Medisoft

mediSIGHT

mediSIGHT is a second generation ophthalmic Electronic Patient Record system which records clinic visits, assessments, investigations and ophthalmic procedures.
It visualizes patient history and disease progression over time.
mediSIGHT consolidate records and scans from multiple sites & ophthalmic instruments and enables clinicians to report on activity and clinical outcomes

Features

• Record clinic visits, assessments, investigations and procedures
• Visualisation of patient data
• Preoperative assessments
• Patient notes & ophthalmic history available at any site
• Automated letter generation
• Sophisticated medication management
• Virtual Reviews
• Clinical Trial Management
• Rapid Auditing capabilities
• Reporting Clinical Outcomes

Benefits

• Time saving via instant access to patient records
• Structured data for a range of data reporting services
• Generate correspondence with patients and other care professionals
• Virtual Review reduces need for patient to visit hospital
• Save costs by reducing administrative burden
• 'Surgeon Defaults' for rapid entry reduction of variation in care
• Enable paperless working
• Avoids duplication of data entry
• Reduction of human error and 'never events'
• Digital trail of patient data which can be audited

£30,000.00 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick.dodds@medisoft.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

704626009287987

Contact

Nick Dodds
01133472020
nick.dodds@medisoft.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: All Microsoft systems are supported, as long as all technical Requirements are met there are no limitations
• System requirements:
  • Database server hardware, OS and database engine (SQL Server)
  • Application server hardware, OS
  • Network infrastructure and related config
  • Business continuity provision (e.g. high-availability environment, backup)
  • Client PC hardware
  • Microsoft SQL server (tbc year)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: A typical NHS contract requires Medisoft to resolve incidents against these targets:; ; Severity 90% Target 99% Target; Blocker 6 hours Start of next day; Critical End of next day 3 days; Major 3 days 15 days; Normal Next release
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: One level of support offered to the client and this cost is included in the license fee.; A technical account manager is provided to the account
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Understanding infrastructure and requirements of the client by carrying out a number of user meetings, with specific weekly occurring meetings for project & technical staff. The client will be provided with both a designated project and account manager. Training can be both on site in a ; in a class room environment setting or online over Microsoft Teams.; Intricate process mapping will be carried out to understand the current way of working and current pathways and then a mutual agreement on how mediSIGHT will be utilised.; We will set up a number of superusers who can help train staff and be on site after launch for any troubleshooting.; User documentation can also be provided upon request
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: If the user decides to end their contract - their data can be made available in a read only format at an additional cost.; Data can be extracted in the form of encounter notes and letters in PDF format at a cost, which Medisoft would determine based upon volume.; Additionally organizations may wish to purchase technical consultancy days to assist with the migration of data to another system.; In any event a copy of the database can be left with the customer in perpetuity.
• End-of-contract process: Initial license fee which includes modules, interfaces, other features and support fees are including in the cost. ; Additional costs will be any additions the the above that has not been not included in the initial contract/PO.; End of contract the customer has the option to extend or decommission Medisoft. Should the customer extend, they would be subject to additional annual support and maintenance fees. Should the customer wish to end their contract again they would be subject to fees dependent on the data they are wanting to extract.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The application runs on the user’s Windows PC (or VDI/RDS environment) and has an automatic updater. The application and updater connect to the server via https.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: There is a phrase expander which makes typing quicker and easier for set paragraphs and sentences. ; mediSIGHT is able to interface with 3rd party dictation software . It is not used to voice control mediSIGHT for navigation or selection of fields, but rather allows the user to dictate into comments boxes by clicking in them. There has been very little demand for assistive technology for mediSIGHT but it is something will take very seriously should the demand grow.
• API: Yes
• What users can and can't do using the API: Medisoft are committed to aligning with the UK Government’s Open API policy. To evidence this, we have introduced several new open ; APIs. One example API allows third party systems to securely add a limited set of data (patient vision, refraction, clinical findings, operative complications etc) to a patient record stored in the mediSIGHT system via a secure Community web based portal. This service uses patient ‘PINs’ as an identifier, to remove the risk of incorrect sharing of sensitive personal data. The outcome is enabling care to be shared between primary and secondary care which benefits patients and the respective service providers.; The API is to be extended in future to allow richer clinical data to be added to the patient record once users are satisfied that this is ; enabling shared care in a safe way. APIs are private and may be opened up in the course of a planned architectural restructure of various parts of the system.; Medisoft are making active steps toward an architectural restructure to support the delivery of an improved mediSIGHT SaaS offering.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: As a baseline, all customers have our Standard Edition which allows for granular configuration of clinical activities, letters, drop-down fields, medication, location details and more.; Configuration can be applied at a user level, subspeciality level, location level and organisation-wide.; Individual settings can be manged by users, whilst subspeciality, location and organisation wide settings are only editable by users with elevated permissions.; Clinical users also have access to customise their own clinical preferences, shortcuts for letters, surgery and medication defaults.; On top of the standard edition, there are a further 10 additional modules which are also configurable.

Scaling

• Independence of resources: Our Dev Ops function performs regular and detailed monitoring to ensure that shared resources on the platform are adequately scaled as new customers are onboarded and existing customers increase usage. Utilisation of key metrics including storage, CPU usage, memory and disk I/O etc are all tracked careful, using ITIL compliant Capacity Management methodology in order to identify and act before system performance is impacted. Certain other technical controls are built into our system design in order to prevent a 'Denial of service' style incident caused inadvertently by other customer behaviour.

Analytics

• Service usage metrics: Yes
• Metrics types: Incident performance including performance against SLA for each severity of incident.; Total tickets raised/ closed/ outstanding; Total calls raised and answered; Total change requests raised & total change requests resolved
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Medisoft offer a reporting tool called audit suite which is a user interface which allows users to....
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • PDF
  • HTML
  • XLS
  • Powerpoint file
• Data import formats:
  • CSV
  • Other
• Other data import formats: XLS

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Medisoft provide our cloud solution using Microsoft Azure tenants and thus our SLAs would match those of the services supplied by the Azure standard terms. Our standard terms offer on a 99.9% availability / uptime and can be negotiated within reason by purchasing organisations. There are some elements of availability that are outside of this scope - for example should the authority's demographics interface fail, this could result in system unavailability. Similarly our service relies on a 'cloud proxy' which is hosted on the authority's premises - should a local issue prevent this device from communicating with the cloud service, this would be out of scope. Our managed service team constantly monitor the platform in order to recover service within SLA, however we are limited by the Azure platform fundamentally. Our service credit regime does not extend to refunds over availability, the only contractual remedy would be for consistent breaches of this SLA, which would result in escalation, provision of an accepted improvement plan, or if the breaches continued, termination.
• Approach to resilience: We use Azures highest available level of redundancy when using its services, whilst not leaving the geopolitical boundary. Azure handles the physical safety of its datacenters, as well any utilities required in order for it to function optimally.
• Outage reporting: Azure provide Azure Status Dashboard to provide real-time updates on the availability of their services across all their regions. We also use monitoring tools to give us an immediate insight into any behavior that would suggest an outage has occurred or looks likely to occur.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Medisoft provide permissions to management interfaces on a needs basis - only those staff who have a direct and justifiable need to access such interfaces in order to manage and maintain the service are credentialed to access them. This is limited to a very small number of our team (less than 10) and each are authorised by the Head of Department, being removed if and when their roles change or they leave. Each are contractually bound by data protection clauses and undertake mandatory annual security and data protection training.
• Access restriction testing frequency: Never
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Security governance is defined in our Information Security Policy which can be shared with the authority and any customers purchasing Medisoft products from this framework. Medisoft has a Security Officer who owns the policy and ensures we remain compliant to all best practice, as well as act on any security incidents. This is a wide ranging policy including technical controls over network, patching of systems, intrusion detection and anti-malware, as well as human controls including DBS checks, mandatory training and enforcement of process and policies.
• Information security policies and processes: We have a robust internal information security manual which is adhered to. ; All of our employees have to undergo a security awareness training at least once a year. ; Physical security in place - consisting of access/access prevention, intrusion detection systems and a clean desk policy.; Logical security - information access restrictions & handling of password/ password security & password advice

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We use source control to track all changes to our product. All changed code goes through a variety of quality checks to ensure its integrity, and is subsequently tested extensively by our in-house testing team. All code changes are reviewed to verify the changes are valid. The infrastructure for the solution is based entirely on an Infrastructure as Code approach, this is leveraged to allow for an entirely automated, secure and consistent deployment. This allows for the execution of vulnerability and security scanners on the code, to help ensure any potential security issues can be identified.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential threats are cross-reference the CVE database to confirm impact.; Once a fix a vulnerability is available, deployment of the fix could be performed within 24 hours; Azure and open source tooling is used to gain information about potential threats
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Microsoft Defender for cloud is used to identify potential compromises.; Our response is dependent on the issue and handled via internal processes.; Once a compromise has been identified it will be responded to as soon as possible
• Incident management type: Supplier-defined controls
• Incident management approach: Medisoft offers a support service based on ITIL principles.; Customers can contact the SD by telephone, email or website. Every customer incident is recorded in CRM; The CRM automatically records these targets against each incident and starts the SLA timer when the incident is created. The SD work on ; incidents in priority order aiming to achieve SLA on all. This is achieved using dashboards which highlight SLA performance, incidents nearing expiry and other metrics. The SD Manager ; can automatically escalate incidents which have not been resolved in expected timeframes and ensure resource is allocated.; Incident reports are provided upon request.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Medisoft are committed to Fighting Climate Change across all of our business activities through a programme of continual improvement managed through an Environmental Monitoring System (EMS). We also encourage our business partners to join this effort. ; We are BS8555 certified which demonstrates our company’s commitment to working towards reducing its environmental impact by including aspects of environmental management into our business processes. ; Medisoft recognises our key impacts to be in the areas of:; • Transport, particularly car travel and flights;; • Energy usage; • Consumables such as toner and batteries;; • The purchase and disposal of electrical equipment; • Generation of printed materials.; ; We:; • Have a business owner for the EMS who ensures the business adheres to our environmental commitments; • Board commitment to reducing our environmental impact ; • Assess organisational activities and identifying areas where we can minimise impacts; • Aim to achieve the highest environmental standards in all areas of operation;; • Fulfill our environmental compliance obligations; • Minimise energy and water usage through careful monitoring. By making more use of cloud technologies we have reduced the amount of energy required to run our internal data centre.; • Purchase sustainable products wherever feasible; • Adopt the waste hierarchy of re-use and recycling;; • Train employees in good environmental practice; • Environmentally sound transport strategy;; • Source equipment and materials sustainable suppliers; We do not provide company cars & encourage employees to use public transport wherever possible; We deliberately chose our new building location close to a train station to encourage use of public transport. If cars are used, we encourage colleagues to car pool.; We promote a ‘cycle to work’ scheme for employees; We redesigned our training delivery options, focusing more on remote learning for users. This provides a reduction in carbon emissions generated from employee travel.

  Covid-19 recovery

  Covid 19 Assessment was carried out and the organisation adopted a hybrid working model is working and is better for employee mental health.; We use larger rooms with ample space when conducting team meetings

  Tackling economic inequality

  Medisoft prioritizes social value, particularly by supporting SMEs and VCSEs in our local community. Our ISO9001 system integrates policies to engage SMEs and VCSEs in our supply chain, fostering economic growth and entrepreneurship.; We aim for a diverse supply chain, welcoming new businesses and entrepreneurs, SMEs, VCSEs, and mutuals. Collaborating closely, we support innovative technologies for cost-effective and high-quality services. For instance we works with a consultancy specializing in Clinical Safety management to provide innovative solutions.; Collaboration extends throughout our supply chain, ensuring fair and responsible partnerships. We engage SME consultancies for Environmental Standards and Cyber Security risk management, enabling compliance with standards like Cyber Essentials+.; Of our 28 suppliers, 18 are SMEs, new businesses, or VCSEs, with at least 8 local to our communities. We actively seek to enhance social value by identifying and engaging local SMEs and VCSEs, simplifying tendering processes, and providing ongoing support post-award.; Our commitment includes monitoring and reporting on SMEs' and VCSEs' spend to drive improvement and sharing best practices. Through these initiatives, we contribute to community growth and empowerment while delivering on our contractual obligations.

  Equal opportunity

  Our SME, based in Leeds, prides itself on a leadership team where 43% hail from Ethnic Minority Groups, demonstrating our unwavering commitment to diversity. ; Over 27 years, our inclusive recruitment practices have shaped a successful, multicultural workforce, showcased by our French contracts requiring native speakers, including individuals of African ethnicity. Upholding the principles of the Equality Act 2010, our policies prioritize fairness and inclusivity, striving to create an environment free from discrimination.; Recognizing the underrepresentation of ethnic minorities in leadership roles, we actively recruit and promote from these groups, recently appointing a National Sales Manager from such a background. This initiative aligns with our aim to mirror the diversity of our NHS customer base, fostering empathy and understanding within our organization.; Our comprehensive Learning and Development program is designed to support the career progression of ethnic minority colleagues, ensuring continual growth in their representation in leadership positions. We are dedicated to cultivating a workforce that reflects the rich tapestry of the communities we serve, promoting inclusivity and excellence at every level.; By consistently measuring and enhancing our ethnicity mix, particularly in leadership roles, we reaffirm our commitment to diversity and equality. Our goal is to create a workplace where all colleagues and job applicants are treated fairly and with respect, irrespective of background, fostering an environment where differences are valued and celebrated.

  Wellbeing

  Mental Health campaigns for staff to create community of acceptance & remove stigma.; A small number of our team have been diagnosed as neurodivergent. These individuals are valued members of our team and provide vital input.; We believe it is important that we support all our team to maintain their welfare and mental wellbeing which we do via our Wellbeing Policy. ; We have received support from the DWP and relevant charities, taking advantage of any advice and/or funding opportunities that may help provide appropriate equipment, training and support networks that will make life in the work environment more comfortable; both physically and mentally. ; Recently we have supported the wellbeing of colleagues with the following deliverables, through the support of DWP:; ; • 121 coaching for impacted colleagues; • Awareness training for the wider team; • Provision of Dragon Professional 16 Software; • 4 hours training for Dragon Professional 16 Software; • Provision of MindView Software; • Provision of noise cancelling headphones; • Provision of anti-glare screen covers; ; As we have become more aware of the various adjustments we have needed to make, we have introduced awareness training for all members of our team to enable them to learn about and better understand people with neurodivergence. ; Providing this training for all staff including managers, is important to us as we firmly believe that by having all of our team understand how different brain functions affect people, we provide a better workplace for all. It is our aim that by having a better understanding, this develops our culture to encourage more open conversations which in turn will lead to the destigmatisation of mental health conditions across our team. ; ; We want all our team to feel supported and informed to ensure that those who require any reasonable adjustments feel comfortable

Pricing

• Price: £30,000.00 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick.dodds@medisoft.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.