Skip to main content

Help us improve the Digital Marketplace - send your feedback

OMDA HEALTH ANALYTICS LIMITED

Database application

Cloud-based database web application for medical studies, trials and registers.

Features

  • Data collection module built according to customer's specification
  • Web based - remote access with real-time data reporting
  • Drug management module to manage trial intervention products
  • Document upload, storage and sharing
  • Multiple data authorisation levels and permission categories
  • Descriptive statistics module with graphic presentation
  • Full audit trail and data history, event logging system
  • Integrated data filtering to extract specific datasets
  • Integrated patient randomisation tool (customisable number of minimisation criteria)
  • Data monitoring - raise/answer queries, lock/sign forms

Benefits

  • Validate data on-entry
  • Access system close to 100% of time
  • Create unlimited number of users
  • Export data in clean and well-structured format
  • Connect to external data sources
  • Connect with public via self-managed homepage
  • Create specific datasets and download results to your local machine
  • Translate to multiple languages
  • Receive automated emails on specified events
  • Track full life-cycle of your data

Pricing

£4,600 to £28,000 an instance

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.health.analytics@omda.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

8 0 6 7 8 6 7 5 6 1 4 9 3 0 8

Contact

OMDA HEALTH ANALYTICS LIMITED Svetlana Karpovice
Telephone: +447852513340
Email: info.health.analytics@omda.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Standard upgrades and general maintenance of the service are included in the consideration. Omda Health Analytics is responsible for testing and making the standard upgrades to the service necessary for the service to fulfil agreed requirements.
The maintenance service includes tasks which are considered ordinary maintenance in the health business. New functionality requested by Customer is not part of the maintenance service and shall be set out in a separate development agreement between the parties.
Omda Health Analytics may, at its own discretion, add new functionality to the Software as part of the maintenance services.
System requirements
  • Internet connection (unless offline mode is ordered additionally)
  • Web browser updated to latest or earliest supported version

User support

Email or online ticketing support
Email or online ticketing
Support response times
Omda Health Analytics technical support shall accept voicemail, email and web form-based incident submittal from the client 24/7. Technical support shall respond to all support requests within the time periods specified according to priority (which is jointly determined together with the client):
priority 1 - within 2 normal business hours;
priority 2 - within 4 normal business hours;
priority 3 - Within 12 normal business hours;
priority 4 - Within 24 normal business hours.
Questions not related to technical issues are normally answered within five work days, unless otherwise specified in the contract.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Omda Health Analytics provides 2 different levels of support:
- ordinary service (hosting of the solution; maintenance; errors fixing, training, consultations and small changes during normal working hours)
- extended service (ordinary service + 24/7 support line for Priority 1 tickets).
Cost of the different support levels depends on the solution complexity, number of users/centers and is described in details in the pricing document.
Omda Health Analytics has a dedicated team and a centralized place to handle all IT support tickets. Technical account manager is always dedicated to each project and is dealing with all the requests. Cloud support engineer can also be involved to cover support during non-business hours or during emergency.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Documentation is provided during the launch of application.
Short online demo is normally included during the launch of test environment of application.
If needed, additional training can be ordered, including onsite or online training options.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Microsoft Word
End-of-contract data extraction
Data export tool is available in the administration module, users can do the extraction their self via a secure channel.
End-of-contract process
1. Email or other confirmation from the Customer is received that their project is completed and that they have downloaded all their data for local storage.
2. Customer is informed that their database application is about to be closed and is offered an option of getting the dump of all study data as well as the possibility to retain the public part of the study on Omda Health Analytics servers for additional cost.
3. Zip archive consisting of Database backup, Web application software
and instruction on how to install application is created and stored for approximately 10 years unless otherwise agreed with the Customer.
4. Study application and database are removed from the server.
5. Customer is informed that the database application has been closed and its data archived.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile version is not included by default, but can be ordered additionally.
Mobile version of application is online only.
Mobile version is visually different from web version to ease the usage on smaller screens, some controls might be replaced with mobile-friendly alternatives for usability improvement.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Service interface is web based and consists of public (accessible to everyone by URL link) and private part (available only for authenticated users).
Private part interface normally consists of:
- Menu panel
- Header
- Form tree - representing data structure
- Form area - data collection points/controls (eCRF/Questionnaire area)
- Functional button area: save, cancel, delete, etc.
- Audit trail information area with navigation
- Footer
- Admin module for application administration
Public part can be modified by Customer via Admin module.
Interface is a subject of change depending on Customer's needs.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We formally test the accessibility of key user journeys that represent the breadth of content across our website on a regular basis against WCAG (Web Content Accessibility Guidelines) 2.1 AA standards. Interface testing according to the WCAG 2.1 AA is done every time a new version of Clinical Trials Framework is released. We use both manual and automatic tests.
API
Yes
What users can and can't do using the API
API supports the following methods:
• Reading/writing form’s data
• Getting a list of lookups and their values
• Getting patient’s navigation tree
• Getting menu items
• Edit checks functionality (edit checks is an optional functionality that forces users to provide comment on each change on completed data)
• File upload
The API is only accessible through secure transport layer – HTTPS only.
The API is accessed using standard HTTP methods (GET and POST only) used by many HTTP clients like web browsers and mobile clients. The API only supports JSON datatype for sending/receiving data.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Data collection module is customised based on specification provided by Customer.
Some dropdown values can be added/edited via administration module by users.
User accounts can be fully controlled by Customer via administration module.
Home page can be changed by users via administration module.
Customer can order additional custom modules to be implemented on top of default system.

Scaling

Independence of resources
The application can handle many simultaneous users (> 1 000) and if necessary additional server capacity can be added to accommodate a virtually unlimited number of users. There is no limit of the number of participating hospitals / units etc. and the size of the databases are adjusted to the requirements.

Analytics

Service usage metrics
Yes
Metrics types
1. All user actions are logged and real-time reports can be viewed via administrative module or an API.
2. Customer can request custom report from Omda Health Analytics technical team, such as server response speed, website traffic and other.
3. Regular reports can be ordered additionally.
4. PowerBI dashboard can be ordered additionally.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Transparent data encryption (TDE) is being used for the database servers – it performs real-time I/O encryption and decryption of the data and log files. This technology prevents from accessing data in case physical media (such as disk drives) are being accessed by 3rd party.
In addition, database backups are encrypted using AES 256 algorithm which prevents the backups from being restored in other servers without having a special key.
Omda Health Analytics also supports Always encrypted feature that protects sensitive data. The data is encrypted inside client applications before storing it in the database.
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Omda Health Analytics applications export data to comma separated value (CSV) or Microsoft Excel format and integrates with third-party reporting solutions on request.
The applications may streamline report submission to global regulatory agencies, creating, sending, receiving, and importing E2B files in XML and many other formats.
Data export formats
  • CSV
  • Other
Other data export formats
Microsoft Excel
Data import formats
  • CSV
  • Other
Other data import formats
  • Microsoft Excel
  • XML
  • JSON

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Employees can only access servers using two factor authentication – if connected through Virtual Private Network (VPN) using certificates and providing proper credentials (username/password).

Availability and resilience

Guaranteed availability
Omda Health Analytics shall provide at least a 99.8% uptime service availability level. This availability refers to an access point on the hosting equipment set out in the Project Plan. Availability does not include outages or disruptions caused by Customer or by force majeure events. If availability falls below the Uptime Service Level in a given calendar month, Omda Health Analytics shall credit the Customer’s account by an amount calculated as the product of the total cumulative downtime (expressed as a percentage of the total possible uptime minutes in the month concerned) and the total Maintenance and Service fee owed for that month (“Service Credit”). The maximum Service Credit allowable in a given month is limited to an amount equal to the total Maintenance and Service fee owed by the Customer for that month.
Credits are not intended to operate as a penalty for Omda Health Analytics’ non-performance or as the Customer’s full and exclusive right and remedy, or Omda Health Analytics’ only obligation and liability in respect of the performance or availability of the Services, or their non-performance or non-availability.
Approach to resilience
Omda Health Analytics relies on GTT for application hosting – the provider takes care of internet access, server and network hardware, operating system maintenance, physical and environment security.
GTT's corporate systems are maintained within GTT ISO 27001 accredited Data Centres, with 24x7 security guards, CCTV and intrusion detection. All physical access is restricted to GTT employees. All technical facilities are
monitored 24x7 with fire detection and fire suppression systems, with a resilient N+1 design for power and network resiliency, and POPs monitored 24x7.
Outage reporting
Service outage is reported to our customers through an email alerts.

Automated tools are in place tracking our service availability. Any service outage is reported to us straight away.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
The least privilege principal is used when assigning employee access to Customer's data – only employees working with the Customer have access to the data. All actions performed within the databases are being logged and can be reviewed later if needed. The access rights are reviewed yearly as well as when necessary. When an employee leaves the company, the access rights are revoked.
In order to ensure application availability and fix urgent issues off business hours, support management procedures are followed and an on-call engineer is assigned who has access rights to the servers and applications.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication
Employees can only access servers using two factor authentication – if connected through Virtual Private Network (VPN) using certificates and providing proper credentials (username/password).

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • ISO 13485
  • CE marking
  • Our infractructure and hosting provider GTT is ISO 27001 certified
  • Our infractructure and hosting provider GTT is PCI DSS certified

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Our infractructure and hosting provider GTT is ISO 27001 certified (https://www.gtt.net/us-en/about-us/esg-environmental-social-governance-hub/security-and-compliance/).

Omda Health Analytics has it's internal information security management system and quality management system which are based on ISO 27001.
Information security policies and processes
Omda Health Analytics has it's internal information security management system as part of QMS (Quality Management System) which is based on ISO 2700, 27017 and 27018 standards. Omda is certified according to ISO13485 and its QMS describes the methodology for building security into the design, build, testing, and maintenance of our products. This includes the policies and procedures that are necessary to support the governance of information.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Configuration and change management processes are established in accordance with ISO 13485 and are managed within Omda Health Analytics's QMS (Quality Management System) product realization where the full product lifecycle is documented and evaluated based on among other things availability, confidentiality and integrity.
Omda Health Analytics establishes, documents, approves, communicates, applies, evaluates and maintains policies and procedures for managing the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc. The policies and procedures are reviewed annually.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Omda Health Analytics has implemented threat and vulnerabilities monitoring and measurement policies and procedures as part of it's QMS (Quality Management System) in accordance with ISO13485.
Monitoring of the computing, operating, and networking infrastructure to detect and correct vulnerabilities is operating 24/7. This includes environmental monitoring, network monitoring, load balancing monitoring, web server and database monitoring, firewall monitoring, and intrusion detection. Error detection is real-time with automatic notification.
Patches are deployed on a regular basis or ASAP in case of urgency. Security vulnerabilities are prioritized based on risk assessment.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Logs and alerts on events, stemming from infrastructure and applications, as well as all user activities, are monitored.
Logging solutions are used to collect event information, implement filters, and trigger alerts when errors occur. Error detection is real-time, response time to incident depends on the priority.
Logs are available to relevant team members for troubleshooting, auditing, and capacity planning. We utilize access control to prevent unauthorized access, deletion, or tampering of logging facilities and log information.
When events and alerts are generated, we correlate those events and alerts across all sources to identify root causes and formally declare incidents.
Incident management type
Supplier-defined controls
Incident management approach
Omda Health Analytics has implemented Deviation Management, Incident Reporting and CAPA (Corrective Action & Preventive action) policies and procedures as part of it's QMS (Quality Management System).
All incidents are recorded and monitored using security related KPI. This allows to track the frequency and severity of incidents, and take corrective action where necessary.
Omda Health Analytics has a dedicated team and a centralized place to handle all IT support tickets, or provide support via phone and email.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Yes
Connected networks
Other
Other public sector networks
Connections to public sector networks are developed on request

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Omda’s digital services and solutions are built to support enhanced resource management and optimisation across all the healthcare and emergency value chains we serve. They raise operational efficiency, reduce the use of paper and other consumables, and cut the need for professional travel by orders of magnitude. Internal sustainability initiatives include:
- recycling. The company strives to reduce the amount of waste generated and secures that any waste is recycled in an environmentally-friendly way
- sustainable purchasing. The company chooses goods, products, and services from companies with active environmental work
- awareness of energy usage. The company works both to reduce energy consumption and to ensure that the energy used is eco-labelled. We use green energy sources wherever possible.
- the company considers the environmental impact when choosing suppliers
- travel and transportation. To minimise our carbon footprint, to the extent possible, physical travel is replaced by video conferences. When traveling is required, consideration is always given to whether trains are possible as an alternative to air travel. We seek to locate our offices close to public transportation.
- collaboration. In order for us to have a long-term environmental strategy, we review various hardware alternatives continuously, and this must be done in consultation with our existing suppliers.
- Quality Management System (QMS). The responsibility for environmental management and compliance is governed
through our overall quality management system. As part of the QMS process, we also ensure the quality of our suppliers.

Covid-19 recovery

Omda has developed some Covid-19 recovery procedures including remote working, sustainable travel, new ways of working to deliver services and other workplace improvements. The company’s objective is to maximize the positive impact the company has on society by enabling efficient healthcare through its many software solutions.
Omda believes hybrid approach makes sense for most individuals and allows flexibility and enables to achieve and maintain:
- Improved work-life balance and well-being
- Better collaboration and communication
- Strong team cohesion, building quality connections and a sense of belonging
-Enhanced overall trust.

Tackling economic inequality

Through our many software solutions Omda seeks to optimise our social contribution. Health and emergency services cannot be efficient without robust and powerful data management tools; both fields are essential aspects of a society that values the lives and welfare of its citizens. Our business objectives harmonise directly with being a responsible partner to the communities our customers look after. We act towards all with integrity, whether customers, employees, business partners and shareholders, as well as by extension the wider social context.

Equal opportunity

Omda offers all employees equal opportunities regardless of the colour of skin, gender, age, nationality, religion, ethnicity, disability, or other distinguishing characteristics. The company encourages inclusivity and opposes any form of unfair discrimination or harassment.

Wellbeing

Omda workplaces are safe and sound. Each business area and local operation is responsible for ensuring work is done in ways that obviate all risk of injury or ill health to employees. The same applies to our solutions, which are tested for usability and other safety-related parameters. As an employer we comply with national and local rules on keeping workers informed of safety protocols and we know this to be true of our upstream and downstream partners.

Omda strives to offer all employees flexible options to manage their work and private life. Our leave arrangements, home office solutions, part-time positions and other flexible work arrangements all support this objective.

Pricing

Price
£4,600 to £28,000 an instance
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
DEMO database application is available as a free trial option to try offered default system modules. DEMO database is not suitable for real data collection and only dummy data can be entered. There is no time limit for the free version and the DEMO system runs indefinitely.
Link to free trial
https://medscinet.com/demo

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.health.analytics@omda.com. Tell them what format you need. It will help if you say what assistive technology you use.