Rotamap Ltd

Medirota

Medirota is a specialised web-based rota and leave management service for all medical and dental specialties. Medirota helps plan, operate and report on mixed-role activity for consultant-led services in a variety of clinical, surgical, medical and ward-based departments by providing powerful online tools for inter and extra-departmental communication and coordination.

Features

• Automated email, SMS and push notifications keep staff updated
• Accessible via web browser and native Android and iOS apps
• Highlights staffing gaps to avoid cancelling sessions
• Junior doctor rotation management, reporting and live rota compliance checks
• Comparison of planned and delivered work against defined targets
• Integrated leave and internal bank management systems
• Customisable and consistent cross-organisation reporting against KPIs
• Flexible composite cross-department views for theatres, clinics and on-calls
• Two-way link with ESR for absence and attendance records
• Integrated exception reporting tool for junior doctor training and compliance

Benefits

• Expert deployment and dedicated support included at no additional cost
• Supports business cases where additional staff are required
• Services designed around and alongside NHS expertise
• Improve clinic and theatre management for increased utilisation
• Reduce extra/locum spend by planning resources to meet demand
• Improve consultant session delivery by monitoring productivity
• Improve work/life balance, publishing rotas sooner and linking with calendars
• Seamless planning, designing and reporting on junior doctor rotas
• Timely and automated alerts communicating late changes to affected staff
• Interoperate and share data with related organisation services via APIs

£250 a user a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@rotamap.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

890463004324226

Contact

Info Team
02076311555
tenders@rotamap.net

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Internet browser application support is provided from Microsoft Edge and up, although the latest browsers are recommended.
• System requirements:
  • Access to the internet
  • A modern web browser or supplied iOS/Android app

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Service support is generally available during our normal operating hours; of 08:30–12:00 and 13:00-17:00 Monday to Friday other than public holidays and between; Christmas and New Year. All efforts will be made to respond to support requests within a reasonable time-frame and within 24 hours of the query being placed, within the above working hours.; ; Where an immediate resolution is not possible Rotamap will endeavour to provide a response as quickly as is feasible and to keep the Client informed. Emergency requests will be given priority. This status will be determined by Rotamap, with all due consideration to the Client.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Support is all inclusive of the licence fee. Service support is provided by email and telephone only unless provision of the Service is not possible by these means. If necessary onsite support can be provided via prior arrangement and at no extra cost. Support will normally be provided by email at support@rotamap.net or any other email address as provided by Rotamap to the Client. ; ; Unless otherwise agreed between Rotamap and the Client, service support will only be provided to Authorised Users as set out in our Terms and Conditions.; ; Emergency requests will be given priority. This status will be determined by Rotamap, with all due consideration to the Client. Where the request involves a failure of the Service as provided by Rotamap, all efforts will be made for an immediate resolution.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Rotamap provide training, advice and guidance to the Client through online meetings during the implementation of the Service. Rotamap may also provide additional training to the Client’s administrative users should there be any significant revisions to the Service for which this is deemed necessary, such training requirements to be determined by Rotamap with all reasonable consideration to the Client. Online user documentation, including both text and video guides, is provided for common tasks when initially setting up and then maintaining the Service over time. Support is entirely included in the licence fee.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: At or prior to the termination of the Service, the Client may extract its data from the Service using the data exchange services, for which no fee will be payable by the Client to Rotamap and which facility shall constitute the entirety of the “Offboarding” process unless otherwise agreed.
• End-of-contract process: All elements of the service provision including end of contract data extraction are inclusive in the licence fee.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Rotamap services can be accessed using mobile browsers in the same way they can on a desktop or laptop. However for convenience and ease of use iOS and Android mobile apps are available. These mobile apps provide Clinician users with all features available to them on the web browser application except reports. Rota Master, Manager and Guest users have read only access to the rota via the mobile apps with reports and any editing rights only available via the web browser login access.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: The service interface consists of a set of pages accessed via a tabbed; menu bar. Pages contain grids for different rota views, tables for; presenting other ancillary data, and forms for entering and/or updating; data. Tables contain search functionality, and navigation tabs show; highlights when new information is available.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: The Rotamap accessibility policy aims to adhere to the WCAG 2.1 A standards and currently covers several key areas outlined below. All new features and page designs follow this approach with the aim of improving the overall usability of the systems and increasing accessibility guideline adherence. - All functionality is available from a keyboard - All content can be dynamically scaled/zoomed - Use of alternative text on all image content - Designed and tested to work on all modern browsers
• API: Yes
• What users can and can't do using the API: Medirota provides API support for service interoperability, otherwise known as data exchange services. APIs are provided to support integration with ancillary services in the clinical rota environment, including job planning, bank/locum, data warehousing, and junior doctor rostering services. Endpoints are provided to support different use cases, including summarised rota data for job planning services, and comprehensive itemised rota data for data warehouse services. APIs are provided to support integration with external bank/locum agencies, allowing them to suggest suitable staff to cover vacancies on the rota. Additionally, summarised information from job planning services can be integrated and displayed in Medirota. Custom inbound and outbound API support is also provided for the Electronic Staff Record (ESR) inbound and outbound generic interfaces for importing staff details, and exporting absence and attendance (payroll) information via Rotamap's Central Reporting service (in conjunction with Medirota).
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • Other
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Rotamap uses high availability infrastructure combined with techniques such as load balancing and server redundancy. Service, server and network health are also continuously monitored.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics are provided in a variety of ways:; ; - In-system reports; - Automated reports; - On-request reports; - Twice yearly service reports as part of our benchmarking data packs.; ; The data metrics are focused on department service planning, operations and delivery allowing analysis of efficient use of resources and the ability to spot variations from expected performance.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: GPG public/private key encryption with 4096 bit keys on LUKS encrypted disks using aes-xts-plain64 encryption with 512 bit keys.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can make use of the data exchange services (APIs) which are part of Medirota to export their data for use in other systems. In-system rota and report data can be downloaded in .CSV format. Automated and bespoke reports are provided in .XLS or .CSV format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • OpenAPI
• Data import formats: Other
• Other data import formats: ESR

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: The service encrypts data travelling between system administrators and the service over public/private key SSH connections, between the service and backups over public/private key SSH connections, and data at rest with GPG public/private key encryption on encrypted disks.; ; SSH connections are secured by public/private ed25519 keys, GPG encrypted data is secured by 4096 bit public/private keys.; ; Where possible segregated networks with no internet access are used.

Availability and resilience

• Guaranteed availability: If the Client experiences loss of access to any aspect of the Service that is not scheduled or notified and can be determined to be caused by action or inaction by Rotamap, or a Third Party employed by Rotamap to provide aspects of the Service, and contingency arrangements as set-out in Clause 9(c) of the Rotamap Terms and Conditions have not been met, Rotamap will provide a reimbursement of fees as set out in the following; reimbursement schedule:; The duration of service interruption is determined within a 28-day period and during normal working hours only (08:30–17:00, Monday–Friday, excluding public holidays); ‘monthly payment’ means 1/12th of the annual fees:; ; • 0–8 hours: No refund; • 8–16 hours: 30% of monthly payment; • >16 hours: 100% of monthly payment
• Approach to resilience: • Data is located in a UK data centre with biometric and multi factor physical access controls • Backup data is encrypted in transit and at rest • Physical resilience is achieved through the use of server redundancy and automated failover processes, as well as database streaming locally and remotely through encrypted channels
• Outage reporting: Rotamap have system monitoring services in place that ensure our system administration team are alerted immediately about any service outage. Rotamap communicate any outage along with updates on the progress of resolving the outage via email and/or in-system notification to our authorised users at each department.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Management interface access depends on credentials provided in person to the administrative user designated by the Client to administer the Service on its behalf and who will act, unless otherwise instructed by the Client, as the Client’s authorised officers and representatives. These credentials utilise randomized credential tokens.; ; Support channels are over email or telephone and are unrestricted by design (we do not charge for support).
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Rotamap's approach to security governance is to be 'secure by design', by providing the simplest way possible to ensure that security risks relating to our IT environments are mitigated through either common or environment specific measures. These measures include: * Appointment of a company Security Officer responsible for ensuring policies are followed and that audits take place * Reviewing the company security policies quarterly * Auditing individual's security behaviours quarterly * Auditing the security behaviours of production environments with security subcontractors monthly * Auditing other environments by members of the system administration team quarterly
• Information security policies and processes: Rotamap's approach to security policies and procedures is to be 'secure by design', by providing the simplest way possible to ensure that security risks relating to our IT environments are mitigated through either common or environment specific measures. These policies are lead by our designated company Security Officer, who is also responsible for regular audits and reviews. These measures include: * Setting out the different information technology environments * Determining the main risks across all environments, and any risks that may affect a specific environment * Determining the common behaviours we need to mitigate the main risks * Determining the environment specific behaviours we need to mitigate specific risks * Appointment of a company Security Officer responsible for ensuring policies are followed and that audits take place * Reviewing the company security policies on a quarterly basis * Auditing each individual's security behaviours on a quarterly basis * Auditing the security behaviours of production environments with security subcontractors on a monthly basis * Ensuring all other environments are audited quarterly by members of the system administration team

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Service configuration and change management is managed through Rotamap's 'secure by design' security policies and procedures. All service configuration elements, including servers and network access, are managed through a configuration management system to ensure conformance with a policy. Production services are also port scanned by an external expert third party monthly to reveal configuration problems or problems with outdated software or operating systems. All IT devices must run software from vendored, security-managed providers agreed by the company with updates typically applied weekly through a testing procedure which is separated from other service changes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability management is managed through Rotamap's 'secure by design' security policies and procedures through which potential threats are assessed. All IT devices must run software from vendored, security-managed providers agreed by the company with updates typically applied weekly, including malware detection software. All service configuration elements must have updates managed through a configuration management system. Additional assessments are made via security update mailing lists, monthly penetration tests, and automated monitoring to alert us to available updates.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Protective monitoring is managed through Rotamap's 'secure by design' security policies and procedures, using three levels: 1. external gateway monitoring, actively monitored by our data centre provider 2. internal network monitoring, provided by local state, monitoring and reporting tools 3. independent per-machine monitoring environments. Alerts are triggered after binary updates which have not been completed/unexpected signature changes. Automated tests and other measures are used on production services to mitigate against code compromises and SQL injection. Production services are port-scanned by an external expert third party monthly to reveal misconfigurations or outdated software. A compromised machine must be reinstalled from scratch.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management is managed through Rotamap's incident review process, so as to ensure incidents are responded to quickly and that all necessary evidence is recorded. Our internal monitoring and alerting systems and team communication tools are used to alert, report, review and manage incidents. Evidence is collected from the incident, users, records, timelines and steps are recorded for mitigation for the occasion in question and for avoiding the problem in future. Incident reviews are kept in the company documentation system for long-term reference. Communication with users is via phone, email and in-system notification. Outgoing email reports are partially automated.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Rotamap has a board-approved timeline for incrementally reducing carbon emissions, ahead of NHS England’s Evergreen Supplier Roadmap. On an annual basis, Rotamap produces a publicly available PPN 06/21 detailing emissions, targets and progress. Targets are in line with the SBTi (science based targets initiative), facilitating Trusts in meeting international standards for carbon accounting and reduction plans. Moreover, by helping departments and individuals within those departments plan, communicate and coordinate their activity in advance, Medirota helps cut down on wasted resources such as operating theatres and associated facilities, as well as mistaken physical journeys taken across geographical areas within the organisation's scope, reducing greenhouse gas emissions. Additionally, the public cloud deployment model allows for the more efficient use of computing resources to provide the service, reducing the requirement for extra computing hardware and energy resources.

  Covid-19 recovery

  By y helping a range of clinical teams providing front line healthcare to those affected by COVID-19 plan, communicate and coordinate their activity in advance, as well as helping them react rapidly to changing circumstances and demands placed upon them, CLWRota directly supports the health and care services as well as the physical and mental health of those working within those services. By providing web-based rota management systems on a Software-as-a-Service basis, hosted using a public cloud deployment model, CLWRota also supports new ways of working designed to improve workplace conditions to support the COVID-19 recovery effort by allowing department rotas to be managed effectively by staff working remotely. By providing comprehensive reporting and departmental benchmarking on metrics such as work achieved and leave taken from both departmental and individual perspectives, CLWRota helps departments, along with their associated healthcare services assess the historical and ongoing impact of COVID-19 on their service provision and staff wellbeing. This data also helps these services predict both future service demand, and their ability to meet it based on future staff availability.

  Tackling economic inequality

  Rotamap enshrines its responsibility to provide interesting and rewarding work for its employees as one of its core company principles. The relatively flat structure and distributed decision making processes Rotamap uses on a day to day basis to develop its services and deliver its contracts encourage individual responsibility and entrepreneurship among all members of staff regardless of their seniority or length of service, backed up by the advice and support of their peers. This process is supported by external training provided by reputable management schools, software industry forums and events, and other techniques where appropriate. Rotamap also supports innovation and disruption to the environment in which it operates by developing and supporting scalable and future-proofed methods to modernise healthcare delivery and increase productivity, by collaborating with both clients and other suppliers in the environment to design and develop application programming interface (API) standards utilising the OpenAPI standard to appropriately share data between services. This work also includes creating modern OAuth2 authentication services to reduce relevant cyber security risks throughout the data supply chain.

  Equal opportunity

  Rotamap supports in-work progression to help all employees, regardless of background or circumstance. The relatively flat structure and distributed decision making processes Rotamap uses on a day to day basis helps the move towards higher paid work by encouraging individual responsibility and entrepreneurship related to the delivery of the contract among all members of staff, backed up by the advice and support of their peers. Rotamap's pay structure and related progression model is explicitly designed to support and reward the development of new skills relevant to the delivery of Rotamap's services, regardless of gender, background, or disability.

  Wellbeing

  Rotamap enshrines its responsibility to provide interesting and rewarding work whilst ensuring a good work-life balance for its employees as one of its core company principles, written into the Articles of Association. Employee well-being is reported on quarterly, supported by surveys to track changes in well-being over time and allow evidence-based changes to be made to support both the physical and mental health of employees. Rotamap's dedication to supporting the health and well-being of its workforce is also demonstrated by actions such as providing employer supported volunteering days (which evidence shows lead to an improvement in confidence, job satisfaction and overall happiness and well-being). Rotamap places great value on collaboration with users in the co-design and delivery of its services as part of the contract, and sees its included implementation, support, and events as being an invaluable method of gaining insight and knowledge from the local experts, users, and communities using Rotamap's services. Rotamap also engages in specific and long running collaboration exercises in conjunction with staff, suppliers, customers and communities to design and develop new software to support improved methods of working and strengthen the integrated communities around Rotamap's services and those of related suppliers.

Pricing

• Price: £250 a user a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: What's included?; Implementation and ongoing support of the service as described on the digital marketplace; What isn't included?; N/A; If there's a limited time period?; The free trial period is for a 12 month term only, valid once across all time-frames, frameworks and contracts.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@rotamap.net. Tell them what format you need. It will help if you say what assistive technology you use.