MEDILIMS LTD

MediLIMS

MediLIMS is a Laboratory Information Management System (LIMS) and a Data Management solution designed to meet the requirements of diagnostic pathology laboratories. The system can be installed as either a local cloud service or managed internet service.

Features

• Manages laboratory ordering, resulting, authorisation and reporting life-cycle
• Manages task-based workflows for sample preparation and testing
• Connections to any analyser or point of care device
• Connections to digital Pathology systems
• Interoperability with hospital patient administration, order comms and reporting systems
• Configurable screens, menus, organisation structure, test structure and workflows
• Secure access by User, role and groups with full auditing
• Real time analytics and visual dashboards
• Remote access to users
• UI for mobile technology

Benefits

• Browser agnostic
• Supports mobile devices
• Enables access to data from anywhere
• Enables easy consolidation of laboratory data
• Task based workflows for specialty testing
• Empowers labs to quickly adapt to new sites
• Empowers labs to quickly adapt to new workflows
• Empowers labs to quickly adapt to instruments and business partners
• Reduced maintenance and operating costs
• Faster deployment

£3,500 to £11,000 a licence

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Pardip.nayyar@medilims.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

670643623442319

Contact

Pardip Nayyar
07753844366
Pardip.nayyar@medilims.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: MediLIMS is typically integrated with hospital systems such as Patient Administration and Order Comms systems as well as laboratory analysers, middleware, imaging and reporting systems
• Cloud deployment model: Private cloud
• Service constraints: Planned maintenance arrangements
• System requirements:
  • Compatible with any Internet HTML browser
  • Windows or Unix servers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within the agreed customer SLA
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: MediLIMS provides telephone support under the terms of the Annual Update and Support Contract. Emergency support outside these hours is available as an option at additional cost.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We can provide the following: onsite training, online training videos and user documentation (User and Administrator manuals)
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: MediLIMS software is based on a relational database. We can provide a schema and also help in providing a data extract at end of contract
• End-of-contract process: This would have to be negotiated at the contract stage to include any additional items

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: UI screens are optimised for mobile device display
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: MediLIMS allows configuration/customisation of: Home Dashboards so that only relevant applications are available to specified users/roles,; All system screens e.g. to present different order entry screens to different groups of users, Organisation and laboratory structure and users, roles and security groups, Pathology Panels, Tests and Analytes and associated task workflows,- Authorisation, Reporting, Communications Events and Sample Shipping Manifests. ; Configuration and customisation is generally undertaken by either MediLIMS implementation staff or trained administrators

Scaling

• Independence of resources: Load balancing across application servers

Analytics

• Service usage metrics: Yes
• Metrics types: Service availability / downtime,; Backup & Maintenance Reports,; Support ticket analysis (resolved, escalated), ; Change Requests,; Security Incidents,; System and storage use v capacity,; Application operational metrics (outstanding orders, tasks, reports)
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: MediLIMS provides a third party Business Intelligence tool to allow customers to export data
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Text files
  • Word documents
  • Excel spreadsheets
  • PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: Domain and firewall restricted sub-network

Availability and resilience

• Guaranteed availability: MediLIMS SLA aims to provide 99.99% availability during normal operating hours
• Approach to resilience: MediLIMS recommends the use of a replicated database server and the use of at least two application servers, to provide fault tolerance and resilience
• Outage reporting: Via email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is restricted by Role based permissions
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International Ltd
• ISO/IEC 27001 accreditation date: 27/01/2022
• What the ISO/IEC 27001 doesn’t cover: ISO/IEC 27001 exclusions are referred to in the MediLIMS Information Security Management System scope document and listed in the company's Statement of Applicability. Only 10 of 114 controls are excluded and mostly relate to MediLIMS small size and virtual organisation e.g. no physical office or network to secure
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • NHS Data Security & Protection Toolkit
  • ISO 9001
  • ISO 20000

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: MediLIMS has an over-arching Security Policy supplemented by specific policies aligned to the clauses and annexes of ISO/IEC 27001.; ; Policies include: ; All Employees (Acceptable Use, Teleworking, Mobile Device, Clear Desk & Screen, Electronic Messaging, Social Media, HR Security, Asset Management, Software, IP and Compliance, Privacy and Personal Data Protection, Record Retention and Protection),; Infrastructure (Access Control, Physical Security, Logging & Monitoring, Network Security, Anti-Malware, Back-ups, Technical Vulnerability, Availability Management, Cloud Computing),; Secure Software Development.; ; These policies are approved by the MediLIMS Board and communicated to all staff who must comply with them and are subject to internal audits. Policies are reviewed annually to check continued suitability or need for revision.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: MediLIMS has a Change Management process aligned to ISO 27001.; Change Requests are created and assessed for impact, priority and resource requirements, prior to approval. When ready, completed changes are tested and then planned for implementation, including consideration of back-up and rollback contingencies. Installed changes are reviewed and reported before closing each change.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: MediLIMS has a Technical Vulnerability Process aligned to ISO 27001. ; Technical staff also conduct annual penetration testing of the MediLIMS network and information assets against potential threats from internal and external cyber-attacks and apply any remedial patches as soon as is practical.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Operational services are monitored and any incidents reported and responded to via the Event Assessment and Incident Response procedure.; ; Threats to MediLIMS operational services are also assessed as part of the scope of penetration testing, as well as within regular Risk Evaluation & Management, with high level risks mitigated via the Risk Treatment Plan
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: MediLIMS has Information Security Event Assessment and Incident Response Procedures that are aligned to ISO 27001. A Personal Data Breach procedure is also used for cases of where personal data is compromised.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  NA
• Covid-19 recovery:

  Covid-19 recovery

  NA
• Tackling economic inequality:

  Tackling economic inequality

  NA
• Equal opportunity:

  Equal opportunity

  NA
• Wellbeing:

  Wellbeing

  NA

Pricing

• Price: £3,500 to £11,000 a licence
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Pardip.nayyar@medilims.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.