PRACTEUS LTD

LocumDeck

LocumDeck is an innovative SaaS platform designed for GP locums and practices, facilitating seamless bookings, invoicing, and NHS pension management. It offers a robust, user-friendly interface to connect locums with practices, enhancing efficiency, transparency, and financial management, while supporting professional development and community engagement among GP locums.

Features

• Automated Invoicing: generates invoices after session completion.
• Real-Time Availability: Updates and displays booking availability instantly
• Remote consultations: Accessible from anywhere with internet connectivity.
• Customisable Contracts: Tailor T&Cs for each booking
• NHS Pension Automation: Fills NHS forms automatically, reducing paperwork.
• Financial Reporting: Provides detailed financial reports
• SPIP Integration: Shares essential practice information between locums practices.
• Feedback Exchange: Allows for peer feedback and testimonials.
• GP Chambers Support: administrative and peer support for GP locums.
• CPD Resources: Access to CPD materials and guidelines.

Benefits

• Financial Streamlining: Simplify invoicing and payment processes.
• Efficient Bookings: Quickly find and secure GP sessions.
• Remote Management: Access and manage work from anywhere.
• Custom Contracts: Easily tailor agreements and terms.
• Administrative Reduction: Automate NHS pension documentation.
• Financial Transparency: Access detailed income and expense reports.
• Information Sharing: Efficiently exchange practice details.
• Professional Development: Enhance skills with CPD resources.
• Networking: Connect with GP locums and practices.
• Work-Life Balance: Schedule flexibly, balancing personal and professional.

£30,000 to £100,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.fieldhouse@nasgp.org.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

901991601822008

Contact

Richard Fieldhouse
07966229058
richard.fieldhouse@nasgp.org.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: Secure web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: One hour, two hours at weekends.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Email and phone support from 9am to 5pm Monday to Friday. GP locums can book hour-long 1:1 Zoom meetings with our membership Support Managers. Practice Managers can book demos and support calls with our Membership Managers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: To ensure a smooth and efficient start for our users, our platform features integrated user documentation and guides, providing context-sensitive help on every page and function. This design allows GP practices, PCNs, Enhanced Access Hubs, or Out-of-Hours providers to quickly familiarize themselves and get started within approximately five minutes. GP locums, requiring a more detailed setup to personalize their profiles and preferences, can expect to complete their onboarding in about 45 minutes. Recognizing the diverse needs of our users, we also offer complimentary online training sessions. These sessions are designed to maximize the platform’s utility and ensure users can leverage all its features effectively from the outset.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: We provide export facilities for much of the data, otherwise users can submit a support ticket to request a copy of their data
• End-of-contract process: At the end of the contract, GP practices, PCNS and Out-of-Hours providers can continue to use the service for free, and GP locums have to start paying to use LocumDeck https://www.nasgp.org.uk/membership/

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Same service
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Users have full control over any settings related to working as a clinician. Users can customise dates, times, rates, terms, essential paperwork, payment details, session/clinic types and much more. All this is done on the web interface through any PC or smartphone web browser.

Scaling

• Independence of resources: To ensure our service remains unaffected by varying user demands, we utilise a scalable cloud infrastructure. Our monitoring systems proactively manage capacity and performance, alerting on spikes in resource usage and unusual activity. These measures guarantee consistent, reliable service for all users, irrespective of demand peaks.

Analytics

• Service usage metrics: Yes
• Metrics types: GPT; Our service metrics align with NHS England's Digital Services Framework, providing comprehensive insights into the deployment of sessional clinical capacity in primary care. Metrics include the total number of GPs utilising LocumDeck for work management, sessions completed, engagement levels across practices, average hours worked per locum, advance booking rates, and analysis of unused capacity. Additionally, we track hours worked per locum and calculate the average hourly rate to offer a transparent view of locum activity and financial trends. These metrics facilitate a deep understanding of service utilisation, helping to optimise sessional clinical capacity deployment.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: UK ISO27001
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: All users can export invoices, NHS pensions forms and financial reports and much more as they use LocumDeck on a day-to-day basis.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Data at rest is held on a dedicated server supported by IONOS. The server is securely accessed by whitelisted IP addresses. IONOS SIEM software constantly monitors and analyses security alerts, guaranteeing users high availability and secure products. The IONOS data centres are ISO 27001 certified.

Availability and resilience

• Guaranteed availability: 99.9% uptime with georedundant hosting services. data is mirrored in two data centers to protect against outages.
• Approach to resilience: Data backups are held securely off site via Acronis backup Service. Data In storage or in transit is protected by AES-256 encryption and stored in SSAE-18 certified Tier 4 Data Centers. The service also uses ransomware protection for added security. Access to storage is 2 factor authentication.
• Outage reporting: We offer in application notifications for planned maintenance and email alerts for any outages.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is strictly controlled through role-based access control (RBAC) mechanisms, ensuring only authorized personnel can access sensitive functions based on their job requirements. Authentication processes, including multi-factor authentication (MFA), safeguard against unauthorized access. Regular audits and reviews of access rights ensure compliance with our strict security policies. User activities within these interfaces are logged and monitored for any irregularities, with immediate action taken to address potential security breaches. This comprehensive approach ensures that access is securely restricted, maintaining the integrity and confidentiality of our systems and the data they contain.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We maintain security governance by adhering to industry best practices. We stay informed about the latest vulnerabilities and threats by keeping up-to-date with OWASP's Top 10 and monitoring other relevant security news and alerts. We have established processes and procedures to manage access requests, respond to security incidents, and handle the leaver requests. Our policy documentation and playbooks are integral to these efforts, ensuring that our team has clear guidelines to follow. Additionally, we partner with IONOS to monitor our physical infrastructure, leveraging their expertise in best practices to ensure our systems are secure and resilient.
• Information security policies and processes: Our information security policies and processes are designed to ensure the highest level of protection for all data we handle, fully compliant with industry standards and legal requirements, including GDPR and the NHS's own stringent data security guidelines. We adopt a comprehensive security framework that encompasses data encryption in transit and at rest, regular security audits, and rigorous access controls to safeguard sensitive information.; ; Our reporting structure for information security incidents is hierarchical, starting with immediate notification to our dedicated Information Security Officer (ISO). The ISO is responsible for assessing the incident's impact, coordinating with our response team to mitigate risks, and initiating an investigation to prevent future occurrences. This process is supported by continuous staff training on data protection best practices and the importance of maintaining the confidentiality and integrity of the data.; ; To ensure adherence to our policies, we conduct regular reviews and updates in line with evolving security standards and threats. Internal audits and compliance checks are performed routinely to identify and rectify any discrepancies.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our approach ensures the integrity and security of our service throughout each component's lifecycle. All service components are documented and tracked from inception through deployment and updates. Changes undergo a rigorous assessment process, evaluating potential security impacts before implementation. This includes a comprehensive review by our security team to identify vulnerabilities or risks associated with the change. We employ a structured change approval process, requiring sign-off from stakeholders, including security, operational, and development leads. Regular audits of our change management practices ensure compliance with our strict security policies, maintaining high levels of data protection and service reliability.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process proactively identifies and mitigates threats to ensure the security of our services. We conduct regular, comprehensive vulnerability scans and assessments to detect potential threats, utilising leading security intelligence sources and advisories from industry-standard bodies such as the National Cyber Security Centre (NCSC) and software vendors for up-to-date threat information. Upon identifying vulnerabilities, we prioritize patch deployment based on the severity of the threat, with critical patches deployed within 24 hours. Our security team continuously monitors for new vulnerabilities, ensuring our services remain resilient against emerging threats and our response strategy is swift and effective.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring process employs advanced detection techniques to identify potential security breaches swiftly. Through continuous monitoring and analysis of system activity, we detect anomalies and signs of compromise. Upon identifying a potential threat, our dedicated incident response team is immediately engaged, ensuring a rapid response within 1 hour for critical incidents. Actions include isolating affected systems, mitigating the threat, and conducting a thorough investigation to prevent future occurrences. We leverage leading security intelligence to stay ahead of potential threats, ensuring our systems and data remain secure and resilient against cyber attacks.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management process encompasses predefined protocols for common scenarios, ensuring swift action. Users report incidents through a dedicated support channel, ensuring clarity and accessibility. Upon notification, our team promptly assesses, prioritizes, and addresses the issue, with critical incidents receiving immediate attention. We communicate regularly with affected users, providing detailed reports that outline the incident's nature, the steps taken to mitigate its impact, and measures to prevent future occurrences. This approach guarantees a transparent, responsive resolution process, fostering trust and security within our user community.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  LocumDeck contributes to fighting climate change by promoting a digital-first approach in healthcare provision. By enabling GP locums and practices to engage in remote consultations, the platform drastically reduces the need for travel, directly cutting down carbon emissions associated with transportation. Furthermore, the adoption of a paperless system for bookings, invoicing, and pension forms aligns with environmental sustainability goals by minimizing paper use and waste. LocumDeck's cloud-based infrastructure is designed for energy efficiency, hosted in data centers that prioritize renewable energy sources, further reducing the carbon footprint of healthcare services.

  Covid-19 recovery

  Throughout the COVID-19 pandemic, LocumDeck has been pivotal in ensuring the continuity of healthcare services. By facilitating remote consultations, the platform has not only helped in adhering to social distancing measures but also ensured that patients continue to receive care, supporting public health efforts. In the recovery phase, LocumDeck remains essential by offering flexible work arrangements for GP locums, thereby strengthening the healthcare workforce's resilience against future challenges and ensuring preparedness for potential healthcare demands.

  Tackling economic inequality

  LocumDeck addresses economic inequality by democratizing access to work opportunities for GP locums across various demographics and regions. By providing a transparent, accessible platform for finding locum work, it helps reduce income disparities within the healthcare profession. Additionally, the platform supports practices in underserved areas by providing them access to a broader pool of healthcare professionals, thereby contributing to reducing healthcare access inequality.

  Equal opportunity

  LocumDeck is committed to providing equal opportunities by ensuring that all functionalities of the platform are accessible to users regardless of their background or location. Through continuous user experience improvements and adherence to accessibility standards, the platform promotes inclusivity. By facilitating work opportunities across diverse geographic and socio-economic contexts, LocumDeck supports a more equitable healthcare workforce.

  Wellbeing

  The wellbeing of healthcare professionals is at the forefront of LocumDeck's mission. By offering GP locums control over their schedules and promoting remote work, the platform contributes to a better work-life balance, reducing the risk of burnout. Additionally, LocumDeck's efficient administrative features save time and reduce stress, further supporting the mental health and overall wellbeing of its users.

Pricing

• Price: £30,000 to £100,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: LocumDeck is always free to practices, PCNs and out-of-hours providers. For GP locums, we offer a free three month introductory period, where that get full use of LocumDeck if they've never been a member before.
• Link to free trial: For GPs https://www.nasgp.org.uk/join/free-trial/, for practices https://www.nasgp.org.uk/for-practices/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.fieldhouse@nasgp.org.uk. Tell them what format you need. It will help if you say what assistive technology you use.