Medic Creations Limited

Medic Bleep

Medic Bleep is a secure real-time communication solution for NHS Trusts, Health Boards, Hospital Groups and Integrated Care Systems, enabling doctors, nurses and multi-disciplinary teams to communicate and collaborate within and across healthcare organisations. It enables them to achieve operational efficiencies and better patient outcomes.

Features

• Secure encrypted text and audio messaging with notifications/alerts
• Individual and group messaging with patient identifier
• In-app voice/video calling - SIP integration to enterprise telephony
• Send images and common file types quickly and securely
• Global organisation directory showing roles, availability & oncall status
• Patient demographics from Electronic Health Record (EHR)
• Audit trail: export conversations into PDF
• Supports iOS and Android smartphones, tablets and desktop (web)
• Broadcast message & disaster/pandemic management
• Photo protection: images can't be copied/stored on mobile device

Benefits

• Sending time-critical information securely, efficiently and accountably
• Seeing when a message has been delivered and read
• Reduction in workflow disruption, waiting by phones, waiting for switchboard
• Audit trail for improved documented information for each patient case
• Easily finding and contacting colleagues on duty through Trust directory
• Reduced medical errors through clear written instructions and clarifications
• More efficient communication improves service for patients with earlier escalation
• Better use of workforce reduces overtime and locum/bank costs
• Safer use of systems that comply with information governance
• Reduced abandonned/unanswered calls to wards and switchboard

£30,000.00 to £225,000.00 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sandeep@mediccreations.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

835603988602105

Contact

Sandeep Bansal
07800 633716
sandeep@mediccreations.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: We offer a service level agreement of 99.99% - users are notificated in advance of any planned maintenance that requires downtime. Using the features of Kubernetes, we are able to deploy nearly all of our updates and changes with zero downtime.
• System requirements:
  • Apple iOS operating system 12 or above
  • Google Android operating system 9 or above
  • Chromium-based browsers
  • Hybrid hosting (optional for resilience) - VM hosting for Kubernetes

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: In accordance with our service level agreement, we respond to all service requests within 30mins to 4 hrs depending on the urgency.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Our solution uses a third party support package that includes webchat functions
• Onsite support: Yes, at extra cost
• Support levels: Clinical Risk Response Resolution:; P1>All users affected, high priority = response time 30 mins and resolution time 4 hrs (24x7); P2>Many users affected, high priority = response time 30 mins and resolution time 8 hrs (24x7); P3>Some users affected, medium priority = response time 30 mins and resolution time 1 working day; P4>Few users affected, low priority = response time 30 mins and resolution time 2 working days
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide onsite and/or remote training for each customer in the form of Train the Trainer workshops. These workshops normally involve the customer's IT trainers and 1st/2nd line support staff as well as any nominated Floorwalkers and Super Users.; ; Our trainers remain onsite during golive period, to assist with floorwalking and sit with the 1st/2nd line support staff, to ensure that users are able to install the app, self-enroll and get started using Medic Bleep.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: At end-of-contract, Medic Creations has an agreed process for extracting all data which is provided in PDF form to the customer. This process will be completed within 30 days of the agreed end of contract date, with the data being transferred in a secure electronic format.
• End-of-contract process: Once the customer has agreed an end of contract date with Medic Creations, each user account will be set to automatically expire on the given date, thereby preventing further use of the system after that date.; ; Users will automatically be logged out and no longer be able to log back in.; ; All user activity and the corresponding chat histories will be retained electronically for the period that was agreed when the contract started.; ; If the customer wishes for all of the chat history to be exported into a read-only PDF, this will be actioned by Medic Creations within 30 days of the agreed end of contract date. A secure electronic copy of the PDF will be provided to the customer. Should the customer wish for the chat history to be exported in any other format, this will need to scoped and agreed in writing at least 90 days before the end of contract date.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Medic Bleep has both an iOS and Android app which is the preferred medium for mobile working. Our web app is identical in functionality, allowing desk-based users to have the benefit of on-screen notifications and messaging.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: The Medic Bleep solution can be administered using our web based administration console that provides all of the functions needed. Any designated user who has been granted administrative permissions can access the console.
• Accessibility standards: None or don’t know
• Description of accessibility: It is possible to manage all of the Medic Bleep system using a custom web app. We have not yet assessed the accessibility of the service interface.
• Accessibility testing: We test our web apps using an open source tool to assess suitability and identify improvements to comply with accessibility standards.
• API: No
• Customisation available: Yes
• Description of customisation: The Medic Bleep solution can be customised by each customer. It is possible to add the customer's corporate logo to the administration panel and modify the baton roles, professions and locations that are available for each user to configure their individual profile.

Scaling

• Independence of resources: The Medic Bleep solution is built on Kubernetes which has inbuilt features to manage both autoscaling and resilience/recovery if any one or more components fail for whatever reason. This gives us a platform with immense scalability and resilience that automatically responds to changes in user demand (up and down) over time and will exceed our uptime guarantee and service ; availability.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage metrics are reported through a series of dashboards which provided details of the number of active users (by group/dept), their availability/status, the messages sent/read and the voice and video calls that are made. These dashboards can be modified to suit each customers requirements and reports automatically generated and emailed to an agreed customer group.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can only be exported by an administrator with the necessary permissions. Medic Bleep has been designed to be both IG and GDPR compliant; users are not able to screenshot or export data from the Medic Bleep app.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We provide a guaranteed level of availability that is 'four nines' (99.99% uptime) which is delivered with resilience and autoscaling. Using Kubernetes, we are able to maintain our systems with zero downtime.
• Approach to resilience: The Medic Bleep solution is built on Kubernetes which is highly resilient and automatically scales up and down. Our hosting uses at least two geographically distant datacentres and there is no single point of failure in our solution, with automatic fail overs built into the design.
• Outage reporting: The Medic Bleep solution reports performance, uptime and outages using automatic emails, SMSs and a public dashboard https://status.medicbleep.com which uses a recognised third party solution to monitor our solution.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
• Access restrictions in management interfaces and support channels: Management and support channels can only be assessed by approved users that have been granted administrative credentials.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 06-04-2021
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have ISM policies and procedures that are part of our ISO 27001:2013 certification. All of our documents are published on an internal Sharepoint drive that our staff are able to access. Any member of staff can report a non-conformity which is added to an audit log and tracked through to resolution.; ; Staff conduct training as part of their onboarding and there is annual refresher training to ensure that there is continued awareness.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We manage all of our development and change management through our Development and Change Management Process document, which is part of our Information Security Management System. All of our changes are managed and tracked through Github, with pull requests being used to review each change and manage any security risks. Each build has a unique id and is linked to one or more pull requests, providing complete clarity.; ; Changes are made to our Development environment, where we can safely test without impacting our other environments. Once approved, a change is then progressed into Staging and then Production.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our Devops Lead and our Technical Lead, conduct weekly and monthly reviews of our systems, reviewing all related information and security alerts to assess their relevance and potential impact. This is then incorporated into a new push request and actioned as necessary.; ; We monitor a number of open source publications as well as receiving alerts from Amazon and other third parties about new threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring processes consist of a multi-layered approach, using a combination of technologies to provide near realtime alerts. We also employ the services of a Crest approved third party to conduct penetration testing of our systems on an annual basis or a major release, whichever occurs first.; ; When an incident occurs, a potential compromise and/or risk is identified, our devops lead are immediately stood up to assess the issue and devise a plan to mitigate the risk(s). Changes are then tracked through our change management processes with peer review of each stage to ensure there are no breaking changes.
• Incident management type: Supplier-defined controls
• Incident management approach: Any member of ours or our customers staff is able to report an incident to our IT Helpdesk. When an incident is reported, our helpdesk observes an ITIL methodology and will triage the issue within 30 minutes and assess the impact (both technical and clinical). Using a P1 to P5 prioritisation, the issue is then actioned within an appropriate timescale. A number of routine issues are documented within of our SOPs. We also have a business continuity plan and our technical team is immediately stood up. An after action review is then conducted to identify lessons learned.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  The Medic Bleep solution is hosted on Kubernetes and does not use large dedicated monolithic servers (virtual or physical) which are wasteful in terms of both energy and hardware. By autoscaling our platform to meet utilisation/demand, we have reduced our hosting and energy footprint by more than 50% over the last twelve months.
• Equal opportunity:

  Equal opportunity

  Medic Creations is an equal opportunity employer. Our HR Manual includes clear guidance on equal opportunities:; - Ensure that no applicant or employee receives less favourable treatment, and that, wherever possible, they are given the help they need to attain their full potential to the benefit of the Company and themselves.; - Achieve an ability-based workforce, which is in line with the working population mix in the relevant market areas.; - Ensure clients of the Company receive consistently high standards of service and treatment whilst in our care.; - Provide facilities and access to training and development for all employees regardless of race, colour, religion or philosophical belief, ethnic origin, sexual orientation, gender, disability, gender reassignment, nationality, age, fixed-term, marital status or part time status.
• Wellbeing:

  Wellbeing

  Within Medic Creations' HR manual, we have a number of policies that address Wellbeing. These include maternity/paternity leave, time off, parental leave and harassment and bullying.; ; The Company deplores all forms of personal harassment and bullying and seeks to ensure that the working environment is sympathetic to all our employees. We have published these procedures to inform our staff of the types of behaviour that are unacceptable and provide employees who are the victims of personal harassment or bullying with a means of redress.

Pricing

• Price: £30,000.00 to £225,000.00 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We are willing to offer a limited free trial period, provided that measurable success criteria have been agreed in advance and that a fully qualified proposal with costs is in place to satisfy an award of contract if the trial is deemed a success.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sandeep@mediccreations.com. Tell them what format you need. It will help if you say what assistive technology you use.