Advanced Business Solutions

Clinical Document Workflow (formerly “Docman Connect”)

The cloud-based Clinical Document Workflow service provides healthcare providers with the ability to send clinical and non-clinical documents to GP Practices electronically in a cost-effective way to meet transfer of care delivery targets. Documents are processed safely and securely, ensuring timely delivery that is fully audited.

Features

• Achieve digital transfer of care ambitions
• Safe, consolidated data processing
• Save considerable amount of time and money
• Send documents locally/nationally in one simple process
• No requirement of local infrastructure
• Provides enhanced rejections
• Full audit trails and timeline for every document
• OneAdvanced team proactively monitor collection points and system rejections
• Users have the ability to view/report on Document Status
• Integrate directly from your system to streamline the process

Benefits

• Cloud Hosted
• Secure delivery within HSCN
• Cost Effective
• Deliver Nationally
• Intelligent routing used to deliver to a GPs clinical system
• Dashboard & Reporting
• Track document status
• Open API
• Ability to send META data
• Ability to send READ/SNOWMED codes

£0.09 to £0.49 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagementteam@oneadvanced.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

836332241155136

Contact

Bid Support
0330 343 8000
bidmanagementteam@oneadvanced.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: None.
• System requirements:
  • 1x100 Mb.s Network Connecion
  • Port 443 Open
  • HSCN network Connectivity with 2 Mbps Upload speed 5Mbs Download

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Target Response Times:; ; Priority Level 1 - 1 hour; Priority Level 2 - 4 hours; Priority Level 3 - 8 hours; Priority Level 4 - 24 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Target Response Times:; ; Priority Level 1 - 1 hour; Priority Level 2 - 4 hours; Priority Level 3 - 8 hours; Priority Level 4 - 24 hours
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: OneAdvanced follow the Prince2 Project Methodology. A member of the PMO team is assigned to the customer to deliver the service. At the stakeholder engagement meeting all documentation re the service is shared between stakeholders. A project plan is created aligning each task to a responsible owner and finalised. A RAID log is shared with the customer and managed at all meetings going forward. At each stage of the project the project manager will discuss/agree timescales for the next part of the service delivery. At the customer’s convenience a sandpit testing area is allocated for their use. Once the customer has signed off the testing on the sandpit area access to the live environment is given. The customer is then in pilot phase and works with the PMO on the successful deliverables. Once the customer is happy they are then placed into Business As Usual and the project closes. The Customer then has access to a Service Desk for any ongoing queries/issues. The training sessions for the service is normally 1 ½ hours in total, the Customer can choose if they require the PMO to attend Customer premises or if they wish to have these training session remote via webinar.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Microsoft Project Plan
  • Microsoft Excel (if required)
  • Microsoft Word
  • Microsoft PowerPoint (if required)
• End-of-contract data extraction: We can provide any document metadata (full information about the documents) and audit data that is still retained within the system in accordance with the OneAdvanced retention policy.; ; Most senders do not require the document files themselves within the system to be extracted as Clinical Document Workflow is a transitory system, Trusts have a requirement to retain these documents therefore they usually already have them in their source clinical systems/EPR etc, this removes any risk associated with the transfer of large volumes of clinical data. ; ; If the sender does have a requirement to export the documents still within the system at the end of the contract, this would be a bespoke export that would have to be discussed between the OneAdvanced internal teams to arrange a suitable transfer mechanism for the sender based on their requirements and volume of data within the system, this would be a bespoke offering and chargeable to the customer
• End-of-contract process: A contract extension will be offered to continue using the software, if this is not signed an ‘out of contract’ service will continue (without explicit cancellation from the customer) which will be charged at an unfixed rate.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Unable to post documents via mobile services
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Web-based console
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None.
• API: Yes
• What users can and can't do using the API: * Post documents; * Check documents status; * Check endpoint availability; * Mark rejected documents as 'Resolved' status
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: There are various different sending options that can be customised by the Customer:; • Capture console; • Print driver; • API; ; Customers have the ability to customise how they manage their Rejections; • API; • Console; ; The Console also has the option to modify the groups functionality

Scaling

• Independence of resources: Capacity Management processes including threshold monitoring and forecasting Ensure that the Service is scaled to meet demand.

Analytics

• Service usage metrics: Yes
• Metrics types: User based reporting for administrative to review throughput and workload being processed by the customer
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: All data is encrypted with AES 256.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There is no full data export that a user can invoke however, individual documents can be downloaded or the user can request a chargeable full Data Extraction which provides a copy of each document that has been stored along with a CSV Mapping file that links each document to the record it is associated with.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: Data is protected within the environment through a number of control including encryption at rest, TLS, Firewalls & RBAC

Availability and resilience

• Guaranteed availability: We aim to provide a minimum of 99.99% availability. Maintenance is undertaken out of support hours and the environment has been purpose built between two active/active data centers for high availability and resiliency to failure. There are many users already on the infrastructure and we have proven to deliver at this level to them.
• Approach to resilience: Every layer in the solution has resiliency from the loadbalancers and application servers, through the database layer and the storage layer to even data centre resiliency.
• Outage reporting: Status page utilised for product specific outages. Customers can sign up to these individually to receive updates, until resolution.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: The management console uses role based access control to ensure that users only have read and/or write access to the areas that are essential to them.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: A combination of username, password and ODS code, all three must be correct.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 31/10/2023
• What the ISO/IEC 27001 doesn’t cover: Everything is covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70).
  • SOC 2 & 3.
  • FISMA.
  • ISO 9001 / ISO 27001.
  • ITAR.
  • FIPS 140-2.
  • MTCS Level 3.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO9001.; Cyber Essentials.; (PAS) 555:2013 Cyber/Security Risk/Governance and Management (BSi).; 10 Steps To Cyber Security (HMG).; Publicly Available Specification (PAS) 1192-5:2015.; Freedom of Information Act 2000 (FoIA 2000); Protection of Freedoms Act 2012; Public Records Act 1958.; Data Protection Act 1998; Data Protection’ Directive 95/46/EC.; UK & EU GDPR Regulation
• Information security policies and processes: OneAdvanced Information and security policies align to ISO 27001:2013. ; ; Access control is in place both internally and across our solutions, following a policy of minimal access whereby employees are only given the required permissions to perform their relative function, this includes, restriction to confidential information. We advise all of our customer base to follow a similar policy, regarding user access and privilege management of the provided solution.; We have a dedicated Talent team who produce courses with current regulation and best practice in mind. These are mandatory for all employees to undertake (e.g. GDPR compliance, vulnerability & viruses management, data handling & breaches, etc..) before they are allowed to carry out their function. Additional courses (e.g. clinical training, PID management, legal assessment, etc.) are also in place for those in the applicable sector. Courses are renewed when applicable, or annually at a minimum.; Risk management processes are in place, whereby incidents found or reported are assessed based on impact and severity. Depending on the assessment, applicable actions may be taken as laid out in our ISMS, Disaster Recovery and Business Continuity policies. Escalation paths are provided and can be used as needed.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The configuration and change management process ensures operational systems, services and application software are subject to change control. All staff are responsible for submitting completed change requests to the change authorisation board (CAB) using the change request form. Change requests forms, before submission to the CAB must be peer reviewed and pre-authorised by the appropriate system service owners and or business stake holder. All changes are recorded, tested and verified prior to implementation, (where possible), and are communicated to relevant members of staff and users as appropriate.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability management is an essential component of OneAdvanced Information Security Program and the process of vulnerability assessment is vital to effective vulnerability management. The vulnerability assessment process provides visibility into the vulnerability of critical assets deployed in the IT Infrastructure. The process comprises of identifying critical systems, their corresponding owners, vulnerability scanning on regular basis, determining and assessing potential vulnerabilities, documenting and establishing a time line to remediate critical vulnerabilities.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: OneAdvanced complies with protective monitoring in line with GPG 13.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident management control objectives are defined within our ISO 27001:2013 certified Information Security Management System and the procedures for Incident management are aligned to ITIL v3 industry best practice.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Health and Social Care Network (HSCN)
  • Other
• Other public sector networks: N3 Via HSCN

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are committed to building a better tomorrow for our staff, customers and wider community through outstanding environmental sustainability performance. Our vision is underpinned by five core principles:; To protect the environment by reducing our carbon footprint; To reduce the environmental impact of our operational activities through effective management of our estate; To create and maintain a positive environmental sustainability culture; To maximise the positive impact of our sustainability actions through effective communication, collaboration and partnership; To fulfil all environmental compliance obligations and seek to exceed regulatory requirements; To achieve this vision, we continuously invest in and develop our ESG strategy to provide a structured and meaningful approach to our climate activity. Our success also relies on effective engagement with staff, utilising and developing their skills, knowledge and understanding.; We have launched a number of initiatives to reduce our GHG emissions on an annual basis, since 2018 we have seen a reduction in 36% in our total GHG emissions.; We are proactive in the property management of our offices, maintaining pressure on landlords and staff to ensure energy efficiency. Home working is facilitated and encouraged, and unnecessary travel is minimised by the delivery of consultancy, training and implementation services remotely, where appropriate. Reducing the amount of paper we generate is a key focus, and we use recycled paper - which we then recycle ourselves. We have also taken steps to recycle other materials such as plastics, food and cardboard. We comply with WEEE regulations and recycle our electrical items. All our UK based offices are entirely using green electricity and we have undertaken an office consolidation project to minimise unnecessary carbon expenditure.; We are focused on our transition to a Cloud service company ensuring our customers have solutions which are future proofed and don’t require costly or energy inefficient hardware.

  Covid-19 recovery

  In the event of a similar incident OneAdvanced has a documented Health and Safety policy regarding Covid-19 Arrangements, which focuses on handwashing, hygiene, self-isolation and social distancing.; As part of our transition to hybrid working we provided all employees with the materials and processes to allow them to work at home indefinitely. In the event of a similar incident all staff are able to work from home for as long as is required. This allows them to prioritise their health and safety and avoid risk of transmission.; Working from home is undoubtedly challenging and may have a negative impact on the wellbeing of our employees. We provided guidance for staff working from home to stay connected e.g., quizzes, coffee mornings and time allocated for informal catch ups.; We have also made changes to our approach to visiting customers on-site. Where appropriate, training and consultancy can be provided virtually.; With the increase in remote work and changes in the software landscape we have invested significantly in digital transformation and cyber security to ensure the safety of the business, employees and customers. This includes protection of personal data.

  Tackling economic inequality

  OneAdvanced is committed to tackling economic inequality. We are renowned for our recruitment processes which seek to eradicate biases that can perpetuate economic inequality. We hire for potential rather than based on experience. ; Our commitment to tackling economic inequality is also exemplified in our pay reporting transparency. In addition to the legal requirements to produce a Gender Pay Gap Report, we have also released our Diversity Pay Gap Report to ensure accountability and so that we can take steps to address economic inequality within our own employee base. ; As we develop as an organisation and embrace our role in bettering society we are building features into our products to assist us in tackling economic inequality. One example of this is our education software that is used by prisons in the UK to help educate individuals that have been in the prison system and broaden their opportunities for education. Another example is the service we provide to many NHS offices across the country which allow them to act more efficiently and see more patients each day. ; A focus of OneAdvanced is to commit to increasing our community outreach. As part of our strategy we are planning to implement a regular schedule of community education workshops for local schools, colleges and other groups. Examples include ‘How to get started in Tech’ and coding classes. Each employee is entitled to 1 paid day they can use to volunteer for a cause close to their heart including those that are aimed at helping those from lower socio-economic areas. ; Our learning and development team are in place to allow our staff the opportunity to develop their skillset and further their professional career. This can allow disadvantaged individuals to increase their opportunities to secure high paying jobs both within the software industry and outside of it.

  Equal opportunity

  Cultivating a diverse workforce and inclusive culture is a priority for OneAdvanced. Diversity of experience, age, race, ethnicity, culture, gender and sexual orientation provides a wide range of talent from entry level through to our leadership teams creating richer perspectives and a powerful frame of reference. ; Not only is it right to recognise and celebrate differences, and ensure everyone has the opportunity to thrive, but creating a culture that is genuinely committed to a meritocratic workplace is important to our success. Ensuring all our employees understand and engage with our values, and have the opportunity to realise their full potential, is fundamental to our business. ; We have published 4 Diversity Pay Gap reports that extend beyond the legal requirement for gender to ethnicity, sexuality, education, disability and socio-economic status. This data provides transparency and will aid us significantly on our journey to creating a fair and equitable workplace for all. ; OneAdvanced is delighted to have been announced as one of the top 100 Diversity Leaders of 2020 across UK businesses following an independent survey carried out on behalf of the Financial Times. The award assesses diversity across gender, age, ethnicity, disability and sexual orientation, and ranks organisations in Europe on the extent to which they offer diverse and inclusive workplaces. The survey focused on two broad areas, looking at the scale in which employers promoted diversity within the workforce, and identifying companies that stood out when it came to encouraging diversity and equal opportunities. ; OneAdvanced is renowned for its innovative recruitment process, which seeks to eradicate bias – unconscious or otherwise – when hiring. In our recruitment, we use tools that give us additional insight into intellect and attitude, and remove CVs from the interview process, so managers go in without preconceptions.

  Wellbeing

  We take wellbeing very seriously at OneAdvanced, employees have access to the following initiatives to promote wellbeing: ; Our Employee Assistance Program (EAP) is a 24/7 phone line where our employees can speak to a trained professional regarding any matters. Whether that is related to their current workload, or whether it is related to their finances for example. This service is 100% confidential. ; The Wellbeing hub on our internal website is central point for resources, such as the Thrive app to which our employees have an access code. In addition, the Hub is a link to our partnership with Perks at Work who offer discounts and classes for wellbeing, fitness, and meditation. ; Our offices have been made more friendly and accessible than ever before as part of our office changes brought on by the new, flexible ways of working. All our offices now contain a ‘wellbeing room’, sharp boxes for needles and free sanitary products in all bathrooms (available to guests as well as our staff). ; We are undertaking an exercise to update our employee value proposition and undertook research to identify what factors employees themselves want. This was done so we can provide benefits that our employees will value from the most and benefit their health and wellbeing.

Pricing

• Price: £0.09 to £0.49 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagementteam@oneadvanced.com. Tell them what format you need. It will help if you say what assistive technology you use.