Cirdan

Cirdan Patient Portal

The Clinician and Patient Portal simplifies the engagement between diagnostic test providers, clinicians and patients by offering clear presentation of laboratory results. The Portals can be used standalone or integrated to a LIS.

Features

• Clear presentation of laboratory results within the applicable reference range
• Inform patients on their health journey displaying result history trends
• Reporting of diagnostic test results via graphical representation
• Practitioner management of critical results
• Practitioner to patient messaging (requires both portals)
• Questionnaires distribute digital forms/ surveys, reducing cost and improving data
• Schedule sections and reminders for completion
• CMS Article Creation & Publishing
• Access to medically curated content for each test result type
• Support for OIDC (Open ID Connect) Authentication

Benefits

• Easily scalable from small, single laboratories to large, multi-site laboratories.
• Rapid on-boarding process with training and configuration service available.
• Presented across Web, iOS and Android front end applications
• Separate Patient, Practitioner and Administrator portals to meet differing needs
• Clinical alerts for practitioners
• The ability to control publication of test reports to patients
• Improving patient engagement with healthcare professionals
• Supports the NHS drive enabling patient access to health records
• Support patient participation in their healthcare decisions

£15,000 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at presales@cirdan.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

784963551271091

Contact

Presales Team
02892660880
presales@cirdan.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The Clinician and Patient Portals can be used with LIMS or LIS, including CIRDAN CORE LIS.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: Supported browsers and iOS and Android versions

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Customers can email a request for support 24/7/365 via support@cirdan.com. Support requests received via email will be entered into the Cirdan Support System with email replies to customers auto generated from the Cirdan Support System as the ticket is progressed.; ; Responses are categorised by priority, based on Urgency and Impact. Customers specify the type of ticket and initial category : ; Critical < 1hrs; High < 4 hrs; Medium < 24 hrs; Low < 5 working days; Change request < 3 working days; Service Request < 3 working days; ; Note: Tickets may be recategorised or escalated once triaged.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The CIRDAN Managed Service Desk provides a technical and operational support service, which is included in the licence costs. This provides comprehensive ITIL aligned support provision 24/7, including access to experts who can diagnose and resolve issues, as well as give advice on the product’s diverse features. The Service Desk provides a single point of contact and can be contacted by phone, email or using the online Cirdan Incident Management system (CIM).; ; CIRDAN provides 24-hour support service to all clients with current support maintenance contracts. The Support Desk Team provide the third level of client support. The objective of the Cirdan Support Team is to facilitate the resolution of issues related to CIRDAN systems application software and hardware in line with the Service Level Agreement.; ; A Customer Success Manager (CSM) will be assigned to each client to represent their needs and requirements and act as project coordinator for software upgrades or additional module implementation. The CSM will assist the client with issues that are management and project related while the Support Desk Team will provide technical support for day-to-day issues
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Cirdan will engage in an initial Discovery exercise with the customer where our product specialists scope the product configuration requirements; configuration and roll-out of a Minimum Viable Product (MVP) is undertaken; testing and go-live follows with on-site support from specialists; further configuration of the live product follows as additional modules and/or labs are on-boarded. Training is provided on-site and supported by user documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Microsoft Word
  • Video
  • Pathfinders
• End-of-contract data extraction: Cirdan can offer the following options as part of the transition out services. 1. Provide the customer with a copy of the My SQL database. 2. Provide an export of data and PDF data as encrypted archive files.
• End-of-contract process: Cirdan commits to ensuring there is a smooth transfer with a minimum of disruption through clear and pre-costed disengagement services if the customer selects to transition out either for convenience or for the termination of the service agreement. As a minimum Cirdan will provide the customer with a copy of the MySQL database, encryption keys, the appropriate data dictionary and all backups as required which can be retained post the transition out period for no charge. Cirdan offers an array of transition-out services to minimise the impact to the lab and ensure all data is available for future use by the customer. Cirdan would work with the customer on the requirements and document the approach. Cirdan is happy to collaborate with other third-party vendors on achieving the outcome required for the customer. This is often done with a working group combining Cirdan staff, customer staff and Third-party vendor staff and run as a project. Costs are calculated based on a Time & Materials basis, (see rate card), in line with the requirements as outlined in the agreed Transition out plan.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile service includes all those features provided in the desktop service.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: API available to facilitate uploading of clinical data to the platform from proprietary sources
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: White labelling and text can be customised on request and at additional cost. - Date and time formats can be customised - Password complexity, expiration and maximum login attempts can all be configured.

Scaling

• Independence of resources: Customers are allocated dedicated cloud resources to host and deliver portal services. Resources can automatically scale as required in response to load and usage trends. Service elasticity and scalability are delivered through vertical scaling (node enhancement of CPU, memory, network and storage) and horizontal scaling (node replication and dynamic load balancing).

Analytics

• Service usage metrics: Yes
• Metrics types: Audit of logins and number of reports created. Optional Firebase analytics
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data is stored on an MySQL database and data can be transferred into transportable files. There are many data formats available for use with the application, including but not limited to, Word, PDF, .CSV, XLSX, HL7, etc..
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • HTML5
  • PDF
  • XML
  • XLSX
  • JSON
  • Word
  • FHIR HL7
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • HTML5
  • PDF
  • XML
  • XLSX
  • Word
  • FHIR HL7

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Cirdan offer a standard 99.90% availability as part of our SLA. ; Cirdan’s standard KPIs measure:; • Uptime (system availability / system response times); • SLA response and restoration compliance; • Allowable incidents (the number of incidents exceeding a pre-agreed level for a given defined period); Additional KPIs for measurement and reporting can be agreed with clients on an individual basis.; Our standard KPIs are measured as follows:; System availability is measured using a standard formula, as a percentage of the total time in a service period.; ; Service Availability (%) = (MP-SD) x 100 / MP (See example SLA provided); ; Following agreement on the Key Performance Indicators to be measured, Cirdan monitors performance against each indicator and issues the client reports (quarterly, or on such time basis agreed with the client) detailing the level of service achieved. ; ; If the ULTRA LIMS Core application does not meet the service commitment agreed, Cirdan can comply with the service credits set out in the SLA. Cirdan’s service credit arrangement in its standard SLA provides service credits based on service days. ; ; Service reviews are held on a quarterly basis between the customer and the Cirdan Customer Success Manager (CSM) assigned to the client account.
• Approach to resilience: Service resilience is achieved through 3 key platform measures. (1) Monitoring, telemetry and security awareness throughout the platform to determine operational state and prevailing security stance. (2) Automated replication and backup processes, aligned with Incident Response and Disaster Recovery plans, to establish rapid and safe operational states in the event of an incident. (3) Scheduled and repeated scenario replays to test and evaluate resiliency measures, including Disaster Recovery and Service Continuity Testing and independent third-party Penetration Testing. These measures are supported by regular and frequent reviews of operational policies, procedures and risk assessments.
• Outage reporting: Dashboards and email alerts can be configured to alert any system outages. The system is also monitored by Cirdan directly as part of the managed service agreement to ensure a prompt and appropriate response.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: OIDC compliant Identity Providers
• Access restrictions in management interfaces and support channels: In a cloud deployment access is granted via RBAC using a least privilege model. RBAC defined within the application allows definition of access levels for an individual, or groups of individuals, that includes cross discipline as well as discipline specific functionality. No limits have been identified to date in this respect. Self-service password resets available. ; The system allows for individual, unique user accounts and passwords with RBAC applied. Local Client policy and procedure should ensure this facility is used - Active Directory integration is possible.; The software development lifecycle includes regular vulnerability scanning, including the OWASP 2017 Top 10 guidelines.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 22/11/2021
• What the ISO/IEC 27001 doesn’t cover: Nothing specified as not covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • QUALITY MANAGEMENT SYSTEM - ISO 13485:2016 - MDSAP 709271
  • ICO Certificate

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Microsoft Sentinel is integrated with the ULTRA solution and provides advanced multi-stage attack detection with dynamically updated threat and anomaly detection rules, etc.
• Information security policies and processes: Cirdan are ISO 27001 accredited and this drives the content of the following policies and processes we follow:; Information Security Policy; Office & Remote Working Policy; Information Communication Acceptable Use Policy; Access Control & Asset Management Policy; Secure Development Policy; Cryptographic Policy; GDPR Policy; These policies are audited and certified by NQA against the ISO27001:2013 standard. Audits take place bi-annually.; ; These policies are maintained and enforced by a Quality & Regulatory Manager who reports to the Chief Executive Officer.; ; Cirdan is registered and complies with the NHS Data Security and Protection Toolkit. ODS code is 8J717, ICO registration number: ZA018472

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Proposed changes are documented and risk assessed. Roll-back processes and procedures are documented and tested. Customer is notified of risks, rollbacks and timelines for approval.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability testing is carried out on a regular basis using commercial tools. Subscriptions from vendors and third parties also alert to vulnerabilities which the tools do not yet identify.; ; Patches and updates for critical vulnerabilities are applied within 24 hours of being available, or if no solution is available from a vendor, alternative action will be taken to mitigate or negate the risk.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Proactive monitoring of systems allows automated reporting of issues and unusual activity is via systems which automatically raise a ticket. ; ; All authentication logs and machine alerts are kept off-site. Engineers available 24x7triage the tickets and raise escalation procedures as required.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident Management is controlled by a process which guides the team through the assessment of the incident, evaluation of risk, loss and services affected. ; ; Users can either phone, e-mail or report via the online service desk. All incidents are followed up with a report detailing the root cause, immediate resolution and the changes to be implemented to prevent re-occurrence.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Cirdan wholly support efforts in moving to net zero.; The organisation recognises the importance of environmental protection and is committed to operating the business responsibly and in compliance with environmental law, regulation and approved codes of practice applicable to its business activities.; Cirdan seeks to reduce their environmental impact, with its ultimate goal being to reduce its overall carbon footprint by embedding best practice in the daily management of our operations and encouraging positive behaviour from its employees, including providing facilities to encourage use of electric vehicles. The Directors believe that environmental controls and practices can also benefit the business, such as promoting the efficient use of energy and resources thereby helping to reduce costs. We are working towards reducing our own carbon footprint through the use of net zero cloud hosting schemes and reducing power consumption in our own systems and endeavour to use suppliers who are also targeting net zero. With the target of being net zero by 2050.
• Covid-19 recovery:

  Covid-19 recovery

  Cirdan continue to monitor local Government recommendation in relation to the ongoing Covid-19 situation. Weekly updates are issued to staff, advising on the current level of risk and flexible working practises are in place to allow Cirdan to continue to operate effectively.; ; Cirdan offer support to staff to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services. We support the physical and mental health of people affected by COVID-19, in an effort to reduce the demand on health and care services, for example providing subsidised access to an in house fitness suite and mental health awareness sessions. ; ; We have improved workplace conditions that support the COVID-19 recovery effort including effective social distancing and remote working.
• Tackling economic inequality:

  Tackling economic inequality

  Cirdan support educational attainment relevant to the contracts we engage in, including training schemes that address skills gaps and result in recognised qualifications.
• Equal opportunity:

  Equal opportunity

  Cirdan is committed to equality of opportunity both in the provision of services and as an employer. We have a published Equal Opportunity Policy, a copy of which is available on request. ; ; This policy forms part of the Terms and Conditions of employment.
• Wellbeing:

  Wellbeing

  Cirdan maintains the presence of wellbeing champions across the organisation promoting health, safety and wellbeing policies and practices.

Pricing

• Price: £15,000 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Customers can be given a time limited access to the standard version.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at presales@cirdan.com. Tell them what format you need. It will help if you say what assistive technology you use.