incident updates
- Direct status update to client service board where API integration is available,
The level of reporting and audience is defined in agreement with the client.
All service reporting is included in monthly service reports.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Limited access network (for example PSN)
- Username or password
- Other
- Other user authentication
- Integration with Trusts Active Directory/LDAP Authentication services
- Access restrictions in management interfaces and support channels
- Management interfaces are restricted via HSCN and authenticated access. The application has local Role Base Access Controls (RBAC) assign to authenticated users, to control access to application data and functions.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- DCB029
- Cyber Essentials
- Working toward ISO 27001
- NHS DSP-Toolkit
- ICO Data protection Certificate
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
-
Cyber Essentials
NHS DSP-Toolkit - Information security policies and processes
-
Information Security Management System (ISMS) documentation is managed in accordance with our ISO 9001 quality assurance process and procedures,
ToukanLabs are working towards ISO 27001 accreditation
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Changes are assessed and approved by an independent board and presented as a controlled release
The OpenSource Software is managed and stored within GitHub repository.
Feature development, bug fixes and development requests are managed with Atlassian JIRA whereby formal software release configuration management processes are used.
All Releases are tracked from development, through system test and user acceptance testing environments, where sign off is required by the customer before being released to live.
A mixture of automated testing tools, load and performance and manual testing scripts are used to ensure code integrity. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Our software undergoes DCB029 clinical certification and risk assessment.
Server stack software is upgraded regularly as part of our standard support and maintenance service, e.g. Operating system, web server and data base security patches applied. A security review is performed annually, or sooner if required and any risks/issued mitigated with an action plan formulated.
Application fixes from service management and bug fix procedures are usually deployed in a quarterly maintenance release, unless a more urgent release or hot fix is required and deployed with agreement with the customer. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Automated monitoring tools look at system and application logs, server metrics, including CPU, Disk, Memory, and Network utilisation.
Triggered incident tickets are automatically created in our service management tool for action by support engineers.
Other checks are performed by service desk personnel on a daily basis. - Incident management type
- Supplier-defined controls
- Incident management approach
-
We have full ITIL service management processes including, but not limited to
Incident management procedures, problem management, route cause analysis, bug fix procedures, release management processes.
Users report incidents to our service desk, via our support portal, email, or telephone. Incidents are tracked through 1st, 2nd, and 3rd line support escalation as required.
A monthly service report is produced and this is reviewed in monthly service review meetings with our service manager and the Trust/customer.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- VMware
- How shared infrastructure is kept separate
- Different Virtual Machines and VLans are used to partition customers and their respective environments.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
-
Our approach to sustainability and environmental responsibility is directed by a clear strategy, which is embedded within our organisation. Most of our activities have been assessed as having a minimal effect upon the environment, however where they do, we are committed to act responsibly and fully address this impact.
Our hosting partner's services (UKCloud) are CarbonNeutral® cloud services. We achieved this certification by working with Natural Capital Partners to measure and reduce our CO2 emissions across all sources used to deliver our cloud services to our customers. These include direct emissions from all owned or leased stationary sources that use fossil fuels and/or emit fugitive emissions, and emissions from the generation of purchased electricity and steam (including transmission and distribution losses) to power our servers.
For our cloud services to achieve CarbonNeutral® status, an independent assessment of the CO2 emissions produced from direct and indirect sources required to deliver them was carried out, followed by an offset-inclusive emissions reduction programme.
Social Value
- Social Value
-
Social Value
WellbeingWellbeing
The OpenERS Electronic Referral System (ERS) significantly enhances patient wellbeing by facilitating streamlined and efficient healthcare delivery. By providing clinicians with comprehensive access to patients' medical histories, treatment plans, and diagnostic information in a centralised platform, OpenERS enables more informed decision-making and personalised care. This comprehensive view of patient data reduces the risk of medical errors, ensures continuity of care across different healthcare settings, and promotes timely interventions. Additionally, features such as appointment reminders, prescription management, and patient education resources empower patients to actively engage in their healthcare journey, leading to improved treatment adherence and health outcomes. Overall, OpenERS plays a pivotal role in enhancing patient safety, satisfaction, and overall wellbeing through its innovative and patient-centered approach to healthcare delivery.
Pricing
- Price
- £1,000 to £2,000 a server a month
- Discount for educational organisations
- No
- Free trial available
- No