Skip to main content

Help us improve the Digital Marketplace - send your feedback

Cirdan

Cirdan Patient Portal

The Clinician and Patient Portal simplifies the engagement between diagnostic test providers, clinicians and patients by offering clear presentation of laboratory results. The Portals can be used standalone or integrated to a LIS.

Features

  • Clear presentation of laboratory results within the applicable reference range
  • Inform patients on their health journey displaying result history trends
  • Reporting of diagnostic test results via graphical representation
  • Practitioner management of critical results
  • Practitioner to patient messaging (requires both portals)
  • Questionnaires distribute digital forms/ surveys, reducing cost and improving data
  • Schedule sections and reminders for completion
  • CMS Article Creation & Publishing
  • Access to medically curated content for each test result type
  • Support for OIDC (Open ID Connect) Authentication

Benefits

  • Easily scalable from small, single laboratories to large, multi-site laboratories.
  • Rapid on-boarding process with training and configuration service available.
  • Presented across Web, iOS and Android front end applications
  • Separate Patient, Practitioner and Administrator portals to meet differing needs
  • Clinical alerts for practitioners
  • The ability to control publication of test reports to patients
  • Improving patient engagement with healthcare professionals
  • Supports the NHS drive enabling patient access to health records
  • Support patient participation in their healthcare decisions

Pricing

£15,000 an instance a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at presales@cirdan.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

7 8 4 9 6 3 5 5 1 2 7 1 0 9 1

Contact

Cirdan Presales Team
Telephone: 02892660880
Email: presales@cirdan.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
The Clinician and Patient Portals can be used with LIMS or LIS, including CIRDAN CORE LIS.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
None
System requirements
Supported browsers and iOS and Android versions

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Customers can email a request for support 24/7/365 via support@cirdan.com. Support requests received via email will be entered into the Cirdan Support System with email replies to customers auto generated from the Cirdan Support System as the ticket is progressed.

Responses are categorised by priority, based on Urgency and Impact. Customers specify the type of ticket and initial category :
Critical < 1hrs
High < 4 hrs
Medium < 24 hrs
Low < 5 working days
Change request < 3 working days
Service Request < 3 working days

Note: Tickets may be recategorised or escalated once triaged.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The CIRDAN Managed Service Desk provides a technical and operational support service, which is included in the licence costs. This provides comprehensive ITIL aligned support provision 24/7, including access to experts who can diagnose and resolve issues, as well as give advice on the product’s diverse features. The Service Desk provides a single point of contact and can be contacted by phone, email or using the online Cirdan Incident Management system (CIM).

CIRDAN provides 24-hour support service to all clients with current support maintenance contracts. The Support Desk Team provide the third level of client support. The objective of the Cirdan Support Team is to facilitate the resolution of issues related to CIRDAN systems application software and hardware in line with the Service Level Agreement.

A Customer Success Manager (CSM) will be assigned to each client to represent their needs and requirements and act as project coordinator for software upgrades or additional module implementation. The CSM will assist the client with issues that are management and project related while the Support Desk Team will provide technical support for day-to-day issues
Support available to third parties
No

Onboarding and offboarding

Getting started
Cirdan will engage in an initial Discovery exercise with the customer where our product specialists scope the product configuration requirements; configuration and roll-out of a Minimum Viable Product (MVP) is undertaken; testing and go-live follows with on-site support from specialists; further configuration of the live product follows as additional modules and/or labs are on-boarded. Training is provided on-site and supported by user documentation.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Microsoft Word
  • Video
  • Pathfinders
End-of-contract data extraction
Cirdan can offer the following options as part of the transition out services. 1. Provide the customer with a copy of the My SQL database. 2. Provide an export of data and PDF data as encrypted archive files.
End-of-contract process
Cirdan commits to ensuring there is a smooth transfer with a minimum of disruption through clear and pre-costed disengagement services if the customer selects to transition out either for convenience or for the termination of the service agreement. As a minimum Cirdan will provide the customer with a copy of the MySQL database, encryption keys, the appropriate data dictionary and all backups as required which can be retained post the transition out period for no charge. Cirdan offers an array of transition-out services to minimise the impact to the lab and ensure all data is available for future use by the customer. Cirdan would work with the customer on the requirements and document the approach. Cirdan is happy to collaborate with other third-party vendors on achieving the outcome required for the customer. This is often done with a working group combining Cirdan staff, customer staff and Third-party vendor staff and run as a project. Costs are calculated based on a Time & Materials basis, (see rate card), in line with the requirements as outlined in the agreed Transition out plan.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The mobile service includes all those features provided in the desktop service.
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
API available to facilitate uploading of clinical data to the platform from proprietary sources
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
White labelling and text can be customised on request and at additional cost. - Date and time formats can be customised - Password complexity, expiration and maximum login attempts can all be configured.

Scaling

Independence of resources
Customers are allocated dedicated cloud resources to host and deliver portal services. Resources can automatically scale as required in response to load and usage trends. Service elasticity and scalability are delivered through vertical scaling (node enhancement of CPU, memory, network and storage) and horizontal scaling (node replication and dynamic load balancing).

Analytics

Service usage metrics
Yes
Metrics types
Audit of logins and number of reports created. Optional Firebase analytics
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data is stored on an MySQL database and data can be transferred into transportable files. There are many data formats available for use with the application, including but not limited to, Word, PDF, .CSV, XLSX, HL7, etc..
Data export formats
  • CSV
  • Other
Other data export formats
  • HTML5
  • PDF
  • XML
  • XLSX
  • JSON
  • Word
  • FHIR HL7
Data import formats
  • CSV
  • Other
Other data import formats
  • HTML5
  • PDF
  • XML
  • XLSX
  • Word
  • FHIR HL7

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Cirdan offer a standard 99.90% availability as part of our SLA.
Cirdan’s standard KPIs measure:
• Uptime (system availability / system response times)
• SLA response and restoration compliance
• Allowable incidents (the number of incidents exceeding a pre-agreed level for a given defined period)
Additional KPIs for measurement and reporting can be agreed with clients on an individual basis.
Our standard KPIs are measured as follows:
System availability is measured using a standard formula, as a percentage of the total time in a service period.

Service Availability (%) = (MP-SD) x 100 / MP (See example SLA provided)

Following agreement on the Key Performance Indicators to be measured, Cirdan monitors performance against each indicator and issues the client reports (quarterly, or on such time basis agreed with the client) detailing the level of service achieved.

If the ULTRA LIMS Core application does not meet the service commitment agreed, Cirdan can comply with the service credits set out in the SLA. Cirdan’s service credit arrangement in its standard SLA provides service credits based on service days.

Service reviews are held on a quarterly basis between the customer and the Cirdan Customer Success Manager (CSM) assigned to the client account.
Approach to resilience
Service resilience is achieved through 3 key platform measures. (1) Monitoring, telemetry and security awareness throughout the platform to determine operational state and prevailing security stance. (2) Automated replication and backup processes, aligned with Incident Response and Disaster Recovery plans, to establish rapid and safe operational states in the event of an incident. (3) Scheduled and repeated scenario replays to test and evaluate resiliency measures, including Disaster Recovery and Service Continuity Testing and independent third-party Penetration Testing. These measures are supported by regular and frequent reviews of operational policies, procedures and risk assessments.
Outage reporting
Dashboards and email alerts can be configured to alert any system outages. The system is also monitored by Cirdan directly as part of the managed service agreement to ensure a prompt and appropriate response.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
OIDC compliant Identity Providers
Access restrictions in management interfaces and support channels
In a cloud deployment access is granted via RBAC using a least privilege model. RBAC defined within the application allows definition of access levels for an individual, or groups of individuals, that includes cross discipline as well as discipline specific functionality. No limits have been identified to date in this respect. Self-service password resets available.
The system allows for individual, unique user accounts and passwords with RBAC applied. Local Client policy and procedure should ensure this facility is used - Active Directory integration is possible.
The software development lifecycle includes regular vulnerability scanning, including the OWASP 2017 Top 10 guidelines.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
NQA
ISO/IEC 27001 accreditation date
22/11/2021
What the ISO/IEC 27001 doesn’t cover
Nothing specified as not covered.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • QUALITY MANAGEMENT SYSTEM - ISO 13485:2016 - MDSAP 709271
  • ICO Certificate

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Microsoft Sentinel is integrated with the ULTRA solution and provides advanced multi-stage attack detection with dynamically updated threat and anomaly detection rules, etc.
Information security policies and processes
Cirdan are ISO 27001 accredited and this drives the content of the following policies and processes we follow:
Information Security Policy
Office & Remote Working Policy
Information Communication Acceptable Use Policy
Access Control & Asset Management Policy
Secure Development Policy
Cryptographic Policy
GDPR Policy
These policies are audited and certified by NQA against the ISO27001:2013 standard. Audits take place bi-annually.

These policies are maintained and enforced by a Quality & Regulatory Manager who reports to the Chief Executive Officer.

Cirdan is registered and complies with the NHS Data Security and Protection Toolkit. ODS code is 8J717, ICO registration number: ZA018472

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Proposed changes are documented and risk assessed. Roll-back processes and procedures are documented and tested. Customer is notified of risks, rollbacks and timelines for approval.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerability testing is carried out on a regular basis using commercial tools. Subscriptions from vendors and third parties also alert to vulnerabilities which the tools do not yet identify.

Patches and updates for critical vulnerabilities are applied within 24 hours of being available, or if no solution is available from a vendor, alternative action will be taken to mitigate or negate the risk.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Proactive monitoring of systems allows automated reporting of issues and unusual activity is via systems which automatically raise a ticket.

All authentication logs and machine alerts are kept off-site. Engineers available 24x7triage the tickets and raise escalation procedures as required.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incident Management is controlled by a process which guides the team through the assessment of the incident, evaluation of risk, loss and services affected.

Users can either phone, e-mail or report via the online service desk. All incidents are followed up with a report detailing the root cause, immediate resolution and the changes to be implemented to prevent re-occurrence.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Cirdan wholly support efforts in moving to net zero.
The organisation recognises the importance of environmental protection and is committed to operating the business responsibly and in compliance with environmental law, regulation and approved codes of practice applicable to its business activities.
Cirdan seeks to reduce their environmental impact, with its ultimate goal being to reduce its overall carbon footprint by embedding best practice in the daily management of our operations and encouraging positive behaviour from its employees, including providing facilities to encourage use of electric vehicles. The Directors believe that environmental controls and practices can also benefit the business, such as promoting the efficient use of energy and resources thereby helping to reduce costs. We are working towards reducing our own carbon footprint through the use of net zero cloud hosting schemes and reducing power consumption in our own systems and endeavour to use suppliers who are also targeting net zero. With the target of being net zero by 2050.
Covid-19 recovery

Covid-19 recovery

Cirdan continue to monitor local Government recommendation in relation to the ongoing Covid-19 situation. Weekly updates are issued to staff, advising on the current level of risk and flexible working practises are in place to allow Cirdan to continue to operate effectively.

Cirdan offer support to staff to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services. We support the physical and mental health of people affected by COVID-19, in an effort to reduce the demand on health and care services, for example providing subsidised access to an in house fitness suite and mental health awareness sessions.

We have improved workplace conditions that support the COVID-19 recovery effort including effective social distancing and remote working.
Tackling economic inequality

Tackling economic inequality

Cirdan support educational attainment relevant to the contracts we engage in, including training schemes that address skills gaps and result in recognised qualifications.
Equal opportunity

Equal opportunity

Cirdan is committed to equality of opportunity both in the provision of services and as an employer. We have a published Equal Opportunity Policy, a copy of which is available on request.

This policy forms part of the Terms and Conditions of employment.
Wellbeing

Wellbeing

Cirdan maintains the presence of wellbeing champions across the organisation promoting health, safety and wellbeing policies and practices.

Pricing

Price
£15,000 an instance a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Customers can be given a time limited access to the standard version.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at presales@cirdan.com. Tell them what format you need. It will help if you say what assistive technology you use.