MAXIMS Cloud ED
MAXIMS is a sophisticated and scalable Emergency Department solution that supports the specific workflows in the department. In so the system collects the required data to provide a detailed patient record as well as comply with the mandated ECDS reporting requirements.
Features
- A full ED Solution designed for the NHS
- Link Integrated Care Pathways to Problems
- Triage/Assessment supports streaming registered patients for Triage
- Integrated orders and results
- Clinician Worklist/Assessment Clinical Noting, Forms and Assessments
- Discharge Summaries and Outcomes
- Flexible tracking and KPI configuration
- Coding interventions and treatments
- Integrated ‘Decision to Admit’ with bed management functions
- Boiler plate templates for clinical noting
Benefits
- Improved patient outcomes and service efficiency
- Recommended by NHS England for delivering safe and integrated care
- Historic and real time reporting available
- Quick Registration for Ambulance handover
- Single screen data capture improves data quality and reduces errors
- Accurate patient tracking data - allows identification of problem areas
- Waiting times reduced by quick triage/prioritising process
- Specialist referral Management and 4 hour wait targets improvment
- Clinical empowerment and engagement in software enhancements and development road-map
- Increased returned patient loan equipment = reduced replacement cost
Pricing
£2.22 to £2.74 a transaction
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
9 8 2 4 6 5 7 0 7 7 1 0 9 4 1
Contact
Integrated Medical Solutions Ltd
IMS MAXIMS Bid Team
Telephone: 0203 66 86 999
Email: bids@imsmaxims.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
-
There will be times when the system is unavailable for scheduled maintenance. These times will be agreed in advance with the client.
User access to the system is limited by Username and strong password/passphrase enforcement. These will need to be set up for each user in conjunction with the client.
Data centre access is available to our staff only
Support for specific hardware configurations only
Must include specified top-of-rack/end-of-rack network switches - System requirements
-
- Access through Health and Social Care Network
- End-user devices running MS Edge Chromium/Chrome/Safari
- Software licences for each end user
- Suitable network connection between end-user device and central serve
- GBgroup Matchcode licence
- VMWare licence
- Windows 2019 and MSQL 2019 and above
- Suitable firewall
- Customers will require appropriate network connectivity
- Customer responsible for data security over their connectivity method
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- As per the service level agreement response times
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
We provide several support options to our customers.
However, we can be flexible and offer variations to this.
• Standard - 9am to 5pm, Monday to Friday, excl. Bank and Public Holidays;
• Extended - 8am to 6pm, Monday to Friday with the possibility of weekend cover and including Bank and Public Holidays;
• Premium - 24/7/365 for mission critical solutions
There is an uplift to the standard and extended packages if 24/7/365 is required. Cost is dependent upon the size and scope of the service required.
Yes we provide a technical account manager - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Our approach would be to work collaboratively with each Trust using our standard, tried & tested, implementation methodology to implement our application. Our implementation approach has been developed over many years of experience of managing and implementing healthcare solutions throughout the UK and Ireland.
Our plan provides a very detailed, standardised and repeatable approach for implementation, augmented with new data after each implementation and will be refined through discussions with each Trust during the Project Initiation Stage to take into account local variances in approach.
It has been validated in several successful implementations and can be taken as a proven ‘model’ of how the project will proceed and provide confidence in the delivery of the contracted deliverables to agreed deadlines.
Project governance and benefits realisation are intrinsic to the approach. Risks and Issues are managed following the framework set out by the OGC, whereby they are assessed and scored against likelihood and consequence across multiple domains and plans put in place to monitor and mitigate. Embedded controls include regular reviews to allow a realistic look at the project’s direction and performance at critical stages and to adjust as needed. - Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
-
- Microsoft Word
- ELearning Packages
- End-of-contract data extraction
- The customer has complete autonomy of how data is stored and managed within their virtual environment. Data can be extracted either from within the VM (for example, copying data over virtual networks), or the entire VM (for example, exporting as a VMDK or OVF).
- End-of-contract process
- We will return all your data and materials which cannot be deleted or exported by you, and securely destroy all copies of your data on your written instruction. We will return any pre-paid sums for services not delivered to you. We will not penalise you for terminating your contract with us unless specifically stated in the Service Definition. We will also return all of your confidential information, unless there is a legal requirement that we keep it.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
The differences are in the screen size available for viewing the system. This is taken into account for mobile access.
The technology used is different between mobile and desktop.
We have specific applications for both iOS and Android - Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
-
IMS MAXIMS is a founding member of the INTEROPen group which was formed to accelerate the development of open standards for interoperability in the health and social sector. We are currently working within INTEROPen in the design and curating of the technical interoperability standards, this includes areas such as data exchange, data validation, defining APIs and governance. We are currently in the process of developing and in publishing our APIs based on the INTEROPen CareConnect candidate FHIR resource profiles: http://interopen.org/candidate-profiles/care-connect/. This will provide support for resources such as:
• Allergy Intolerance
• Condition
• Encounter
• Family Member History
• Flags
• Locations
• Medication
• Observation
• Patient
• Practitioner
• Procedure
We are working on the current DSTU 2 final version of the HL7 FHIR standard. Our roadmap includes support for current draft standards e.g. FHIR STU3. Our currently developed FHIR standard implementation supports the REST API through HTTPS protocol, enabling any application to safely/securely consume our implementation of FHIR standards. Via our FHIR based APIs we can expose the patient’s longitudinal patient record and support flow of data between care settings.
See later q/a for configurability - API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
MAXIMS has a variety of functionality to provide a high degree of local configurability. Local patient journeys are supported through the MAXIMS configuration features listed below:
Configurable starting form for each role supporting different entry points
User defined navigations allowing clients to match the navigation to the workflow. The navigations may contain system forms, user defined forms and reports. The content, groupings and order are all configurable.
Configurable top menu bar allowing different menu bars for each user role. The contents of the menu can be customised and allows links to URLs to support the patient journey and workflow
Configuration forms allowing administrators to customise the behaviour of some areas of MAXIMS.
System and role based configuration flags to allow the tailoring of MAXIMS to support many different health care agencies
User Defined Assessments to allow clients to recreate paper assessments within MAXIMS and build them into the workflow
Configurable lookups and hotlists providing control over the contents and order of drop down menus through the system.
Role based access rights and flags allow further tailoring of the behaviour of MAXIMS at a local level
Scaling
- Independence of resources
-
We provide a guaranteed service delivery and system response time for each user. We also provide Guaranteed resources that are a stated minimum of memory, CPU and disk size or space for each customer.
The service is not affected by the demands of other users. We do have resource reservations and shares on our connectivity services that are not dedicated to our customers - such as internet bandwidth. In addition, the capacity planning team ensure that connectivity usage in terms of all resources are constantly monitored and increased accordingly to demand
Analytics
- Service usage metrics
- Yes
- Metrics types
-
The SLA details the hours of cover as well as the target response and resolution times for each Incident Severity.
Our Service Delivery Manager utilises the system to generate data extracts for our customer performance monitoring reports. The system contains several standard data extract reports as well as an ad-hoc reporting module which enables us to produce customer specific reports when required. These reports can be generated by our Service Management team at any time for any given time period. - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- The customer has complete autonomy of how data is stored and managed within their virtual environment. Data can be extracted either from within the VM (for example, copying data over virtual networks), or the entire VM (for example, exporting as a VMDK or OVF).
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection between networks
-
Our hosting partner offers the choice of connecting:
• Via the internet using additional encryption such as TLS 1.2
• IPSec VPN tunnels
• Via private networks such as leased lines or MPLS
• Via public sector networks such as PSN, N3, HSCN, Janet - Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection within supplier network
- Our hosting partner uses dedicated CAS-T circuits between each of their sites to ensure the protection of customer data in-flight. The partner additionally encrypts this data within their Elevated OFFICIAL platform. All data flows are also subject to a protective monitoring service.
Availability and resilience
- Guaranteed availability
-
We confirm that the application can be hosted within an environment that provides full disaster recovery services.
We will configure the MAXIMS solution according to local requirements but for most procurements we are assuming system availability is paramount and so we would propose to provide a high-availability, dual-datacentre (DC) solution, which is disaster resilient and will enable all environments to continue to operate in the event of a disaster impacting either of the datacentres.
Service credits are awarded when performance falls below the contracted level, The number of Service Points awarded to each Service Failure in that Service Period.
The accumulated total of Service Credits available.
A rolling total of the number of Service Failures that have occurred and the amount of Service Credits that have been incurred over the past six months; - Approach to resilience
-
Multiple MAXIMS Application Servers and Report Servers will be configured as a cluster of VMs across these hosts and, should one of these servers fail or be taken out of service for maintenance work, then the remaining servers in the VM cluster will take up the additional workload. With the rapid recovery features in VMware your preferred method for resilience may be to dynamically provision new servers as and when a failure occurs. Your local preferences will dictate your approach to resilience and availability but be assured that MAXIMS can be configured to meet your needs.
A number of options enable you to build resilience into your applications. We offer Private Cloud Compute from two geographically distinct sites, both located in the UK and separated by over 100km for excellent geo-diversity. - Outage reporting
- All outages will be reported via the Service Status page and the notifications service within the Cloud Portal. Outages are identified as Planned maintenance, Emergency maintenance, and platform issues. In addition, the designated Technical Account Manager will proactively contact customers as appropriate.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Limited access network (for example PSN)
- Username or password
- Other
- Other user authentication
- Username and strong password/passphrase enforcement
- Access restrictions in management interfaces and support channels
-
Separation and access control within management interfaces
User access control within management interfaces
Consumers manage only their own service, and cannot access, modify or otherwise affect the service of other consumers via management tools and interfaces.
Customers have the option to raise a support request via telephone or email. Our hosting partner will always authenticate the identity of the user by validating known phone numbers and asking them for specific characters within their pre-agreed memorable word. The management interfaces are only available on the network. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Limited access network (for example PSN)
- Username or password
- Other
- Description of management access authentication
- This is done through the use of Role Based Access.
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- NQA
- ISO/IEC 27001 accreditation date
- 24/08/2021
- What the ISO/IEC 27001 doesn’t cover
- Nothing
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 28th October 2016
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- Nothing
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- Data Protection Act Registration - Z6940443
- Certified to ISO9001:2008
- MAXIMS conformation ISB0129 Patient Safety Risk Management System
- Accordance with BSISO/IEC 27002 Code of Practice Information Security Management
- MAXIMS conformation BSISO/IEC 12207 software life cycle processes.
- MAXIMS conformation ISB0129 Manufacture of Health Software.
- IGSOC V13 connection to NHS Digital
- Accreditation to PRSB standards
- Records Management – NHS Code of Practice
- Access to Medical Reports & Health Records acts
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
IMS MAXIMS has a documented framework for security governance, with policies governing key aspects of information security relevant to the service.
Security and information security are part of the service provider’s financial and operational risk reporting mechanisms, ensuring that the board would be kept informed of security and information risk.
Processes to identify and ensure compliance with applicable legal and regulatory requirements.
Our hosting partner has a number of inter-connected governance frameworks in place which control both how the Company operates and the manner in which it delivers cloud services to its customers. These have been independently assessed and certified against ISO20000, ISO27001 and ISO27018 by LRQA, a UKAS accredited audit body. The service is governed by an integrated suite of information security policies. Under the top level Information Security Policy itself are second-level documents with specific focus on Acceptable Use, Antivirus Protection, Asset Management, Business Continuity Management, Data Protection, Password Management, Personnel Management, Supply Chain Management and many others.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Our hosting partner has documented configuration and change management policies and processes, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 standard. Formal configuration management activities, including record management and asset reporting, are monitored and validated constantly, and any identified discrepancies promptly escalated for investigation. A robust, established process for the formal submission of change requests is mandated prior to review and approval of the daily Change Advisory Board, which is attended by a quorum of operational and technical management personnel.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Potential new threats, vulnerabilities or exploitation techniques which could affect your service are assessed and corrective action is taken
Relevant sources of information relating to threat, vulnerability and exploitation techniques are monitored by the service provider
The severity of threats and vulnerabilities is considered within the context of the service and this information is used to prioritise the implementation of mitigations.
Our change management process ensures known vulnerabilities are tracked until mitigations have been deployed
We ensure we know service provider timescales for implementing mitigations and are happy with them
Patches are applied when necessary depending on their assessed priority - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
The service generates adequate audit events which we use to support effective identification of suspicious activity. Audit reports are run at regular intervals. Any attempts at unauthorised access are alerted to the system manager. These events are analysed to identify potential compromises or inappropriate service use.
We take prompt and appropriate action to address incidents. Incidents are categorised by laid down priorities which each have response times for remedial action.
Following best practice from National Cyber Security Centre, our service has enhanced protective monitoring, including checks on time sources, cross-boundary traffic, suspicious boundary activities, network connections and backup status etc. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Incident management processes are in place for the service and are actively deployed in response to security incidents
Pre-defined processes are in place for responding to common types of incident and attack
A defined process and contact route exists for reporting of security incidents by consumers and external entities
Security incidents of relevance to you will be reported in acceptable timescales and formats
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- NHS Network (N3)
- Health and Social Care Network (HSCN)
Social Value
- Fighting climate change
-
Fighting climate change
IMS MAXIMS are committed to supporting zero carbon footprint. We have invested in technology to support remote meetings via conference calls and video to avoid travel. We encourage staff to use public transport whenever possible and to work from home. - Equal opportunity
-
Equal opportunity
IMS MAXIMS is committed to the policy of equal treatment of all employees and applicants, and requires all employees, of whatever grade or authority, to abide by and adhere to this general principle and the requirements of the Code of Practice issued by the Equal Opportunities Commission, the Commission for Racial Equality, under the Disability Discrimination Act.
It is IMS MAXIMS’ policy to treat job applicants and employees in the same way, regardless of their sex, sexual orientation, age, race, ethnic origin or disability. Further, the organisation will monitor the composition of the workforce and introduce positive action if it appears that this policy is not fully effective.
Pricing
- Price
- £2.22 to £2.74 a transaction
- Discount for educational organisations
- No
- Free trial available
- No