Skip to main content

Help us improve the Digital Marketplace - send your feedback

  1. Digital Marketplace
  2. Lot 2: Cloud software
  3. MedOptimise


MedOptimise is a Decision Support System for recommending clinical decisions for patient care. It is a Complete Medicines Optimisation Tool for ICBs, PCNs and Practices. It helps to improve quality, reduce risk, identify savings, and enhance cost-efficiencies. MedOptimise is evidence-based using NICE, and other resources for optimising patient clinical outcomes.


  • MedOptimise provides an SMR template within EMIS Clinical System.
  • Reduce risk of adverse drug reactions via risk stratification.
  • Instant clinical decision support in face-to-face consultation.
  • Automated flagging of deviation from self-care.
  • Supports medicine optimisation decisions- alone or within EMIS clinical system.
  • Real time price tracker of medicines cost-effectiveness.
  • Improve patient safety by actively reducing over-prescription.
  • Reduce hospitalisation rates.
  • Flags overspend on specials, high-cost drugs, helps direct switching.
  • Capture prescribing safety QOF points and showcase quality impact.


  • Instantly see overprescribing in patient medicine records.
  • Structured medication reviews on pre-formatted template.
  • Determine drug spend by practice, PCN, CCG, or STP.
  • Directly see opportunities and savings from medicine optimisation teams.
  • Achieve QOF prescribing indicators targets.
  • Design bespoke switch programmes for your team or practice.
  • Use evidence-based guidelines to recommend clinical decisions for patients.
  • Enhance clinical pharmacy team workstream delivery.
  • Early in-year achievement of ICS, CCG, and QIPP programmes.
  • Optimises satisfactory clinical outcomes in patients.


£0.03 to £0.10 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

8 1 8 3 5 8 2 3 2 3 0 7 7 0 0


Telephone: 07985749181

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
N/A – our service has no constraints stemming from either planned maintenance arrangements or support being limited to specific hardware configurations.
System requirements
  • N3/HSCN connectivity
  • Licence with EMIS clinical system
  • Internet connection compatible with IE10 and above Data Sharing Agreement

User support

Email or online ticketing support
Email or online ticketing
Support response times
First-line Support for the Licensee’s System will continue to be provided in accordance with Licensee’s service levels with its Vendor System provider. For specific MedOptimise Ltd queries, MedOptimise’s customer service department will be available during the Contracted Support Hours, being 9.00am to 5.30pm (GMT) Monday to Friday, excluding public holidays in England. Any queries to MedOptimise will receive a response from MedOptimise’s customer service department during the Contracted Support Hours. On receipt of the query from the Licensee, MedOptimise will acknowledge via email (within 24 hours) the Licensee the receipt of the query.
User can manage status and priority of support tickets
Phone support
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
We have undergone testing in line with WCAG 2.1 A.
Onsite support
Support levels
MedOptimise will provide a Dedicated Account Manager for the duration of the contract. Account Managers will provide the following support levels for all clients/Licensee’s:

1. First-line Support for the Licensee’s System provided in accordance with Licensee’s service levels with our Vendor System provider.

2. For specific queries, our customer service department will be available during the Contracted Support Hours (9:00am to 5:30pm (GMT) Monday to Friday), excluding public holidays in England.

3. Any queries forwarded by the Licensee’s nominated individual to MedOptimise will receive a response from our customer service department during the Contracted Support Hours outlined above.

4. On receipt of the query from the Licensee, MedOptimise will acknowledge via email the receipt of the query.

5. All queries received by our customer service department will be logged and assigned with a unique reference number.

6. MedOptimise shall ensure that a log is maintained in respect to each query raised by the Licensee.

7. When requested by a Licensee during Contracted Support Hours, MedOptimise shall provide an update report from the log with respect to any Licensee related queries.

8. Queries will not be accepted from Authorised Users directly. Only queries from Licensee’s nominated individuals will receive a response.
Support available to third parties

Onboarding and offboarding

Getting started
Virtual training on the use of the MedOptimise is provided to the Clinical Commissioning Group medicine management teams and Primary Care Network teams in the set-up period. Video link demonstrations of how MedOptimise is implemented within the clinical software, and any necessary training, can be provided for GPs and practice staff. User guides, FAQs and associated training materials will be made available.
Service documentation
Documentation formats
End-of-contract data extraction
Download all relevant data as a CSV file.
End-of-contract process
MedOptimise is an integral modular component of prescribing systems and can be instantly de-activated by removal of the API within the clinical system and deactivating the Data Extract Agreement.

We host our services and associated data in a cloud environment allocated to each Licensee. We adhere to all relevant guidelines and legislation including GDPR and ICO during the extraction of data. At the end of contract, we allow users to extract data through reports provided in CSV format.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Our mobile tool is a standalone tool only.

There are no differences between Desktop and Mobile. Our tool is accessible via the internet and is designed to be responsive on mobiles.
Service interface
User support accessibility
None or don’t know
Customisation available
Description of customisation
Clinical Commissioning Groups, PCNs, and ICSs can:
1. Create locality-based cost-effective medicines switch programmes
2. Create Bespoke Prescribing Safety Audits
3. Create Structured Medication Reviews using pre-installed templates
4. Can pre-set specific factors inpatient medicines profile
5. Can select individual Spend of GP practices or PCNs to determine areas of highest spending for targeted interventions

Users can design programmes and customise the application by selecting specific fields based on:
BNF chapters,
Disease states,
Care Homes, GP Practice, NHS England Priority e.g. DLCV, High-Cost Drug etc, Network-DES specification.

Any member of the Buying organisation or 3rd party authorised by the buyer can customise the tool. Cost-Effective switches can be planned to cover 60% to 100% switch success rates and can be calibrated over 12months 9months 6months or 3months


Independence of resources
We are using Amazon Web Services RDS and EC2 to enable us to be as scalable as required. The Amazon RDS includes the following features to allow us to mitigate scaling issues:
• Push-button compute scaling – this allows us to scale the compute and memory resources powering deployment up or down, up to a maximum of 32 vCPUs and 244 GiB of RAM.
• Easy storage scaling – the Amazon Aurora engine automatically grows the size of our database volume as database needs increase, up to a maximum of 64 TB. This is conducted without any requirement for downtime.


Service usage metrics
Metrics types
User activity, prescribing budget cost savings, workflow reporting, medicines optimisation opportunity progress. Further detail can be found in the Service Definition Document attached below.


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Protection of data at rest is in accordance with Amazon AWS EC2 encrypts data using industry XTS-AES-256 and one-time keys.
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export their data within the app via report filters and download buttons to create custom reports.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • PDF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
Other protection within supplier network
Data Protection within supplier network - Amazon AWS - Data is pseudonymised to a patient identifier (unique between vendor and supplier). We use managed identities to ensure our resources are communicating with one another securely. Production access is restricted via roles to a limited number of users.

Availability and resilience

Guaranteed availability
MedOptimise shall ensure that the service will always have a minimum uptime percentage of 99.99% during the service provision time (excluding scheduled downtime and the duration of any force majeure event) in any month. Uptime is calculated monthly over each discreet calendar month by MedOptimise Ltd.

If the Annual Uptime Percentage for a customer drops below 99.95% for the Service Year, that customer is eligible to receive a Service Credit equal to 10% of their bill (excluding one-time payments made for Reserved Instances) for the Eligible Credit Period. To file a claim, a customer does not have to have wait 365 days from the day they started using the service or 365 days from their last successful claim. A customer can file a claim any time their Annual Uptime Percentage over the trailing 365 days drops below 99.95%
Approach to resilience
Available upon request.
Outage reporting
MedOptimise reports on any outages via email and in App notifications. These notifications will advise of the occurrence of the outage, what the cause of the outage is likely to be, how the outage is being actively managed, and when the service will be restored to full functionality.

Further reassurance is provided to customers with details of whom to contact within MedOptimise to facilitate the restoration of the service or for any further enquiries.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
AWS Identify and Access Management (IAM).

IAM provides authentication and authorisation – access is denied by default and is allowed only when a policy explicitly grants access. Our policies are attached to specific roles and resources to control access across the service. We grant least privilege across permissions for all tasks to minimise security risk – this defines the actions that can be taken on specific resources under specific conditions. These rely on temporary security credentials in line with security best practice.

To restrict access, we implement Deny statements for specific aspects of management interfaces and support channels wherever necessary.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
EY Certify Point
ISO/IEC 27001 accreditation date
Sept 29th, 2021
What the ISO/IEC 27001 doesn’t cover
What is not covered by the certification: All Aspects of ISO 27001 covered by certification.

Certification level: ISO/IEC 27001:2013
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
March 22nd, 2022
CSA STAR certification level
Level 4: CSA C-STAR Assessment
What the CSA STAR doesn’t cover
All aspects of CSA STAR covered by certification.

Certification accredited by EY Certify Point.
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • Information Commissioners Office (ICO) Certificate Number ZA418891
  • DCB 0129 Clinical Safety Certification

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
We follow the SOC2 Type 1/Type 2 and ISO 27001 standards for information security process/policies. Our reporting structure is as follows:
1. Projects Implementation Lead reports to CEO
2. Cyber Security Officer reports to Projects Implementation Lead
3. Security team report to Cyber Security Officer

The above process has been certified as satisfactory by our Data Protection Officer (DPO).

The company Directors oversee the above process. All contractors, current and new, are made aware of our Information Security Policy upon commencement of services.

Policies are regularly audited and monitored for compliance through a number of manual and automated processes to monitor compliance and deviations are actioned when needed.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
MedOptimise’s configuration and change management processes are managed by AWS on our behalf. AWS has robust and comprehensive security policies.

We utilise AWS as our sub-processor.

The status, location, and configuration of service components (both hardware and software) are tracked throughout their lifetime.

Changes to the service are assessed for potential security impact, then managed and tracked through to completion.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
MedOptimise’s vulnerability management process is managed by AWS on our behalf. AWS has robust and comprehensive security policies.

We utilise AWS as our sub-processor.

Potential new threats, vulnerabilities or exploitation techniques which could affect the service are assessed and corrective action is taken.

Relevant sources of information relating to threat, vulnerability, and exploitation techniques are monitored by MedOptimise.

The severity of threats and vulnerabilities is considered within the context of the service and this information is used to prioritise the implementation of mitigations.

Using a suitable change management process, known vulnerabilities are tracked until mitigations have been deployed.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
As an Amazon AWS EC2 Cloud-hosted service, we also benefit from AWS security alerts relating to unauthorised access. AWS EC2 allows us to receive a history of all EC2 API calls made on our account for security analysis and operational troubleshooting. They also provide Trusted Advisor Security Checks to inspect our hosting environment for potential compromises and make recommendations to improve performance and close security gaps.

Any events are analysed to identify potential compromises or inappropriate use of the service. We take prompt and appropriate action to address incidents.
Incident management type
Supplier-defined controls
Incident management approach
Incident management processes are in place for the service and are actively deployed in response to security incidents. This involves Containment and Recovery, reporting (To ICO and Individuals/Organisation concerned), and Evaluation and Response.

These pre-defined processes are in place for responding to common types of incident and attack. A defined process and contact route exists for reporting of security incidents by buyers and external entities.

Security incidents of relevance will be reported in acceptable timescales and formats.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

MedOptimise is committed to promoting sustainability. Concern for the environment and promoting a broader sustainability agenda are integral to our professional activities and the management of the organisation. We aim to follow and to promote good sustainability practice, to reduce the environmental impacts of all our activities and to help our clients and partners to do the same.
• Our Sustainability Policy is based upon the following principles: To comply with, and exceed where practicable, all applicable legislation, regulations, and codes of practice.
• To integrate sustainability considerations into all our business decisions.
• To ensure that all staff are fully aware of our Sustainability Policy and are committed to implementing and improving it.
• To minimise the impact on sustainability of all office and transportation activities.
• To make clients and suppliers aware of our Sustainability Policy and encourage them to adopt sound sustainable management practices.
• To review, annually report, and to continually strive to improve our sustainability performance.

Specifically, we are committed, amongst other initiatives, to:
• Supporting contract staff to work from home contributing to reduced overall carbon emissions.
• Efficient printing, for example by double-siding all paper used and only printing where necessary.
• Reducing the amount of waste produced by the business by encouraging employees to utilise reusable bottles, lunch boxes etc.
• Ensuring that water/electricity is used responsibly by our staff by making sure lights, computers, taps etc. are turned off when not in use.
• Recycling materials as extensively as possible by making sure we have paper, glass, plastic, and carboard recycle bins throughout the office.
Covid-19 recovery

Covid-19 recovery

The Covid-19 pandemic left a significant number of people unemployed and struggling to find work. For that reason, MedOptimise collaborated with our network of Clinical Commissioning Groups (CCG) clients to support local people in finding work opportunities.

We ensured that our employees were aware of the support available to them if their mental health was declining because of Covid-19 such as counselling opportunities for staff who have noticed their mental health declining due to the pandemic. We also signposted staff to the likes of MIND UK who offered a number of resources to support mental health during the pandemic. Some offerings included wellness action plans for home workers, dealing with burnout when working from home, tips on working from home, and returning to work as lockdown measures began to lift. These resources were extremely beneficial in helping us to support any of our staff who were experiencing a decline in mental health.

To maintain our performance and safety, we carry out regular reviews to ensure our businesses is running effectively. These reviews are carried out against changing Covid-19 restrictions and shifting client demand and behaviours. These reviews cover: lessons learnt during the Covid-19 pandemic; shifting market conditions; and shifting operational behaviours.

We do the above to ensure we are always making decisions based on the most recent and relevant Covid-19 guidance.
Equal opportunity

Equal opportunity

MedOptimise stress that discrimination and victimisation is unacceptable in our workplace. We are committed in treating all members of staff equally, supporting them to flourish and build their skillset. We follow guidance as set in the Equality Act 2010, ensuring that no member of staff is treat differently or discriminated against due to the protected characteristics (age, disability, gender reassignment, marriage or civil partnership, pregnancy and maternity, race (including colour, nationality, and ethnic or national origin), religion or belief, sex, and sexual orientation).

We aim for our workforce to be truly representative of all sections of society and want every member of staff to feel respected in the workplace. We create opportunities for individuals from the BAME Ethnic Minority backgrounds and actively support ethnic diversity in workforce recruitment, including contract staff. The selection process for employment of our staff is carried out by individuals who receive specialist training, guaranteeing that candidates are scored based on their aptitude and ability of the role they are applying for.

Harassment, whether it be directly, indirectly, or victimisation, is not tolerated at our workplace and is an instant disciplinary offence. Our staff are informed of grievance processes and are encouraged to report misconduct, being assured that they will not be reprimanded for doing so. We handle reports and complaints of misconduct such as bullying and harassment from staff seriously, aiming to provide instant appropriate action. With this, we create a working environment that is free from bullying, harassment, victimisation, and unlawful discrimination, promoting respect for all. We are also committed against unlawful discrimination of our customers, providing training to staff that raises awareness of discrimination against workmates and customers.


We understand how vital it is to foster employee wellbeing, therefore we have a holistic framework in place to support employee’s physical health, mental health, and safety. Our workplace culture is positive, motivating, and safe, ensuring that the morale of staff is always high.

We are committed in establishing, promoting and maintaining the mental health and wellbeing of staff. For staff’s mental health needs, we have a mental health friendly environment, removing the stigma and encouraging staff to get help when needed. We also have a counselling system in place, where staff can seek help for mental health issues anonymously and are directed to a mental health platform. During the COVID-19 pandemic, we understood the massive mental impact that lockdown and working from home had on our workforce. As a result of this, we provided mental health wellbeing sessions such as 1 to 1’s and coaching sessions on accessing social support. We also allowed staff to work from home when requested, allowing staff to be flexible with their own needs

We encourage our employees to have a healthy work-life balance, with flexible working, including working from home, available to staff on request. For staff’s physical health, we aim for staff to be as active and healthy as possible, encouraging active breaks.

Our management team undergo relevant wellbeing training, including mental health awareness, which allows staff to be fully prepared to deal appropriately and compassionately with staff who seek help. Senior staff actively encourage and motivate staff to work towards their long-term goals, with regular check ins to discuss their performance and any issues they may be facing in the workplace.


£0.03 to £0.10 a unit a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.