Skip to main content

Help us improve the Digital Marketplace - send your feedback

X-Lab Limited

Labgnostic

Labgnostic (previously known as NPEx) enables any diagnostic laboratory to electronically refer test requests or results to any other laboratory on our network, through a single interface.

Features

  • Integrate with any other lab on the network
  • Send requests and get results via a single interface
  • Support for numeric, enumerated, free test and PDF results
  • Use the same Lab <> Lab workflow with EQA providers
  • View the status of shipments with sample tracking
  • Cloud-hosted, regularly updated and highly available

Benefits

  • Remove unnecessary, manual processes for Lab <> Lab workflows
  • Reduce turnaround times
  • Improve patient safety by reducing transcription errors to zero
  • Reduce unnecessary chasing with sample tracking and audit trails

Pricing

£15,000.00 to £43,945.00 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@x-labsystems.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

7 3 9 2 9 2 8 7 8 3 6 7 0 5 6

Contact

X-Lab Limited Commercial Department
Telephone: 07787656851
Email: commercial@x-labsystems.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No
System requirements
N/A - we cater for the buyers requirements.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Online ticketing support (Jira Service Desk) is provided 9:00 and 17:30 Monday to Friday, excluding Bank Holidays. Within these hours the tickets are responded to as follows:

1) Urgent severity - Before the start of the next Business Day;
2) High severity - Before the end of the next Business Day;
3) Medium - 2 Business Days;
5) Low - 3 Business Days;
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
No
Web chat support
No
Onsite support
No
Support levels
The below is a summary of the support levels covered under Annual Maintenance and Support costs. Tickets are resolved and responded to via Customer Support Analysts and the Service Manager.

Support levels:
1) Urgent severity - The whole site affected - Before the start of the next Business Day;

2) High severity- Key business affected, no workaround - Before the end of the next Business Day;

3) Medium- The whole department affected, not a key business, workaround possible - 2 Business Days;

4) Low- Individual user affected - 3 Business Days;

Out of Hours:
On call 3rd line engineering is provisioned as part of this service. This support is triggered by internal alerting and monitoring of key components of the system, which are designed into the service to minimise the risk of loss of service. No formal service management is provided outside of our standard working hours, which means any support requests logged outside working hours will be dealt with between 09:00 and 17:30 (Mon-Fri).
Support available to third parties
No

Onboarding and offboarding

Getting started
X-Lab prides itself on excellent customer service with each of our Labgnostic customers assigned a dedicated Account Manager. The Account Management team is an integral part of the organisation and works closely with the Onboarding and Support team as part of the wider Customer Success function.

The Account Managers work closely with the Sales team and are introduced to new Labgnostic customers during the sales process. Prior to customers' onboarding to the Labgnostic service, we ensure a contract is agreed and that all labs joining the network comply with information governance (in the form of a Data Protection Agreement). The Account Manager will work closely with the customer to maintain engagement, agree a utilisation plan, deal with any escalations, communicate service developments, and continually review the customer experience.

We provide a welcome pack containing a high-level overview of what to expect during the Labgnostic onboarding process (including supporting documentation, prerequisites, required stakeholders, key milestones, and a bespoke onboarding plan.

Training and support are offered online however there is scope for training to be delivered onsite.

Testing scripts are provided to the customer to validate testing ahead of sign off and cutover into production.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • Word
  • Excel
End-of-contract data extraction
We don't explicitly extract/remove data when a contract ends. We have a Retention Policy which is available on request. Data is removed from the production system after 4 months by default and will be removed from the archive after a further 2 years. Customers can reduce their retention period for production to a shorter period (we recommend no less than ~1 month, but this could be shorter if required).Upon request from an exiting customer a final data extract can be provided. This is a complex process as we would need to obtain agreement from all third party organisations that hold data sharing agreements with the off-boarding customer.
End-of-contract process
Labgnostic customers usually renew their contract at the end of the subscription term. Should a customer decide to end the contract, the termination terms form part of the contractual documentation. The dedicated Account Manager would work with the customer to ensure any outstanding invoices have been paid and would facilitate an off-boarding plan with the relevant teams. The tasks carried out by the X-Lab team include the deletion of the connection profiles, the decommissioning of the Customer VPN and the removal of web access configuration. The team would be required to wait until the archive period elapses and delete the laboratories. End users would need to be removed from Jira (the Customer Relationship Management - CRM) system. Users would also need removing from any service communications. The customers would be expected to liaise with other Labgnostic partners to communicate and manage the process, although the team at X-Lab could assist and advise where necessary.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
Interactions with Labgnostic are either through a set of user interfaces, or via connections to Laboratory Information Management Systems (LIMS)

There are two key user interfaces - delivered as web applications and accessed via a supported browser - one managing administration and configuration, and the other managing bookings, orders and shipments.

Labgnostic has a number of interfaces for common LIMS used by pathology labs that have been developed to LIMS vendor's HL7 interface specifications. There is also a LIMS type-agnostic specification available that connecting customers are able to develop to if a vendor specific module is not available.
Accessibility standards
None or don’t know
Description of accessibility
The service is accessed via a browser based user interface.
Accessibility testing
None.
API
Yes
What users can and can't do using the API
Labgnostic relies on APIs to function, allowing service users to send requests and get results from any other system on the network. Most systems are integrated via HL7 over MLLP, but support also exists for connecting via S3, or over SFTP, FTP or FTPS.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Labgnostic is built to scale horizontally and vertically making best use of available managed cloud services. Given the nature of the service providing a network of customers together, no guarantee can be made that an abnormally high load from one customer would not affect another.

Analytics

Service usage metrics
Yes
Metrics types
On request we can provide performing & referring transaction volumes for each customer, and can provide more detailed analysis (e.g. turnaround times or transaction volumes segmented by test type and partner lab) on request. This would require work from Engineers to provide.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Test configuration data can be exported from the application in JSON format on a per test basis. Order and Results data can not be exported from the system by the users, but they are exported/delivered outbound to LIMs systems via a selection of formats and protocols.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • HL7
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • HL7

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We aim to ensure that the service is available throughout the Subscription Term for 99.7% of the time.
Approach to resilience
We use Azure's cloud native redundancy and resilience tooling to ensure our platform is spread over multiple datacentres and regions within the UK
Outage reporting
- Jira Service Desk Portal Banner
- Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Azure AD group membership with conditional access and MFA.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus expected June 2022

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
N/A
Information security policies and processes
We employ a suite of ~20 information security policies loosely based on ISO27001 ISMS format to govern our security policies and procedures.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We ensure that security requirements are captured as far left in the SDLC as possible to ensure we have resources to appropriately remediate. All changes are developed using pair programming, and scanned for static code analysis including infrastructure as code static analysis (policy-as-code)
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerabilities identification is done by our vulnerability management tool and reported back every 6 hours. Vulnerabilities are then logged automatically as tickets for the respective team to remediate within our SLAs, with reporting on adherence to SLAs fed up to senior management.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Logging from endpoints, IaaS , PaaS, SaaS tools are ingested by our SIEM and monitored by our SOC on a 24/7 basis with proactive threat hunting activities conducted monthly.
Incident management type
Supplier-defined controls
Incident management approach
Our incident management approach is holistic as part of our risk management and BC/DR management approach. All suspected or confirmed security incidents are reported to the infosec team who triage and follow the predefined playbooks for various common incidents. Any live incidents have a PIR conducted with the Lessons Learned captured and remediated within SLAs. Incident Reports are provided to the customer within 48 hours of closure of the incident.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • NHS Network (N3)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

Fighting climate change

Fighting climate change

N/A
Covid-19 recovery

Covid-19 recovery

Labgnostic (formerly NPEx) plays a key role in lab-to-lab pathology test referring and reporting. As such, in relation to Covid-19 recovery and support of NHS labs, Labgnostic is critical in providing pathology networks with core technologies and solutions.
Tackling economic inequality

Tackling economic inequality

N/A
Equal opportunity

Equal opportunity

N/A
Wellbeing

Wellbeing

Labgnostic (formerly NPEx) provides lab-to-lab pathology networks across the UK. It is central infrastructure to numerous NHS lab services and is such is pivotal to healthcare across the UK.

Pricing

Price
£15,000.00 to £43,945.00 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@x-labsystems.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.