Bleepa

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: Yes. We require the ability to schedule regular maintenance at times of mutual agreement to minimise downtime and user inconvenience.
System requirements: Application servers require Windows Server 2019+

Desktop clients require Chrome / Firefox / Edge / Safari

Android and iOS supported for mobile clients

On premise installation will require SQL Server

User support

Email or online ticketing support: Email or online ticketing
Support response times: Standard SLA Service:
Priority 1: within one hour
Priority 2: within one hour
Priority 3: within four hours
Priority 4: within four hours
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: At Feedback Medical Limited, our standard support service is structured into three tiers, from highly trained product experts to subject matter experts such as Cloud Support Engineers. Our Customer Support team is accessible via phone, email or chat. Support hours are Mon-Fri 9am to 5pm, with the flexibility for extended coverage.

Our support services include:
Request Fulfilment: Providing advice and guidance to end users.
Incident Management: Identifying, analysing, and resolving issues.
Problem Management: Addressing root causes to minimise impact and prevent recurrence.
Change Enablement: Ensuring well-documented and risk-assessed changes.
Event Monitoring: Proactively monitoring cloud servers to detect issues early.

Support requests are prioritised from Level 1 to 4 based on impact, risk, and urgency, with Level 1 for critical emergencies. This prioritisation ensures efficient and effective issue resolution.

Ensuring customer contentment takes top priority, evaluated through post-resolution feedback and tracking our response times, while your journey is overseen by your dedicated CSM.

For infrastructure changes, we conduct thorough risk assessments, provide advance notice, and schedule changes during off-peak hours to minimise customer impact.

Our escalation protocols for clinical safety and significant security incidents ensure regulatory compliance, exceeding customer expectations with proactive measures like event monitoring.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: During the initial implementation, training includes an overview of Bleepa followed by targeted training depending on user needs. Sessions can be offered on an ad-hoc basis, or can be targeted to specific specialties or roles - both online or in-person where necessary.
We can provide a number of different training materials depending on what is required. These training materials have been road-tested with service users and are intended to meet the requirements of a range of learning styles and technical competencies.
Bleepa User Manual – outlining functional and technical specifications
Bleepa Administrator Guide – focussing on local system administrator, access rights, role(s), and responsibilities
Step-by-Step User Guide – an explanation of how users can use Bleepa
Bleepa Training Videos – general and bespoke videos demonstrating Bleepa and its functionality
Frequently Asked Questions (FAQs) – helping to troubleshoot frequently occurring issues or topics.

For user management, users can be added individually using the User Management interface, in bulk, or managed via trust SSO. Role based authentication is used to enable access to features, and individuals can be assigned to workgroups to manage patient access. Offboarding can be managed via the User Management interface or customer's own user directory.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: This is outlined in the contract terms and conditions.
End-of-contract process: End of contract processes are outlined as part of Feedback Medical's standard contract terms and conditions (see attached).

1. In summary, upon termination of this Agreement for any reason all licenses and services will immediately cease and access to Bleepa will end. All users must be notified.

2. At the written request of the Customer within ninety (90) days of expiry or earlier termination of this Agreement:
a. all data (excluding Personal Data), documents and records relating in whole or in part to the Services, including without limitation relating to patients or Authorised Users, and all other items provided on loan or otherwise to Feedback by the Customer shall be delivered by Feedback to the Customer provided that Feedback shall be entitled to keep copies where appropriate
b. any Personal Data Processed on behalf of the Customer shall be returned to the Customer or destroyed as per TOCs
3. Nothing in this Agreement shall oblige Feedback to retain any of the User Content after 90 days following expiry or termination
4. The termination of this Agreement shall not affect any obligations which expressly or by implication are intended to come into or continue in force on or after termination

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Feedback Medical Limited's clinical communication system Bleepa, is a web application designed from the ground up and multi-platform. Consequently, the following common user activities can be performed on both devices:
-look at patient notes
-review lists of patients
-view patient images and documents
-annotate an image
-act on a patient referral
-send a message
-provide advice and guidance.

Some activities are desktop specific, such as:
-review patients in a dashboard view
-administrative, such as onboarding and managing users, or configuring workflows.

Some activities are mobile specific, such as:
-take/upload a photo
-make a phone call.
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: Upon accessing Bleepa, end-users are greeted with a login screen. Once authenticated, new users encounter a welcome page that provides navigation tips, which they can choose to view or skip. Users are then presented with an intuitive dashboard. The dashboard provides centralised access to modules, such as: clinical data, clinical chat function for discussing patient cases, and features to share, view, and annotate medical images such as X-rays, CT scans, MRI, or ultrasounds. There is also a kanban board for visualising patient lists and tracking workflow stages, supplemented by customised help reference materials to enhance user engagement and operational efficiency.
Accessibility standards: None or don’t know
Description of accessibility: Bleepa is a UKCA-marked medical device product with a design guided by the IEC 62366 medical device usability standard, to ensure that the product is simple and easy to use. Bleepa is accessible via URL and mobile app, uses easily readable typography, font sizes, and colour schemes designed for viewing at arm's length. This clinical communication tool also supports the clinical review of medical images. Feedback Medical further improves accessibility, by reviewing and analysing against the Web Content Accessibility Guidelines (WCAG), where these are not in conflict with the Medical Device usability requirements.
Accessibility testing: The application is fully tested against the defined usability requirements, and has been further validated by a number of different clinical user groups, in various clinical settings.
Each new software rollout goes through a user acceptance testing process, and our ISO 13485 compliant post market surveillance process ensures that we are able identify any usability issues that our users may encounter.
API: Yes
What users can and can't do using the API: Bleepa is implemented as a set of web services. While these are not typically exposed to customers directly, it is a simple matter of configuration to make the APIs securely accessible.
The standard install does not include a sandbox environment but this can be implemented on request.
API documentation: Yes
API documentation formats: Other
API sandbox or test environment: No
Customisation available: Yes
Description of customisation: What can be customised: referral forms, pathways, clinical questionnaires
How users can customise: through the onboarding process, ongoing via a service request
Who can customise: manufacturer

Scaling

Independence of resources: We monitor usage of the system and are able to add additional servers to respond to increased demand via load balancing.

Analytics

Service usage metrics: Yes
Metrics types: We work with the customer to define key performance metrics based on the use case(s)
Reporting types: Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Staff screening not performed
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Users make a service request through our support desk
Data export formats: Other
Other data export formats: Clinical images - DICOM

Documents - PDF

Structured data - custom, to be confirmed with customer
Data import formats: Other
Other data import formats: Clinical images - DICOM

Documents - PDF

Non-clinical images - JPEG / PNG / BMP

HL7 2.x

HL7 FHIR

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: At Feedback Medical, we have chosen Amazon Web Services (AWS) as our preferred cloud hosting platform for our Bleepa service, largely because of the high level of availability it ensures. AWS routinely offers an availability of 99.5% or higher, which is extended to our customers. This robust availability is supported by the option to deploy across multiple Availability Zones, and by AWS's global network of data centres, which enhances overall system reliability and fault tolerance.

To further secure our service uptime, we implement configurations such as Elastic Load Balancing and Auto Scaling. These configurations are essential in ensuring that Bleepa remains resilient, managing failures smoothly and maintaining continuous availability.

We manage our cloud infrastructure using Infrastructure as Code (IaC), which maintains consistency and streamlines changes. In the unlikely event of system downtime, our Business Continuity Management (BCM) plan enables the rapid creation of a new, fully operational customer environment, pointing to the RDS database backup with a recovery point objective of 5 minutes.

Refunds for not meeting availability guarantees are not standardly offered but can be included in the Terms and Conditions of contracts based on specific client needs, ensuring transparency and tailored service level agreements.
Approach to resilience: Our system can be deployed on multiple availability zones, which means that datacentre failure is mitigated.
Outage reporting: Email alerts

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: Revoke access to the application
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: SGS
ISO/IEC 27001 accreditation date: 11/12/2020
What the ISO/IEC 27001 doesn’t cover: N/A
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: Digital Technology Assessment Criteria (DTAC)

DCB0129: Clinical Risk Management

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: Feedback Medical has established robust information security policies and procedures which protects the confidentiality, integrity, and availability of data. We have integrated the standards ISO 13485 and ISO 27001 into a comprehensive Integrated Management System (IMS), which defines the policies, procedures, and processes for all company activities. Core information security procedures include the Information Security Policy and Information Security Incident Management. Security awareness training, supported by assessments such as routine phishing tests, are used to identify gaps in training.
Additionally, companywide awareness emails about emerging threats are frequently distributed to raise awareness. Our policies are consistently updated and stored in our IMS where all staff members are required to confirm that they have read and understood them.

Feedback Medical has a structured approach for incident response, allowing quick recovery from a cyber security incident. This includes a detailed plan for responding to incidents, conducting regular tests and reviews of the plan, and improving the plan based on lessons learned. Feedback Medical employees needing assistance with information security, will contact the Information Security Team, which consists of the Security Engineer, Head of Support and the Chief Regulatory and Compliance Director. The Information Security Team investigates all incidents thoroughly.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: At Feedback Medical Limited, we ensure quality, information security, and clinical safety. Our ITIL 4 aligned change enablement includes:

CMDB: Tracks each component's lifecycle for a complete overview and history of our IT infrastructure.
Change Advisory Board (CAB): Includes customer representatives and internal experts assessing security risks and impacts of changes.
Testing: Changes undergo thorough testing before live deployment, followed by user acceptance testing to ensure customer satisfaction.
Regular Audits: Ensure compliance with Cyber Essentials+, ISO 13485 and ISO 27001, enhancing reliability and supporting continuous improvement.

These processes minimise risks, maximise reliability, and support continuous improvement in our service delivery.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: At Feedback Medical Limited, we continuously monitor for potential threats using information from recognised sources such as the National Cyber Security website (NCSC), National Vulnerability Database (NVD) and Common Vulnerabilities and Exposures (CVE) lists, which provide vulnerability scores based on the Common Vulnerability Scoring System (CVSS). We can promptly assess these threats through internal and external scans using tools like Qualys or Nessus. Patches are deployed rapidly, prioritised by CVSS scores and criticality of assets to ensure high-risk vulnerabilities are addressed first. This systematic approach helps maintain robust security by quickly mitigating any identified risks to our services.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: At Feedback Medical Limited, we have implemented remote monitoring and management (RMM) and endpoint detection and response (EDR) solutions to continuously monitor and respond to threats on our cloud-connected endpoints, with our tools providing us with the ability to mitigate threats remotely. We collect and store logs from all cloud components, such as virtual machines, application logs, and network traffic, and use log analysis tools to automatically scan and trigger events for unusual activity or known threat patterns. We have defined procedures and protocols for responding to security incidents, including escalation processes, incident investigation, containment, and remediation actions.
Incident management type: Supplier-defined controls
Incident management approach: At Feedback Medical Limited, our incident management procedures are designed for efficient resolution. Users report incidents via email, phone, or chat. Incidents are logged in a central system, categorised, and prioritised from Priority 1 (critical) to Priority 4 (low) based on impact and urgency. Customer Support utilises a knowledge database for swift resolution of common issues and employs problem management practices to prevent recurrence through root cause analysis and the application of preventative actions. Automated tools monitor for early detection. We provide detailed incident reports to stakeholders, ensuring transparency and informed decision-making. This approach minimises downtime and enhances customer satisfaction.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Social Value

Covid-19 recovery

Bleepa is supporting Covid-19 recovery by helping address the elective care backlog. Bleepa transforms day to day clinical practice by bringing the power of patient-specific asynchronous communication to clinicians across care settings, increasing the efficiency of referrals, reducing the time to get a second opinion from senior clinicians and enabling on-the-go access to key patient information such as medical imaging, reports and results so that teams can be truly mobile.

Elective care requires a number of clinicians to have a series of conversations in order to agree the correct investigations and subsequent treatment for a patient. Bleepa enables the multi-disciplinary team meetings to discuss patient care from anywhere without needing a face-to-face meeting.

Asynchronous communication is just part of what Bleepa does. Bleepa connects clinical teams around individual patient episodes but it also draws patient information from multiple healthcare systems so that all the relevant data is available to the teams along the care pathway, from primary to secondary and tertiary care. With Bleepa you login to a patient rather than a system and from there can interact with colleagues in any healthcare setting and see the information you need in order to make decisions. Having both asynchronous communication and access to patient information is key to keeping elective care moving.

Bleepa can be used to facilitate any patient pathway, flexible to the clinical and operational needs of each specialty and care setting. Our breathlessness pathway as part of the community diagnostic centre programme has already demonstrated a dramatic impact on patient wait times and throughput – it has reduced referral to treatment times by 63% compared to the national average and saved £267 per patient with 88% reduction in outpatient appointments.

Pricing

Price: £0.59 to £6.00 a unit
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Bleepa

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents