OMDA HEALTH ANALYTICS LIMITED

Database application

Cloud-based database web application for medical studies, trials and registers.

Features

• Data collection module built according to customer's specification
• Web based - remote access with real-time data reporting
• Drug management module to manage trial intervention products
• Document upload, storage and sharing
• Multiple data authorisation levels and permission categories
• Descriptive statistics module with graphic presentation
• Full audit trail and data history, event logging system
• Integrated data filtering to extract specific datasets
• Integrated patient randomisation tool (customisable number of minimisation criteria)
• Data monitoring - raise/answer queries, lock/sign forms

Benefits

• Validate data on-entry
• Access system close to 100% of time
• Create unlimited number of users
• Export data in clean and well-structured format
• Connect to external data sources
• Connect with public via self-managed homepage
• Create specific datasets and download results to your local machine
• Translate to multiple languages
• Receive automated emails on specified events
• Track full life-cycle of your data

£4,600 to £28,000 an instance

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.health.analytics@omda.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

806786756149308

Contact

Svetlana Karpovice
+447852513340
info.health.analytics@omda.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Standard upgrades and general maintenance of the service are included in the consideration. Omda Health Analytics is responsible for testing and making the standard upgrades to the service necessary for the service to fulfil agreed requirements. ; The maintenance service includes tasks which are considered ordinary maintenance in the health business. New functionality requested by Customer is not part of the maintenance service and shall be set out in a separate development agreement between the parties.; Omda Health Analytics may, at its own discretion, add new functionality to the Software as part of the maintenance services.
• System requirements:
  • Internet connection (unless offline mode is ordered additionally)
  • Web browser updated to latest or earliest supported version

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Omda Health Analytics technical support shall accept voicemail, email and web form-based incident submittal from the client 24/7. Technical support shall respond to all support requests within the time periods specified according to priority (which is jointly determined together with the client):; priority 1 - within 2 normal business hours;; priority 2 - within 4 normal business hours;; priority 3 - Within 12 normal business hours;; priority 4 - Within 24 normal business hours.; Questions not related to technical issues are normally answered within five work days, unless otherwise specified in the contract.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Omda Health Analytics provides 2 different levels of support:; - ordinary service (hosting of the solution; maintenance; errors fixing, training, consultations and small changes during normal working hours); - extended service (ordinary service + 24/7 support line for Priority 1 tickets).; Cost of the different support levels depends on the solution complexity, number of users/centers and is described in details in the pricing document.; Omda Health Analytics has a dedicated team and a centralized place to handle all IT support tickets. Technical account manager is always dedicated to each project and is dealing with all the requests. Cloud support engineer can also be involved to cover support during non-business hours or during emergency.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Documentation is provided during the launch of application.; Short online demo is normally included during the launch of test environment of application.; If needed, additional training can be ordered, including onsite or online training options.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Microsoft Word
• End-of-contract data extraction: Data export tool is available in the administration module, users can do the extraction their self via a secure channel.
• End-of-contract process: 1. Email or other confirmation from the Customer is received that their project is completed and that they have downloaded all their data for local storage.; 2. Customer is informed that their database application is about to be closed and is offered an option of getting the dump of all study data as well as the possibility to retain the public part of the study on Omda Health Analytics servers for additional cost.; 3. Zip archive consisting of Database backup, Web application software; and instruction on how to install application is created and stored for approximately 10 years unless otherwise agreed with the Customer.; 4. Study application and database are removed from the server. ; 5. Customer is informed that the database application has been closed and its data archived.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile version is not included by default, but can be ordered additionally. ; Mobile version of application is online only.; Mobile version is visually different from web version to ease the usage on smaller screens, some controls might be replaced with mobile-friendly alternatives for usability improvement.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Service interface is web based and consists of public (accessible to everyone by URL link) and private part (available only for authenticated users).; Private part interface normally consists of:; - Menu panel; - Header; - Form tree - representing data structure; - Form area - data collection points/controls (eCRF/Questionnaire area); - Functional button area: save, cancel, delete, etc.; - Audit trail information area with navigation; - Footer; - Admin module for application administration; Public part can be modified by Customer via Admin module.; Interface is a subject of change depending on Customer's needs.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We formally test the accessibility of key user journeys that represent the breadth of content across our website on a regular basis against WCAG (Web Content Accessibility Guidelines) 2.1 AA standards. Interface testing according to the WCAG 2.1 AA is done every time a new version of Clinical Trials Framework is released. We use both manual and automatic tests.
• API: Yes
• What users can and can't do using the API: API supports the following methods:; • Reading/writing form’s data; • Getting a list of lookups and their values; • Getting patient’s navigation tree; • Getting menu items; • Edit checks functionality (edit checks is an optional functionality that forces users to provide comment on each change on completed data); • File upload; The API is only accessible through secure transport layer – HTTPS only.; The API is accessed using standard HTTP methods (GET and POST only) used by many HTTP clients like web browsers and mobile clients. The API only supports JSON datatype for sending/receiving data.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Data collection module is customised based on specification provided by Customer.; Some dropdown values can be added/edited via administration module by users.; User accounts can be fully controlled by Customer via administration module.; Home page can be changed by users via administration module.; Customer can order additional custom modules to be implemented on top of default system.

Scaling

• Independence of resources: The application can handle many simultaneous users (> 1 000) and if necessary additional server capacity can be added to accommodate a virtually unlimited number of users. There is no limit of the number of participating hospitals / units etc. and the size of the databases are adjusted to the requirements.

Analytics

• Service usage metrics: Yes
• Metrics types: 1. All user actions are logged and real-time reports can be viewed via administrative module or an API.; 2. Customer can request custom report from Omda Health Analytics technical team, such as server response speed, website traffic and other.; 3. Regular reports can be ordered additionally.; 4. PowerBI dashboard can be ordered additionally.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Transparent data encryption (TDE) is being used for the database servers – it performs real-time I/O encryption and decryption of the data and log files. This technology prevents from accessing data in case physical media (such as disk drives) are being accessed by 3rd party.; In addition, database backups are encrypted using AES 256 algorithm which prevents the backups from being restored in other servers without having a special key.; Omda Health Analytics also supports Always encrypted feature that protects sensitive data. The data is encrypted inside client applications before storing it in the database.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Omda Health Analytics applications export data to comma separated value (CSV) or Microsoft Excel format and integrates with third-party reporting solutions on request. ; The applications may streamline report submission to global regulatory agencies, creating, sending, receiving, and importing E2B files in XML and many other formats.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Microsoft Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Microsoft Excel
  • XML
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Employees can only access servers using two factor authentication – if connected through Virtual Private Network (VPN) using certificates and providing proper credentials (username/password).

Availability and resilience

• Guaranteed availability: Omda Health Analytics shall provide at least a 99.8% uptime service availability level. This availability refers to an access point on the hosting equipment set out in the Project Plan. Availability does not include outages or disruptions caused by Customer or by force majeure events. If availability falls below the Uptime Service Level in a given calendar month, Omda Health Analytics shall credit the Customer’s account by an amount calculated as the product of the total cumulative downtime (expressed as a percentage of the total possible uptime minutes in the month concerned) and the total Maintenance and Service fee owed for that month (“Service Credit”). The maximum Service Credit allowable in a given month is limited to an amount equal to the total Maintenance and Service fee owed by the Customer for that month. ; Credits are not intended to operate as a penalty for Omda Health Analytics’ non-performance or as the Customer’s full and exclusive right and remedy, or Omda Health Analytics’ only obligation and liability in respect of the performance or availability of the Services, or their non-performance or non-availability.
• Approach to resilience: Omda Health Analytics relies on GTT for application hosting – the provider takes care of internet access, server and network hardware, operating system maintenance, physical and environment security. ; GTT's corporate systems are maintained within GTT ISO 27001 accredited Data Centres, with 24x7 security guards, CCTV and intrusion detection. All physical access is restricted to GTT employees. All technical facilities are ; monitored 24x7 with fire detection and fire suppression systems, with a resilient N+1 design for power and network resiliency, and POPs monitored 24x7.
• Outage reporting: Service outage is reported to our customers through an email alerts.; ; Automated tools are in place tracking our service availability. Any service outage is reported to us straight away.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: The least privilege principal is used when assigning employee access to Customer's data – only employees working with the Customer have access to the data. All actions performed within the databases are being logged and can be reviewed later if needed. The access rights are reviewed yearly as well as when necessary. When an employee leaves the company, the access rights are revoked.; In order to ensure application availability and fix urgent issues off business hours, support management procedures are followed and an on-call engineer is assigned who has access rights to the servers and applications.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Employees can only access servers using two factor authentication – if connected through Virtual Private Network (VPN) using certificates and providing proper credentials (username/password).

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 13485
  • CE marking
  • Our infractructure and hosting provider GTT is ISO 27001 certified
  • Our infractructure and hosting provider GTT is PCI DSS certified

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Our infractructure and hosting provider GTT is ISO 27001 certified (https://www.gtt.net/us-en/about-us/esg-environmental-social-governance-hub/security-and-compliance/).; ; Omda Health Analytics has it's internal information security management system and quality management system which are based on ISO 27001.
• Information security policies and processes: Omda Health Analytics has it's internal information security management system as part of QMS (Quality Management System) which is based on ISO 2700, 27017 and 27018 standards. Omda is certified according to ISO13485 and its QMS describes the methodology for building security into the design, build, testing, and maintenance of our products. This includes the policies and procedures that are necessary to support the governance of information.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and change management processes are established in accordance with ISO 13485 and are managed within Omda Health Analytics's QMS (Quality Management System) product realization where the full product lifecycle is documented and evaluated based on among other things availability, confidentiality and integrity.; Omda Health Analytics establishes, documents, approves, communicates, applies, evaluates and maintains policies and procedures for managing the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc. The policies and procedures are reviewed annually.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Omda Health Analytics has implemented threat and vulnerabilities monitoring and measurement policies and procedures as part of it's QMS (Quality Management System) in accordance with ISO13485. ; Monitoring of the computing, operating, and networking infrastructure to detect and correct vulnerabilities is operating 24/7. This includes environmental monitoring, network monitoring, load balancing monitoring, web server and database monitoring, firewall monitoring, and intrusion detection. Error detection is real-time with automatic notification.; Patches are deployed on a regular basis or ASAP in case of urgency. Security vulnerabilities are prioritized based on risk assessment.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Logs and alerts on events, stemming from infrastructure and applications, as well as all user activities, are monitored.; Logging solutions are used to collect event information, implement filters, and trigger alerts when errors occur. Error detection is real-time, response time to incident depends on the priority.; Logs are available to relevant team members for troubleshooting, auditing, and capacity planning. We utilize access control to prevent unauthorized access, deletion, or tampering of logging facilities and log information.; When events and alerts are generated, we correlate those events and alerts across all sources to identify root causes and formally declare incidents.
• Incident management type: Supplier-defined controls
• Incident management approach: Omda Health Analytics has implemented Deviation Management, Incident Reporting and CAPA (Corrective Action & Preventive action) policies and procedures as part of it's QMS (Quality Management System).; All incidents are recorded and monitored using security related KPI. This allows to track the frequency and severity of incidents, and take corrective action where necessary.; Omda Health Analytics has a dedicated team and a centralized place to handle all IT support tickets, or provide support via phone and email.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: Connections to public sector networks are developed on request

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Omda’s digital services and solutions are built to support enhanced resource management and optimisation across all the healthcare and emergency value chains we serve. They raise operational efficiency, reduce the use of paper and other consumables, and cut the need for professional travel by orders of magnitude. Internal sustainability initiatives include:; - recycling. The company strives to reduce the amount of waste generated and secures that any waste is recycled in an environmentally-friendly way; - sustainable purchasing. The company chooses goods, products, and services from companies with active environmental work; - awareness of energy usage. The company works both to reduce energy consumption and to ensure that the energy used is eco-labelled. We use green energy sources wherever possible.; - the company considers the environmental impact when choosing suppliers; - travel and transportation. To minimise our carbon footprint, to the extent possible, physical travel is replaced by video conferences. When traveling is required, consideration is always given to whether trains are possible as an alternative to air travel. We seek to locate our offices close to public transportation.; - collaboration. In order for us to have a long-term environmental strategy, we review various hardware alternatives continuously, and this must be done in consultation with our existing suppliers.; - Quality Management System (QMS). The responsibility for environmental management and compliance is governed; through our overall quality management system. As part of the QMS process, we also ensure the quality of our suppliers.

  Covid-19 recovery

  Omda has developed some Covid-19 recovery procedures including remote working, sustainable travel, new ways of working to deliver services and other workplace improvements. The company’s objective is to maximize the positive impact the company has on society by enabling efficient healthcare through its many software solutions. ; Omda believes hybrid approach makes sense for most individuals and allows flexibility and enables to achieve and maintain:; - Improved work-life balance and well-being; - Better collaboration and communication; - Strong team cohesion, building quality connections and a sense of belonging; -Enhanced overall trust.

  Tackling economic inequality

  Through our many software solutions Omda seeks to optimise our social contribution. Health and emergency services cannot be efficient without robust and powerful data management tools; both fields are essential aspects of a society that values the lives and welfare of its citizens. Our business objectives harmonise directly with being a responsible partner to the communities our customers look after. We act towards all with integrity, whether customers, employees, business partners and shareholders, as well as by extension the wider social context.

  Equal opportunity

  Omda offers all employees equal opportunities regardless of the colour of skin, gender, age, nationality, religion, ethnicity, disability, or other distinguishing characteristics. The company encourages inclusivity and opposes any form of unfair discrimination or harassment.

  Wellbeing

  Omda workplaces are safe and sound. Each business area and local operation is responsible for ensuring work is done in ways that obviate all risk of injury or ill health to employees. The same applies to our solutions, which are tested for usability and other safety-related parameters. As an employer we comply with national and local rules on keeping workers informed of safety protocols and we know this to be true of our upstream and downstream partners.; ; Omda strives to offer all employees flexible options to manage their work and private life. Our leave arrangements, home office solutions, part-time positions and other flexible work arrangements all support this objective.

Pricing

• Price: £4,600 to £28,000 an instance
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: DEMO database application is available as a free trial option to try offered default system modules. DEMO database is not suitable for real data collection and only dummy data can be entered. There is no time limit for the free version and the DEMO system runs indefinitely.
• Link to free trial: https://medscinet.com/demo

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.health.analytics@omda.com. Tell them what format you need. It will help if you say what assistive technology you use.