Skip to main content

Help us improve the Digital Marketplace - send your feedback

FEEDBACK MEDICAL LIMITED

Bleepa - CareLocker

Bleepa is the only CE/UKCA accredited medical app that enables medical professionals to remotely discuss clinical decisions and help deliver safer, more efficient patient care.

CareLocker is a patient-centric cloud architecture that supports Bleepa’s functionality whilst simultaneously creating patient-specific records of care episodes to support care delivery across provider settings.

Features

  • secure patient-centered clinical communication
  • medical grade imaging exchange (e.g., DICOM)
  • clinical referral management
  • clinical pathway management
  • clinical photography
  • review and annotate clinical grade imaging
  • encrypted, zero-footprint application
  • cloud-based architecture to support patient-centered data storage
  • customised workflows to optimise care pathways
  • supports cross provider (e.g. Primary/Secondary/Tertiary, CDC) workflow

Benefits

  • Enables remote discussion and clinical decision making
  • Supports clinical referrals and treatment decisions across care settings
  • Review and annotate clinical grade imaging
  • Integrates with other clinical and information systems
  • Secure, encrypted, zero-footprint application
  • CE/UKCA accredited medical app
  • ISO 13485, ISO 27001 and the Cyber Essentials Plus compliant
  • Cost effective and optimized cloud data storage
  • Deliver safer, more efficient patient care
  • Improve workflows, processes and team collaboration

Pricing

£2.49 to £6.00 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephen.mcateer@fbkmed.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

7 5 2 3 3 6 8 2 7 6 8 8 6 6 0

Contact

FEEDBACK MEDICAL LIMITED Stephen McAteer
Telephone: +44 (0) 7472391260
Email: stephen.mcateer@fbkmed.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Electronic patient records (EPR)
Electronic Health Record (EHR)
Picture archiving and communication system (PACS)
Radiology Information System (RIS)
Laboratory Information Management System (LIMS)
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
Short time window required monthly to apply system updates.
This is arranged and planned in advance with the customer.
System requirements
  • For end users https internet access to Bleepa system
  • For PACS data ability to configure DICOM settings on PACS
  • For medical information systems input ability to configure HL7 feed
  • For mobile devices under MDM access to Bleepa app

User support

Email or online ticketing support
Email or online ticketing
Support response times
We work within Response and Resolution Service Level Agreements as agreed with the customer.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Our web chat is for basic assistance and guidance, such as help with user login issues, and is accessible both within the app, and from any web browser.
Web chat accessibility testing
We use a well known industry standard third party application for web chat
Onsite support
Yes, at extra cost
Support levels
The support levels and costs are described in our terms and conditions and price guide.
We have a support ticket escalation process in place which allows us to rapidly allocate the appropriate level of support personnel to each and every incident.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
New users receive an email notification with detailed instructions and a link to activate their accounts.

Training materials are saved within the app and/or made available locally depending on the organisation. These include a mix of bespoke guides, presentations, FAQs and training videos.

Online training in small group and 1:1 is made available. A train-the-trainer model is recommended.

Onsite training can be done depending on need.

Our dedicated support desk - accessible by phone and email - is also available to troubleshoot and provide training.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All data can be exported as a set of structured information, in the format of the customer's choosing. In a typical use case, patient centric PDF exports are created on patient discharge, and then sent via HL7 or FHIR to an Electronic Patient Record system.
End-of-contract process
All data can be exported via existing HL7 or DICOM interfaces. The cost of exporting using these interfaces is included as part of the contract. If there is a need, however for new interfaces to be established, or for the data export process to project managed there may be an additional charge for time and materials.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Bleepa is implemented as a "Progressive Web Application", which automatically detects the capability of the device upon which it is running. The behaviour on mobile and desktop are very similar, although the application layout varies depending upon screen size. Bleepa is also able to use built in camera on mobile devices to allow photo-capture. Bleepa is touch screen enabled, but can also be controlled via a mouse.
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
The service interface for system admins allows for user account administration, and workflow configuration.
Accessibility standards
None or don’t know
Description of accessibility
Normal users to not have access to the service interface.
Accessibility testing
Not applicable.
API
Yes
What users can and can't do using the API
We provide interfaces that natively use HL7, FHIR or DICOM communication. We also integrate with existing user authentication systems such as Active Directory.
API documentation
Yes
API documentation formats
Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Bleepa and CareLocker are designed to integrate with existing hospital systems, such as Patient Administration Systems, Radiology Administration Systems, Order Comms, Pathology Information systems or Picture Archive and Communication Systems. We can provide interfaces that natively use HL7, FHIR or DICOM communication. Our systems can be customised to fit the particular data model used by the customer. We can also integrate with existing user authentication systems such as Active Directory.

Once integrated with hospital systems, help our customers to design a set of workflows to help manage the flow of patients though care pathways - all implemented within Bleepa.

Scaling

Independence of resources
Our typical deployment model is one where we set up a system that is dedicated to each customer.
This allows us to scale up each customers system, as appropriate to their demand.

Analytics

Service usage metrics
Yes
Metrics types
Our products include a dashboard, to show the number of patients at each point in the workflow.
We also work with our customers to provide them with appropriate statistics to help support their business need. This can for example, help them to monitor and measure the efficiency of a referral pathway, or to understand the timeline of patients through a particular clinical workflow.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All data can be exported as a set of structured information, in the format of the customer's choosing. In a typical use case, patient centric PDF exports are created on patient discharge, and then sent via HL7 or FHIR to an Electronic Patient Record system.
Data export formats
Other
Other data export formats
  • HL7
  • FHIR
  • PDF
  • DICOM
Data import formats
Other
Other data import formats
  • HL7
  • FHIR
  • DICOM
  • PDF
  • JPG

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We aim to provide 24x7 uptime, other than when the system is down for scheduled maintenance or upgrades, organised in advance with the customer.
Required uptime levels are discussed with the customer, and generally based on need.
Approach to resilience
Our software systems are installed on industry standard datacentres, such as AWS or Azure.
We utilise best practice on these platforms for data storage, and disaster recovery provision is always part of system design.
We utilise a "Infrastructure as code" methodology for all deployments, to ensure that each system can be tested prior to use, and re-created rapidly and redeployed if an incident is encountered.
Outage reporting
We proactively monitor our systems using independent third party tools.
System health is routinely assessed, with automated system health reports generated by e-mail.

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
We have a multi-layered approach to system set up, with application level access via load balancing front ends, with entirely independent channels used to access back end server infrastructure.
Those channels are firewall controlled, with access via encrypted communications, accessed using 2FA controlled logins.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
SGS
ISO/IEC 27001 accreditation date
11.12.2020
What the ISO/IEC 27001 doesn’t cover
The scope of our certification includes all software development, deployment and maintenance operations.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
NHS DSP Toolkit

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We have a clearly defined internal hierarchy, and have dedicated qualified information security staff.
We comply with ISO 27001 requirements, and have such have an active programme of internal and external audit, with full management team engagement.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We include a full stack risk review of all software components and systems, compliant with the following standards:
ISO 13485 Medical Device Quality Management
ISO 14971 Risk Management
ISO 27001 Information Security management
This has led to the development of secure development policies, and "infrastructure as code" mechanisms for system and update deployment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Secure development process
Incidents are analysed with care, and response is as appropriate to severity and impact of issue. Containment patches processed as rapidly as possible, with long term fixes .
Industry standard alerting systems, such as microsoft and uk cyber security centre
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our systems are set up with active monitoring ang logging to allow us to track system use, and potential misuse.
We have an internal escalation process, which allows us to respond rapidly, appropriately and effectively to any incident that occurs.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have an internal incident management process built on the needs of both ISO 13485 and ISO 27001
All reported issues come into our main helpdesk system, to allow effective and rapid triage.
We have a pre-defined escalation process, to ensure that all relevant members of staff are involved rapidly when the need arises.
Incidents reports are provided to relevant customers or other third parties as required during the incident.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

Fighting climate change

Fighting climate change

N/A
Covid-19 recovery

Covid-19 recovery

N/A
Tackling economic inequality

Tackling economic inequality

N/A
Equal opportunity

Equal opportunity

N/A
Wellbeing

Wellbeing

N/A

Pricing

Price
£2.49 to £6.00 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephen.mcateer@fbkmed.com. Tell them what format you need. It will help if you say what assistive technology you use.