Cirdan

Cirdan Patient Portal

The Clinician and Patient Portal simplifies the engagement between diagnostic test providers, clinicians and patients by offering clear presentation of laboratory results. The Portals can be used standalone or integrated to a LIS.

Features

• Clear presentation of laboratory results within the applicable reference range
• Inform patients on their health journey displaying result history trends
• Reporting of diagnostic test results via graphical representation
• Practitioner management of critical results
• Practitioner to patient messaging (requires both portals)
• Questionnaires distribute digital forms/ surveys, reducing cost and improving data
• Schedule sections and reminders for completion
• CMS Article Creation & Publishing
• Access to medically curated content for each test result type
• Support for OIDC (Open ID Connect) Authentication

Benefits

• Easily scalable from small, single laboratories to large, multi-site laboratories.
• Rapid on-boarding process with training and configuration service available.
• Presented across Web, iOS and Android front end applications
• Separate Patient, Practitioner and Administrator portals to meet differing needs
• Clinical alerts for practitioners
• The ability to control publication of test reports to patients
• Improving patient engagement with healthcare professionals
• Supports the NHS drive enabling patient access to health records
• Support patient participation in their healthcare decisions

£15,000 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at presales@cirdan.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

736349526313585

Contact

Presales Team
02892660880
presales@cirdan.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The Clinician and Patient Portals can be used with LIMS or LIS, including CIRDAN CORE LIS.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: Supported browsers and iOS and Android versions

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Customers can email a request for support 24/7/365 via support@cirdan.com. Support requests received via email will be entered into the Cirdan Support System with email replies to customers auto generated from the Cirdan Support System as the ticket is progressed.; ; Responses are categorised by priority, based on Urgency and Impact. Customers specify the type of ticket and initial category : ; Critical < 1hrs; High < 4 hrs; Medium < 24 hrs; Low < 5 working days; Change request < 3 working days; Service Request < 3 working days; ; Note: Tickets may be recategorised or escalated once triaged.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The CIRDAN Managed Service Desk provides a technical and operational support service, which is included in the licence costs. This provides comprehensive ITIL aligned support provision 24/7, including access to experts who can diagnose and resolve issues, as well as give advice on the product’s diverse features. The Service Desk provides a single point of contact and can be contacted by phone, email or using the online Cirdan Incident Management system (CIM).; ; CIRDAN provides 24-hour support service to all clients with current support maintenance contracts. The Support Desk Team provide the third level of client support. The objective of the Cirdan Support Team is to facilitate the resolution of issues related to CIRDAN systems application software and hardware in line with the Service Level Agreement.; ; A Customer Success Manager (CSM) will be assigned to each client to represent their needs and requirements and act as project coordinator for software upgrades or additional module implementation. The CSM will assist the client with issues that are management and project related while the Support Desk Team will provide technical support for day-to-day issues
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Cirdan will engage in an initial Discovery exercise with the customer where our product specialists scope the product configuration requirements; configuration and roll-out of a Minimum Viable Product (MVP) is undertaken; testing and go-live follows with on-site support from specialists; further configuration of the live product follows as additional modules and/or labs are on-boarded. Training is provided on-site and supported by user documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Microsoft Word
  • Video
  • Pathfinders
• End-of-contract data extraction: Cirdan can offer the following options as part of the transition out services. 1. Provide the customer with a copy of the My SQL database. 2. Provide an export of data and PDF data as encrypted archive files.
• End-of-contract process: Cirdan commits to ensuring there is a smooth transfer with a minimum of disruption through clear and pre-costed disengagement services if the customer selects to transition out either for convenience or for the termination of the service agreement. As a minimum Cirdan will provide the customer with a copy of the MySQL database, encryption keys, the appropriate data dictionary and all backups as required which can be retained post the transition out period for no charge. Cirdan offers an array of transition-out services to minimise the impact to the lab and ensure all data is available for future use by the customer. Cirdan would work with the customer on the requirements and document the approach. Cirdan is happy to collaborate with other third-party vendors on achieving the outcome required for the customer. This is often done with a working group combining Cirdan staff, customer staff and Third-party vendor staff and run as a project. Costs are calculated based on a Time & Materials basis, (see rate card), in line with the requirements as outlined in the agreed Transition out plan.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile service includes all those features provided in the desktop service.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: API available to facilitate uploading of clinical data to the platform from proprietary sources
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: White labelling and text can be customised on request and at additional cost. - Date and time formats can be customised - Password complexity, expiration and maximum login attempts can all be configured.

Scaling

• Independence of resources: Customers are allocated dedicated cloud resources to host and deliver portal services. Resources can automatically scale as required in response to load and usage trends. Service elasticity and scalability are delivered through vertical scaling (node enhancement of CPU, memory, network and storage) and horizontal scaling (node replication and dynamic load balancing).

Analytics

• Service usage metrics: Yes
• Metrics types: Audit of logins and number of reports created. Optional Firebase analytics
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data is stored on an MySQL database and data can be transferred into transportable files. There are many data formats available for use with the application, including but not limited to, Word, PDF, .CSV, XLSX, HL7, etc..
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • HTML5
  • PDF
  • XML
  • XLSX
  • JSON
  • Word
  • FHIR HL7
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • HTML5
  • PDF
  • XML
  • XLSX
  • Word
  • FHIR HL7

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Cirdan offer a standard 99.90% availability as part of our SLA. ; Cirdan’s standard KPIs measure:; • Uptime (system availability / system response times); • SLA response and restoration compliance; • Allowable incidents (the number of incidents exceeding a pre-agreed level for a given defined period); Additional KPIs for measurement and reporting can be agreed with clients on an individual basis.; Our standard KPIs are measured as follows:; System availability is measured using a standard formula, as a percentage of the total time in a service period.; ; Service Availability (%) = (MP-SD) x 100 / MP (See example SLA provided); ; Following agreement on the Key Performance Indicators to be measured, Cirdan monitors performance against each indicator and issues the client reports (quarterly, or on such time basis agreed with the client) detailing the level of service achieved. ; ; If the ULTRA LIMS Core application does not meet the service commitment agreed, Cirdan can comply with the service credits set out in the SLA. Cirdan’s service credit arrangement in its standard SLA provides service credits based on service days. ; ; Service reviews are held on a quarterly basis between the customer and the Cirdan Customer Success Manager (CSM) assigned to the client account.
• Approach to resilience: Service resilience is achieved through 3 key platform measures. (1) Monitoring, telemetry and security awareness throughout the platform to determine operational state and prevailing security stance. (2) Automated replication and backup processes, aligned with Incident Response and Disaster Recovery plans, to establish rapid and safe operational states in the event of an incident. (3) Scheduled and repeated scenario replays to test and evaluate resiliency measures, including Disaster Recovery and Service Continuity Testing and independent third-party Penetration Testing. These measures are supported by regular and frequent reviews of operational policies, procedures and risk assessments.
• Outage reporting: Dashboards and email alerts can be configured to alert any system outages. The system is also monitored by Cirdan directly as part of the managed service agreement to ensure a prompt and appropriate response.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: OIDC compliant Identity Providers
• Access restrictions in management interfaces and support channels: In a cloud deployment access is granted via RBAC using a least privilege model. RBAC defined within the application allows definition of access levels for an individual, or groups of individuals, that includes cross discipline as well as discipline specific functionality. No limits have been identified to date in this respect. Self-service password resets available. ; The system allows for individual, unique user accounts and passwords with RBAC applied. Local Client policy and procedure should ensure this facility is used - Active Directory integration is possible.; The software development lifecycle includes regular vulnerability scanning, including the OWASP 2017 Top 10 guidelines.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 22/11/2021
• What the ISO/IEC 27001 doesn’t cover: Nothing specified as not covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • QUALITY MANAGEMENT SYSTEM - ISO 13485:2016 - MDSAP 709271
  • ICO Certificate

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Microsoft Sentinel is integrated with the ULTRA solution and provides advanced multi-stage attack detection with dynamically updated threat and anomaly detection rules, etc.
• Information security policies and processes: Cirdan are ISO 27001 accredited and this drives the content of the following policies and processes we follow:; Information Security Policy; Office & Remote Working Policy; Information Communication Acceptable Use Policy; Access Control & Asset Management Policy; Secure Development Policy; Cryptographic Policy; GDPR Policy; These policies are audited and certified by NQA against the ISO27001:2013 standard. Audits take place bi-annually.; ; These policies are maintained and enforced by a Quality & Regulatory Manager who reports to the Chief Executive Officer.; ; Cirdan is registered and complies with the NHS Data Security and Protection Toolkit. ODS code is 8J717, ICO registration number: ZA018472

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Proposed changes are documented and risk assessed. Roll-back processes and procedures are documented and tested. Customer is notified of risks, rollbacks and timelines for approval.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability testing is carried out on a regular basis using commercial tools. Subscriptions from vendors and third parties also alert to vulnerabilities which the tools do not yet identify.; ; Patches and updates for critical vulnerabilities are applied within 24 hours of being available, or if no solution is available from a vendor, alternative action will be taken to mitigate or negate the risk.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Proactive monitoring of systems allows automated reporting of issues and unusual activity is via systems which automatically raise a ticket. ; ; All authentication logs and machine alerts are kept off-site. Engineers available 24x7triage the tickets and raise escalation procedures as required.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident Management is controlled by a process which guides the team through the assessment of the incident, evaluation of risk, loss and services affected. ; ; Users can either phone, e-mail or report via the online service desk. All incidents are followed up with a report detailing the root cause, immediate resolution and the changes to be implemented to prevent re-occurrence.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Cirdan encourages sustainable travel by providing bicycle racks and promoting the use of carpooling and the usage of local public transportation systems. Our head office has been located within easy walking distance of local rail and bus connections. We encourage the use of electric vehicles with 2 charge points located on-site at head office. Additionally, we also provide a hybrid working models for all employees. ; ; As most projects are located overseas, we will seek to reduce the number of on-site meetings required with the use of remote meetings technology which is made available to all employees. We continue to rationalise the number of flights taken to visit overseas customers and markets.

  Tackling economic inequality

  Cirdan has strong relationships with various local Universities and further education colleges such as Queens University Belfast and the Ulster University. We are committed to offering a minimum of 4 x 12-month placement opportunities across various skill sets with a minimum salary of £21,000 each or equivalent to the Real living wages at the time of the job offer.; ; The placements will be open to the following skillsets but not limited to:; • Computer Science ; • Artificial Intelligence ; • Data Analytics ; • Cyber Security ; • Interaction Design/ UX; • Biological Sciences ; • Microbiology ; • Biomedical Engineering; ; Each placement will have the benefit from dedicated mentorship including one to one support from specialist team members in their area of expertise which will allow them to gain valuable hands-on work experience.; ; Cirdan recognises that its people are its most valuable asset, and that organisational excellence is best attained through continuous training, development and educational activities, which build upon individual strengths.

  Equal opportunity

  At Cirdan, we recognise the importance of equality for all staff, and aim to provide an environment which supports diversity and inclusion, in line with our values. ; We want to ensure that our business recognises and delivers culturally sensitive, inclusive, accessible, and appropriate products and services, without discrimination. We are committed to ensuring that our approach to our staff is the same as our approach to our customers, being open and transparent, focused and based on our values.

  Wellbeing

  Cirdan is committed to Corporate social responsibility. “We care for each other, our community, and customers: together we can achieve great things!”. We demonstrate this in various way including the commitment to “give back to the community through involvement in social, charitable and educational initiatives.” ; Volunteering - we encourage our employees to participate in activities, supporting communities in which we operate through Corporate volunteering and individual activities. ; Through our policy, employees can use paid time off during their normal working hours for up to 3 working days each financial year. The policy is intended to help and support employees wishing to volunteer and provides a framework for good practice. ; This policy establishes a company-wide volunteering scheme which aims to: ; • Strengthen the company’s commitment to communities through the direct involvement of employees. ; • Increase employees’ commitment to the company and their pride in working here.; • Enhance internal relationships and teamwork. ; • Develop necessary abilities and skills within the company, such as collaboration, leadership and creativity.; To launch our volunteer policy earlier this year we worked in a community-based project with the National Trust where we volunteered over 240 hours to beach clean-up and preserving areas of natural heritage. In December 2023 we have committed over 100 hours of volunteering time to Cash for kids who support children and young people affected by poverty, abuse, neglect, life-limiting illness and those who have additional needs.; Cirdan also contributed to health-care related charities and community projects by sponsoring the Health and Wellbeing Award at the 2023 Aisling Awards in Belfast, celebrating the work of local charities in supporting health and well-being in the community, and is also a sponsor of the STEM category of the Blackboard Awards in Belfast which recognizes the contribution of local community teachers across the city.

Pricing

• Price: £15,000 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Customers can be given a time limited access to the standard version.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at presales@cirdan.com. Tell them what format you need. It will help if you say what assistive technology you use.