Skip to main content

Help us improve the Digital Marketplace - send your feedback

MEDILIMS LTD

MediLIMS

MediLIMS is a Laboratory Information Management System (LIMS) and a Data Management solution designed to meet the requirements of diagnostic pathology laboratories. The system can be installed as either a local cloud service or managed internet service.

Features

  • Manages laboratory ordering, resulting, authorisation and reporting life-cycle
  • Manages task-based workflows for sample preparation and testing
  • Connections to any analyser or point of care device
  • Connections to digital Pathology systems
  • Interoperability with hospital patient administration, order comms and reporting systems
  • Configurable screens, menus, organisation structure, test structure and workflows
  • Secure access by User, role and groups with full auditing
  • Real time analytics and visual dashboards
  • Remote access to users
  • UI for mobile technology

Benefits

  • Browser agnostic
  • Supports mobile devices
  • Enables access to data from anywhere
  • Enables easy consolidation of laboratory data
  • Task based workflows for specialty testing
  • Empowers labs to quickly adapt to new sites
  • Empowers labs to quickly adapt to new workflows
  • Empowers labs to quickly adapt to instruments and business partners
  • Reduced maintenance and operating costs
  • Faster deployment

Pricing

£3,500 to £11,000 a licence

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Pardip.nayyar@medilims.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

6 7 0 6 4 3 6 2 3 4 4 2 3 1 9

Contact

MEDILIMS LTD Pardip Nayyar
Telephone: 07753844366
Email: Pardip.nayyar@medilims.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
MediLIMS is typically integrated with hospital systems such as Patient Administration and Order Comms systems as well as laboratory analysers, middleware, imaging and reporting systems
Cloud deployment model
Private cloud
Service constraints
Planned maintenance arrangements
System requirements
  • Compatible with any Internet HTML browser
  • Windows or Unix servers

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within the agreed customer SLA
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
MediLIMS provides telephone support under the terms of the Annual Update and Support Contract. Emergency support outside these hours is available as an option at additional cost.
Support available to third parties
No

Onboarding and offboarding

Getting started
We can provide the following: onsite training, online training videos and user documentation (User and Administrator manuals)
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
MediLIMS software is based on a relational database. We can provide a schema and also help in providing a data extract at end of contract
End-of-contract process
This would have to be negotiated at the contract stage to include any additional items

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
UI screens are optimised for mobile device display
Service interface
No
User support accessibility
None or don’t know
API
No
Customisation available
Yes
Description of customisation
MediLIMS allows configuration/customisation of: Home Dashboards so that only relevant applications are available to specified users/roles,
All system screens e.g. to present different order entry screens to different groups of users, Organisation and laboratory structure and users, roles and security groups, Pathology Panels, Tests and Analytes and associated task workflows,- Authorisation, Reporting, Communications Events and Sample Shipping Manifests.
Configuration and customisation is generally undertaken by either MediLIMS implementation staff or trained administrators

Scaling

Independence of resources
Load balancing across application servers

Analytics

Service usage metrics
Yes
Metrics types
Service availability / downtime,
Backup & Maintenance Reports,
Support ticket analysis (resolved, escalated),
Change Requests,
Security Incidents,
System and storage use v capacity,
Application operational metrics (outstanding orders, tasks, reports)
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
No
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
MediLIMS provides a third party Business Intelligence tool to allow customers to export data
Data export formats
  • CSV
  • Other
Other data export formats
  • Text files
  • Word documents
  • Excel spreadsheets
  • PDF
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
Other
Other protection within supplier network
Domain and firewall restricted sub-network

Availability and resilience

Guaranteed availability
MediLIMS SLA aims to provide 99.99% availability during normal operating hours
Approach to resilience
MediLIMS recommends the use of a replicated database server and the use of at least two application servers, to provide fault tolerance and resilience
Outage reporting
Via email alerts

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access to management interfaces and support channels is restricted by Role based permissions
Access restriction testing frequency
At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International Ltd
ISO/IEC 27001 accreditation date
27/01/2022
What the ISO/IEC 27001 doesn’t cover
ISO/IEC 27001 exclusions are referred to in the MediLIMS Information Security Management System scope document and listed in the company's Statement of Applicability. Only 10 of 114 controls are excluded and mostly relate to MediLIMS small size and virtual organisation e.g. no physical office or network to secure
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • NHS Data Security & Protection Toolkit
  • ISO 9001
  • ISO 20000

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
MediLIMS has an over-arching Security Policy supplemented by specific policies aligned to the clauses and annexes of ISO/IEC 27001.

Policies include:
All Employees (Acceptable Use, Teleworking, Mobile Device, Clear Desk & Screen, Electronic Messaging, Social Media, HR Security, Asset Management, Software, IP and Compliance, Privacy and Personal Data Protection, Record Retention and Protection),
Infrastructure (Access Control, Physical Security, Logging & Monitoring, Network Security, Anti-Malware, Back-ups, Technical Vulnerability, Availability Management, Cloud Computing),
Secure Software Development.

These policies are approved by the MediLIMS Board and communicated to all staff who must comply with them and are subject to internal audits. Policies are reviewed annually to check continued suitability or need for revision.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
MediLIMS has a Change Management process aligned to ISO 27001.
Change Requests are created and assessed for impact, priority and resource requirements, prior to approval. When ready, completed changes are tested and then planned for implementation, including consideration of back-up and rollback contingencies. Installed changes are reviewed and reported before closing each change.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
MediLIMS has a Technical Vulnerability Process aligned to ISO 27001.
Technical staff also conduct annual penetration testing of the MediLIMS network and information assets against potential threats from internal and external cyber-attacks and apply any remedial patches as soon as is practical.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Operational services are monitored and any incidents reported and responded to via the Event Assessment and Incident Response procedure.

Threats to MediLIMS operational services are also assessed as part of the scope of penetration testing, as well as within regular Risk Evaluation & Management, with high level risks mitigated via the Risk Treatment Plan
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
MediLIMS has Information Security Event Assessment and Incident Response Procedures that are aligned to ISO 27001. A Personal Data Breach procedure is also used for cases of where personal data is compromised.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

NA
Covid-19 recovery

Covid-19 recovery

NA
Tackling economic inequality

Tackling economic inequality

NA
Equal opportunity

Equal opportunity

NA
Wellbeing

Wellbeing

NA

Pricing

Price
£3,500 to £11,000 a licence
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Pardip.nayyar@medilims.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.