MEDCURRENT UK LTD

Clinical Decision Support (CDS) Software

Clinical Decision Support (CDS) cloud hosted Software-as-a-Service solution. Solution leverages Royal College of Radiologists (RCR) iRefer referral guidelines. Solution integrates to existing Electronic Health Record (EHR) / OrderComms systems using healthcare interoperability standards.

Features

• Real-time Clinical Decision Support
• Software-as-a-Service Cloud Offering
• Healthcare Interoperability standards
• User Authentication
• EHR Integration
• CDS Web Portal
• CDS Analytics and Business Intelligence Reporting
• CDS Authoring Studio Rules Engine

Benefits

• Enhance clinical decision-making processes with evidence based guidelines
• Seamless integration into existing clinical workflows
• Deliver evidence-based imaging requests at point of referral
• Single knowledge base that supports quality improvement program
• Minimise exposure of patients to unnecessary radiation
• Reduce repeat and unnecessary imaging tests

£16,625 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at martin.kepa@medcurrent.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

904422565279986

Contact

Martin Kepa
+44 (0) 141 488 0915
martin.kepa@medcurrent.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: -Microsoft Azure Platform as a Service; -Microsoft technology stack (MS SQL 2016, IIS 8); -Planned maintenance determined based on customer requirements; -99.9% Uptime Service Level Agreement
• System requirements:
  • Internet Connection (1Mbps or higher)
  • Internet Browser (Internet Explorer,Chrome, Firefox,Edge)
  • Firewall access to public URL

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday through Friday, excluding Statutory holidays, 8am to 5pm are standard business support hours. Level 3 severity issues within 4 hours during business hours. Level 2 severity issues within 2 hours during business hours. Level 1 severity within 1 hour on a 24/7 basis.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Priority 1(Urgent) – User cannot perform basic functions; financial or patient care negatively impacted; no workaround is available. Response within 1 hour on a 24/7 basis. Resolution target within 3 hours. ; Priority 2(Important) – User can perform basic functions; some features are unavailable; some features are unavailable or loss of effectiveness and efficiency is evident; temporary workarounds are available. Response within 2 hours during Business Hours. Resolution target within 24 hours.; Priority 3(Routine) – User can perform materially all functions; minor inefficiencies, loss of effectiveness, or opportunity for improvement is evident. Response within 4 hours during Business Hours. Resolution target per mutual agreement with client. ; ; The 3 support levels are included in standard pricing model. Issue resolution is managed by assigned support desk resource who engages applicable MedCurrent team members to resolve issues.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Kickoff meeting with key project team members to outline roles and responsibilities. Online training via remote web session, user training videos and user documentation provided as part of standard offering. Onsite training using train the trainer methodology is provided for upto 10 customer participants as part of standard service offering, subject to additional travel costs. Additional training can be provided based on customer requirements based on standard rate card.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customer requests MedCurrent through service ticket to make a copy of customer DB instance and provide to customer via a compressed, encrypted format. MedCurrent will securely send client DB instance using secure technologies, e.g. SFTP, with encryption in transit and at rest. Users can also extract specific data using Analytics tool into CSV format as required.
• End-of-contract process: At end of contract, client's MS Azure instances will be turned off and not accessible. If required, client DB will be backed up and sent securely to client. Following contract end, client CDS software instance will be permanently deleted, unless client requests other instructions, at a nominal professional services cost, to be determined based on specific requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Due to screen resolution differences between desktop browsers and mobile browsers, depending on the tablet size, users may be required to scroll screen to view all content. MedCurrent works with customers to recommend ideal mobile tablet screen resolutions to address business needs.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Custom web services API developed by MedCurrent supports direct bi-directional integration to source Electronic Health Record(EHR) systems to allow for automatic launch of application as well as selected data transfer in order to optimize end user workflow and experience.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Colour scheme, logos and other graphics can be customized. Translations and/or edits of existing user interface labels can be updated per client request. Medcurrent assesses specific customer customization requirements and performs user interface customization as required and/or where supported. In addition, the Authoring Studio component of the solution permits creation and customization of client specific clinical decision support business rules/pathways if required by customer based on specific organizational workflows. Analytics reports can also be user defined using provided GUI.

Scaling

• Independence of resources: Each customer has their own MS Azure production environment instance that is scaled based on data volume, load, etc. If load is exceeded, the cloud hosting provider can be set to scale up resources as required to avoid performance impacts.

Analytics

• Service usage metrics: Yes
• Metrics types: Metric #1 – Resolution of Issues . The metric for resolution of issues for a given Month is the number of Tickets Resolved within the Resolution Time Target during the Month divided by the total number of Tickets Resolved in the Month (the “Success Ratio”). 95% Target. ; Metric #2 - Availability. Availability during periods of Planned Availability divided by the Planned Availability as measured each Month. 99.9% Target.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Using Analytics tool GUI, users can export data in CSV format. Additional data export requirements will require professional services based on specific requirements.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: MS Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9% Uptime. Availability during periods of Planned Availability divided by the Planned Availability as measured each Month. Pro-rated service credits provided to customer if SLAs are exceeded. Client has option to cancel subscription with 30 days notice at any time.
• Approach to resilience: MedCurrent leverages MS Azure resiliency practices. Additional details provided at https://azurecomcdn.azureedge.net/cvt-5fb6a266e9ba482b0dcfe66cef2bcf71c4c4ad4663200273486c80d67bbee7f8/mediahandler/files/resourcefiles/azure-resiliency-infographic/Azure_resiliency_infographic.pdf
• Outage reporting: MS Azure automatically triggers any outage notifications and sends automated email to MedCurrent service and support desk. MedCurrent informs clients of outages via email. If not response from client within 1 hour of email notification, MedCurrent contacts client resource via telephone to inform of outage.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Role Based Access Control for user access. Secure VPN connections where required.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ICO Certificate

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: HIPPA
• Information security policies and processes: Annual certification and training of MedCurrent team to HIPPA standards through third party organization (Compliancy Group). Includes additional resources for GDPR compliance provided through Compliancy Group.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: MedCurrent follows SDLC principles using Kanban approach leveraging Atlassian and JIRA services. Newly developed components are assessed for security vulnerabilities using third party open source toolkits.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability assessment managed through MS Azure vulnerability services. Specific MedCurrent product patches are developed as soon as significant vulnerability is discovered and patches are released to clients in real time on existing MS Azure instances.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Urgent incidents, such as vulnerabilities, have a 1 hour response time 24/7. If compromise is discovered, clients are informed and solution is turned to read-only mode and/or completely shut down depending on the incident pending additional investigations.
• Incident management type: Supplier-defined controls
• Incident management approach: MedCurrent Professional services team owns Standard Operating Procedures (SOPs) around incident management that outline all aspects of incident management and reporting. SOPs available upon request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  N/A
• Covid-19 recovery:

  Covid-19 recovery

  MedCurrent Clinical Decision Support software provides direct support for COVID-19 recovery by providing referring clinicians with a tool that directly addresses diagnostic imaging appropriateness and helps to better manage the diagnostic test backlog that has resulted from COVID19. Using the MedCurrent tool will result in more NHS system capacity to better manage diagnostic imaging tests, including tests associated with COVID.
• Tackling economic inequality:

  Tackling economic inequality

  N/A
• Equal opportunity:

  Equal opportunity

  N/A
• Wellbeing:

  Wellbeing

  N/A

Pricing

• Price: £16,625 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at martin.kepa@medcurrent.com. Tell them what format you need. It will help if you say what assistive technology you use.