HSCN / N3 Cloud Hosting for Electronic Health Record Systems (EHR)
ToukanLabs provide a fully managed Cloud Hosted platform for all your Electronic Health Record (EHR), Electronic Medical Record (EMR) for Ophthalmology, Social-Care & Research solutions. From large systems (multiple sites) to backend APIs for NHS hospital and patient mobile apps. Connectivity: hospital systems/devices, spine/internet services, and primary care organisations. ISO9001-compliant.
Features
- Secure for Patient and Hospital Data
- Connectivity with Hospitals over N3 / HSCN
- Robust, Scalable, Secure Technology
- Connectivity with Primary Care Organisations
- Connectivity with Secondary Care Organsations
- Connectivity with NHS Spine services
- Full DR Available
Benefits
- PID / IG Safe (Patient Identifiable Data / Information Governance)
- Securely Cloud Host your NHS & Research Applications
- Suitable for small or large applications
- Secure, Safe, Reliable
Pricing
£1,200 to £2,500 an instance a month
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
8 2 7 3 9 3 3 0 9 8 7 9 4 8 3
Contact
ToukanEyes Ltd
Gulfam Yunus
Telephone: 02080578877
Email: gulfam@toukanlabs.com
Service scope
- Service constraints
-
We can support both Linux and Microsoft Hosted Solutions.
Other solution platforms subject to review. - System requirements
-
- Software Licence costs are the responsibility of the supplier
- Hospitals/Organisations required to configure their own infrastructure/systems
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Initial response within 1 hour.
Resolution times determined by assigned incident priority and agreed SLAs. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
ToukanLabs as standard will provide 2nd and 3rd line support with the 1st line support provided by the clients existing service desk.
Our support desk software can be linked to the clients, enabling support tickets to be passed to ToukanLabs without the need for re-keying, this then enables client tracking of all issues to resolution.
1st line support can be provided, however this is yet to be requested.
Standard support hours are 08:00 to 18:00 hours, however ToukanLabs is a global company and can offer a follow the sun support desk.
ToukanLabs adheres to ITIL Service management practices and providing expecting service reporting at periodic and scheduled client reviews. We also provide a dedicated account manager who will hold regular review with the client stakeholder and user group.
Support costs are typically between £1,000 and £2,500 depending on the size of the implementation and support level required. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Base service onboarding includes software installation, integration with active directory (LDAP), receiving patient and list update integration (HL7 ADT), system configuration guides, and user guides. Supporting video clips will also be provided. Additional onboarding services can be provided against our standard rate card, including: - Pathway mapping ("as is" and digital "to be") - Implementation - Configuration - Integration - User Training - Train-the-trainer Training - Online Training Documentation - Go-live Desk Notes - Go-live Floor Walkers - Ongoing Application Support and Maintenance see price book for more details.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
-
- Virtual training vidoes
- Interactive training with scored questions
- End-of-contract data extraction
- ToukanLabs provides a complete and open copy of the database to the customer at the end of the contract (via IG safe channels), in database export or SQL script format. Other export formats or data migration services are available if required, upon request and charged against our standard rate card. There is also the option for the provision of Full access to mysql database export facilities.
- End-of-contract process
- Support & maintenance is removed. There are no other actions required as there is no need to remove software from client servers as all the OpenEyes application is OpenSource. ToukanLabs will provide open access to the underlying data and the option to provide a complete and open copy of the database to the customer at the end of the contract (via IG safe channels), in database export or SQL script format. Other export formats or data migration services are available if required, upon request. Where ToukanLabs consultancy services are requested, these charges are on our published rate card.
Using the service
- Web browser interface
- Yes
- Using the web interface
- OpenEyes is accessed via web interface, all functionality is currently available
- Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
- N/a
- Web interface accessibility testing
- Not applicable
- API
- No
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Using the command line interface
- Role based access controls will be used to allow authorised users to perform functions on hosted environments, as agreed as part of service commissioning. Command line operations may include, running data loading, processing, or extraction routines, resetting test or training environments etc.
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- For cloud hosted environments, dynamic resource allocation is used where the provision of compute, memory and disk resources are assigned as and when required. ToukanLabs applies good architectural principles such as dedicated 'Live' instance, a separate reporting service and user resource caps.
- Usage notifications
- Yes
- Usage reporting
-
- SMS
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Number of active instances
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- UKCloud Ltd
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Hardware containing data is completely destroyed
- Equipment disposal approach
- A third-party destruction service
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Application databases
- System installs
- System configurations
- Medical data files
- Images, videos, and other media files
- Backup controls
- Backup scope and schedules are configurable and will be agreed as part of service commissioning.
- Datacentre setup
-
- Multiple datacentres with disaster recovery
- Multiple datacentres
- Single datacentre with multiple copies
- Single datacentre
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection between networks
- N3 / HSCN connection or encrypted connection with secure NHS cloud data centre.
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection within supplier network
- Secure closed network with Trust's hospital infrastructure or in secure NHS cloud data centre.
Availability and resilience
- Guaranteed availability
- We offer several levels of availability: - Same day service. Recover from failure within same day - One hour service. Recover from failure within one hour - High business continuity. Failover within 60 seconds - Continuous availability through Synchronous replication which provides zero point recovery. (No Loss of data.)
- Approach to resilience
- Client Hosted Minimum recommended resilience is Asynchronous replication at 15 minute intervals to a secondary or DR data center. Hardware design is recommended to following N+1 redundancy where there must be at least two single component failures before a service incident occurs. E.g. Power suppliers, disks, memory dims. The design is recommended to provide controlled failover to enable the replacement of any failed parts without impact the OpenEyes service. Cloud Hosted Minimum recommended resilience is Synchronous replication with zero point recovery in the advent of failure. All cloud providers now provide a recognised level of the required resilience such UPS, Generators, multiply National Grid Feeds, SAN Disk replication, Fire protection etc.
- Outage reporting
-
ToukanLabs is currently able to report outages using the following methods:
- Public and private dashboards with current outage status
- Alerting via email to pre-defined distribution lists
- Text messages to a distribution lists
- Answer phone service with recorded with incident updates
- Direct status update to client service board where API integration is available,
The level of reporting and audience is defined in agreement with the client.
All service reporting is included in monthly service reports.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Limited access network (for example PSN)
- Username or password
- Other
- Other user authentication
- Integration with Trusts Active Directory/LDAP Authentication services
- Access restrictions in management interfaces and support channels
- Management interfaces are restricted via HSCN and authenticated access. The application has local Role Base Access Controls (RBAC) assign to authenticated users, to control access to application data and functions.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- DCB029
- Cyber Essentials
- Working toward ISO 27001
- NHS DSP-Toolkit
- ICO Data protection Certificate
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
-
Cyber Essentials
NHS DSP-Toolkit - Information security policies and processes
-
Information Security Management System (ISMS) documentation is managed in accordance with our ISO 9001 quality assurance process and procedures,
ToukanLabs are working towards ISO 27001 accreditation
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Changes are assessed and approved by an independent board and presented as a controlled release
The OpenSource Software is managed and stored within GitHub repository,
Feature development, bug fixes and development requests are managed with Atlassian JIRA whereby formal software release configuration management processes are used.
All Releases are tracked from development, through system test and user acceptance testing environments, where sign off is required by the customer before being released to live.
A mixture of automated testing tools, load and performance and manual testing scripts are used to ensure code integrity. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Our software undergoes DCB029 clinical certification and risk assessment.
Server stack software is upgraded regularly as part of our standard support and maintenance service, e.g. Operating system, web server and data base security patches applied. A security review is performed annually, or sooner if required and any risks/issued mitigated with an action plan formulated.
Application fixes from service management and bug fix procedures are usually deployed in a quarterly maintenance release, unless a more urgent release or hot fix is required and deployed with agreement with the customer. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Automated monitoring tools look at system and application logs, server metrics, including CPU, Disk, Memory, and Network utilisation.
Triggered incident tickets are automatically created in our service management tool for action by support engineers.
Other checks are performed by service desk personnel on a daily basis. - Incident management type
- Supplier-defined controls
- Incident management approach
-
We have full ITIL service management processes including, but not limited to
Incident management procedures, problem management, route cause analysis, bug fix procedures, release management processes.
Users report incidents to our service desk, via our support portal, email, or telephone. Incidents are tracked through 1st, 2nd, and 3rd line support escalation as required.
A monthly service report is produced and this is reviewed in monthly service review meetings with our service manager and the Trust/customer.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- VMware
- How shared infrastructure is kept separate
- Different Virtual Machines and VLans are used to partition customers and their respective environments.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
-
Our approach to sustainability and environmental responsibility is directed by a clear strategy, which is embedded within our organisation. Most of our activities have been assessed as having a minimal effect upon the environment, however where they do, we are committed to act responsibly and fully address this impact.
Our hosting partner's services (UKCloud) are CarbonNeutral® cloud services. We achieved this certification by working with Natural Capital Partners to measure and reduce our CO2 emissions across all sources used to deliver our cloud services to our customers. These include direct emissions from all owned or leased stationary sources that use fossil fuels and/or emit fugitive emissions, and emissions from the generation of purchased electricity and steam (including transmission and distribution losses) to power our servers.
For our cloud services to achieve CarbonNeutral® status, an independent assessment of the CO2 emissions produced from direct and indirect sources required to deliver them was carried out, followed by an offset-inclusive emissions reduction programme.
Social Value
- Covid-19 recovery
-
Covid-19 recovery
Helps reduce waiting lists through efficiencies in patient pathways and service. Enables remote diagnosis and local treatment
Pricing
- Price
- £1,200 to £2,500 an instance a month
- Discount for educational organisations
- No
- Free trial available
- No