Enovation UK Limited

Cloverleaf Integration Suite

Cloverleaf delivers a complete integration suite renowned for its ease of use, power to handle complex integration, security and customer proven scalability and reliability. Investment and innovation continues by going beyond legacy HL7 integration, providing solutions to quickly innovate with FHIR, enabling API Management on premise or in the Cloud.

Features

• A portfolio of user tools for configuration and testing
• Buildable Object Xchange migration tool deploys interfaces across Cloverleaf sites
• Proven scalability and reliability
• Provides drag & drop enabled configurations
• Browser-based GUI wizards
• Database connection GUI allows explore and import of database schemas
• Full support for compliance standards including HL7 ® FHIR®
• Manages security at the user interface level
• Remote administration API with secure remote access to Cloverleaf
• Powerful Integrated Development Environment

Benefits

• Powerful and easy to use
• Easy web services connectivity
• Streamlines exchange and aggregation of clinical data improving patient outcomes
• GUI wizards simplify creation and deployment of connections
• Simplify interface migration using the Buildable Object Xchange migration utility
• Easy database connectivity
• A suite of applications that extends beyond an integration engine.
• Proven scalability, availability and reliability
• Commitment to ongoing investment and innovation in Cloverleaf
• Cloverleaf supports FHIR and for developing FHIR-based web APIs

£18,000 a licence

Service documents

• Pricing document

  PDF

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Liam.Canham@enovationgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

705987533511762

Contact

Liam.Canham@enovationgroup.com
08445611814
Liam.Canham@enovationgroup.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Cloverleaf can be embedded in an application to provide an integration capability for that system either as a fully functioning integration engine or for data translation/transformation into industry standard message formats.
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: In case Cloverleaf® is hosted within a VMWare environment, to protect and guarantee the service of the product the following guidelines are established. ; The assigned resources of the machine are to be set to dedicated (reserved) available to the guest. In the case the Cloverleaf requires resources and the VMWare host is unable to provide these resources Cloverleaf thinks he has or the host is unable to provide the resources fast enough (with dynamic allocation) this can have a negative impact on the Cloverleaf environment.
• System requirements: Multiple platforms supported, Red Hat, Centos, Windows server and AIX

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard support hours are Monday - Friday, 0900-1730 but these can be extended upto 24x7x52 and the response times are as agreed with the client and will be the same as during weekdays
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Technical Cloverleaf support for corrective maintenance items is available by telephone during normal business hours, which is 09.00 – 17.30 5 days per week. In addition, “critical” maintenance for Cloverleaf and interfaces is provided 24 hours per day, 7 days per week. Different support hours between the two time options are available on request.; Support charges are based on 20% of licence/service charge and for 24x7x52 the additional charges are 10% of licence/service charge.; Dependant on the size and scope of project a technical support person would be allocated.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: A new user has a number of options available to them to learn the skills necessary to run and use their Cloverleaf system.; There are a series of onsite training courses, Level 1-3 outlined below,; Cloverleaf Level 1; This four-day course provides an introduction into the concept of the communication server, an introduction to the CLOVERLEAF® graphical interface and an explanation of how connections are made. At the end of this course, the user can make connections using the graphical interface. ; Cloverleaf Level 2; ; Cloverleaf Level 2 training is important if the hospital wishes to develop all links independently. This course provides an in-depth look at the way CLOVERLEAF® works. The course is advanced level and a follow-up to the Level I training. On completion of the course, the user is capable using scripts to realise links that cannot be created with a graphical user interface. ; Cloverleaf Level 3; This course is an advanced look at the entire CLOVERLEAF® application. Students will learn to configure advanced protocols, design and implement complex message manipulation and learn the details of the CLOVERLEAF® architecture.; Comprehensive user documentation is provided as part of the product.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All message content passing into and out of Cloverleaf can be; archived to an external relational database of the user’s choice, where the data can then be accessed for any purpose the user may need, such as calculating statistical information or keeping an audit log. Messages are first cached in an embedded Raima database, from which they are periodically written out to the external database by executing SQL; statements through ODBC (JDBC in 6.0). This flushing of the cache is triggered by the monitor daemon.; The user can configure how long data is held in Cloverleaf using the SMAT file functionality.; At the end of a contract any data held in SMAT or external files would be deleted.
• End-of-contract process: At the end of Contract all Cloverleaf software and any messages held in the SMAT or external SQL will be deleted and so no data will be held.; If the client is moving their integration services to another supplier at the end of the contract then Enovation would co-operate fully transition arrangements and would quote for any specific work needed.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The functionality on a mobile is limited to the Cloverleaf Global Monitor module which provides proactive, browser and mobile based monitoring and alerting for the Cloverleaf environment, along with Global Monitor's message tracing functionality. Use widgets to create customised views and dashboards for reviewing the ; statistics of your Cloverleaf Integration Suite environment and customizable, graphical statistical reports on Cloverleaf activity, including application and system-level statistics. Deploy these views to departmental users to enable them and free up valuable resources. With iPhone and Android app functionality, your IT staff can have monitoring
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Cloverleaf Integration Suite has long supported interoperability through web based APIs, but now natively supports the newest web protocols used by many of today’s top clinical system vendors eg Epic, Cerner. Cloverleaf has native support for exchanging JSON data objects communicated through REST-based web services. On top of that, JSON schemas have been developed for the HL7 FHIR standard and included them directly in the engine. With native support for the FHIR standard, anyone using the latest release will be able to pull up the definition of any and all FHIR artifacts, called resources, and build their own interfaces with the tools included right in the Cloverleaf engine.; In addition, an additional module of the Cloverleaf Integration Suite, the Cloverleaf API Gateway delivers a cost-effective solution for healthcare organisations to enable full lifecycle management of APIs, backed by the power of Cloverleaf Integration Services. ; Functionality includes,; - Register, document and update APIs in a uniform fashion; - Secure APIs with OAuth2.0; - Gain visibility into utilization and performance of APIs; - Design consumer friendly proxy APIs; - Leverage Cloverleaf FHIR APIs and the Cloverleaf API; - Design your process by combining many APIs with the new API Flow Orchestration
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • Other
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: To ensure performance levels are maintained when Cloverleaf® is hosted within a VMWare environment, to protect and guarantee the service of the product the following guidelines are established. The assigned resources of the machine are to be set to dedicated (reserved) available to the guest. ; By adopting this approach Cloverleaf is able to manage through the workload peaks and troughs that may occur.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Authorised Partner for Infor for their Cloverleaf Integration Suite

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Cloverleaf allow users to send data to systems in a variety of standard and non-standard formats using TCPIP as well as other formats, FTP, Secure FTP
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • HL7, all versions
  • XML
  • Edifact
  • Fixed record length
  • Variable record length
  • FHIR
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • HL7, all versions
  • XML
  • Fixed record length
  • Variable record length
  • Edifact
  • FHIR

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Each contract will include specific SLA's relating to the agreed performance and availability standards. Any compensation agreed for failure to meet performance levels will be clearly stated. We do not have any such contracts currently in place.
• Approach to resilience: This information will be made available on request.
• Outage reporting: This information will be made available subject to which Cloud Datacentre supplier is used.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Cloverleaf is designed to help you meet the highest security expectations.; The Cloverleaf Security module manages security at the user interface level and locks down access to the application using a granular access control list, based upon role and authentication privileges. Use Security Server to provide continuous control and audit user access to minimise unwarranted Cloverleaf Integration Suite configuration changes and activity. Encrypted security server audit logs can be exported to a readable clear text format for use with third party SIEM monitoring systems to detect security risks
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Kiwa Nederland B.V
• ISO/IEC 27001 accreditation date: 16/11/2023
• What the ISO/IEC 27001 doesn’t cover: Enovation services are covered by our ISO certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All knowledge and processes are being documented in a central knowledge base. The departments and security office organise meetings to be sure important subjects are clearly explained and ensure up-to-date knowledge. Every department also has at least one member of an internal task force to guard the compliance of the security policies in place. Enovation are accredited for the Data Security and Protection Toolkit (DSPT). We are also accredited for Cyber Essentials and are actively progressing with the implementation of ISO 27002 with formal audit taking place in September 2020.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Internal documentation tools are available for documentation. These are remotely accessible to be reviewed by peer colleagues within the company. Additional meetings with different knowledge groups are organised to keep track of the changes and steer on possible risks that might emerge.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Ongoing efforts are made to enhance the software. When new information is supplied by partners, clients, support teams or developers, a risk assessment is made by Product Management and the security office. If the risk is high, this will result in downtime until fixed. If not, the affected parties are informed when deemed necessary and fixes are added to the backlog for the next update. Updates and fixes are not tied to a strict release schedule.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Ongoing efforts are made to debug and assess the software. Internal knowledge sessions and meetings are organised to minimise the chance of overseeing defects. Once something emerges, an assessment is made to assign a time frame for a fix. In case of a large security risk, users will be informed.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our service goal is to restore normal service operation as quickly as possible following an incident, while minimising impact to business operations and ensuring quality is maintained. ; To log an incident users either complete an Incident Logging Template and email to us or call us on a dedicated support number. This email address is monitored throughout the day and your call will be picked up immediately. ; For incidents that require immediate attention and are outside office hours calls are made to the support telephone.; A summary is made of all incidents on a regular basis for performance review.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Wellbeing

  Tackling economic inequality

  Cloverleaf allows for the exchange of information across large networks, meaning it has the ability to exchange information across regions - for example exchanging patient information securely between hospitals, allowing for a modernised approach to information exchange and increased productivity.

  Wellbeing

  Cloverleaf being an Integration Engine allows for many disparate systems to be connected together and providing the seamless exchange of information. This has a positive impact both upon clinicians and patients alike, ensuring staff are able to access the most up to date and relevant information available to carry their work and in turn provide a better quality of care to patients.

Pricing

• Price: £18,000 a licence
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Liam.Canham@enovationgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.