Integrated Medical Solutions Ltd


MAXIMS is a sophisticated and scalable Emergency Department solution that supports the specific workflows in the department. In so the system collects the required data to provide a detailed patient record as well as comply with the mandated ECDS reporting requirements.


  • A full ED Solution designed for the NHS
  • Link Integrated Care Pathways to Problems
  • Triage/Assessment supports streaming registered patients for Triage
  • Integrated orders and results
  • Clinician Worklist/Assessment Clinical Noting, Forms and Assessments
  • Discharge Summaries and Outcomes
  • Flexible tracking and KPI configuration
  • Coding interventions and treatments
  • Integrated ‘Decision to Admit’ with bed management functions
  • Boiler plate templates for clinical noting


  • Improved patient outcomes and service efficiency
  • Recommended by NHS England for delivering safe and integrated care
  • Historic and real time reporting available
  • Quick Registration for Ambulance handover
  • Single screen data capture improves data quality and reduces errors
  • Accurate patient tracking data - allows identification of problem areas
  • Waiting times reduced by quick triage/prioritising process
  • Specialist referral Management and 4 hour wait targets improvment
  • Clinical empowerment and engagement in software enhancements and development road-map
  • Increased returned patient loan equipment = reduced replacement cost


£2.22 to £2.74 a transaction

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

9 8 2 4 6 5 7 0 7 7 1 0 9 4 1


Integrated Medical Solutions Ltd IMS MAXIMS Bid Team
Telephone: 0203 66 86 999

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
There will be times when the system is unavailable for scheduled maintenance. These times will be agreed in advance with the client.

User access to the system is limited by Username and strong password/passphrase enforcement. These will need to be set up for each user in conjunction with the client.

Data centre access is available to our staff only

Support for specific hardware configurations only

Must include specified top-of-rack/end-of-rack network switches
System requirements
  • Access through Health and Social Care Network
  • End-user devices running MS Edge Chromium/Chrome/Safari
  • Software licences for each end user
  • Suitable network connection between end-user device and central serve
  • GBgroup Matchcode licence
  • VMWare licence
  • Windows 2019 and MSQL 2019 and above
  • Suitable firewall
  • Customers will require appropriate network connectivity
  • Customer responsible for data security over their connectivity method

User support

Email or online ticketing support
Email or online ticketing
Support response times
As per the service level agreement response times
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
We provide several support options to our customers.
However, we can be flexible and offer variations to this.
• Standard - 9am to 5pm, Monday to Friday, excl. Bank and Public Holidays;
• Extended - 8am to 6pm, Monday to Friday with the possibility of weekend cover and including Bank and Public Holidays;
• Premium - 24/7/365 for mission critical solutions

There is an uplift to the standard and extended packages if 24/7/365 is required. Cost is dependent upon the size and scope of the service required.

Yes we provide a technical account manager
Support available to third parties

Onboarding and offboarding

Getting started
Our approach would be to work collaboratively with each Trust using our standard, tried & tested, implementation methodology to implement our application. Our implementation approach has been developed over many years of experience of managing and implementing healthcare solutions throughout the UK and Ireland.

Our plan provides a very detailed, standardised and repeatable approach for implementation, augmented with new data after each implementation and will be refined through discussions with each Trust during the Project Initiation Stage to take into account local variances in approach.

It has been validated in several successful implementations and can be taken as a proven ‘model’ of how the project will proceed and provide confidence in the delivery of the contracted deliverables to agreed deadlines.

Project governance and benefits realisation are intrinsic to the approach. Risks and Issues are managed following the framework set out by the OGC, whereby they are assessed and scored against likelihood and consequence across multiple domains and plans put in place to monitor and mitigate. Embedded controls include regular reviews to allow a realistic look at the project’s direction and performance at critical stages and to adjust as needed.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Microsoft Word
  • ELearning Packages
End-of-contract data extraction
The customer has complete autonomy of how data is stored and managed within their virtual environment. Data can be extracted either from within the VM (for example, copying data over virtual networks), or the entire VM (for example, exporting as a VMDK or OVF).
End-of-contract process
We will return all your data and materials which cannot be deleted or exported by you, and securely destroy all copies of your data on your written instruction.  We will return any pre-paid sums for services not delivered to you. We will not penalise you for terminating your contract with us unless specifically stated in the Service Definition. We will also return all of your confidential information, unless there is a legal requirement that we keep it.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The differences are in the screen size available for viewing the system. This is taken into account for mobile access.

The technology used is different between mobile and desktop.

We have specific applications for both iOS and Android
Service interface
User support accessibility
None or don’t know
What users can and can't do using the API
IMS MAXIMS is a founding member of the INTEROPen group which was formed to accelerate the development of open standards for interoperability in the health and social sector. We are currently working within INTEROPen in the design and curating of the technical interoperability standards, this includes areas such as data exchange, data validation, defining APIs and governance.  We are currently in the process of developing and in publishing our APIs based on the INTEROPen CareConnect candidate FHIR resource profiles: This will provide support for resources such as:
•         Allergy Intolerance
•         Condition
•         Encounter
•         Family Member History
•         Flags
•         Locations
•         Medication
•         Observation
•         Patient
•         Practitioner
•         Procedure
We are working on the current DSTU 2 final version of the HL7 FHIR standard. Our roadmap includes support for current draft standards e.g. FHIR STU3. Our currently developed FHIR standard implementation supports the REST API through HTTPS protocol, enabling any application to safely/securely consume our implementation of FHIR standards. Via our FHIR based APIs we can expose the patient’s longitudinal patient record and support flow of data between care settings. 

See later q/a for configurability
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
MAXIMS has a variety of functionality to provide a high degree of local configurability. Local patient journeys are supported through the MAXIMS configuration features listed below:
        Configurable starting form for each role supporting different entry points
        User defined navigations allowing clients to match the navigation to the workflow. The navigations may contain system forms, user defined forms and reports. The content, groupings and order are all configurable. 
        Configurable top menu bar allowing different menu bars for each user role. The contents of the menu can be customised and allows links to URLs to support the patient journey and workflow
        Configuration forms allowing administrators to customise the behaviour of some areas of MAXIMS.
        System and role based configuration flags to allow the tailoring of MAXIMS to support many different health care agencies
        User Defined Assessments to allow clients to recreate paper assessments within MAXIMS and build them into the workflow
        Configurable lookups and hotlists providing control over the contents and order of drop down menus through the system.
        Role based access rights and flags allow further tailoring of the behaviour of MAXIMS at a local level


Independence of resources
We provide a guaranteed service delivery and system response time for each user. We also provide Guaranteed resources that are a stated minimum of memory, CPU and disk size or space for each customer.

The service is not affected by the demands of other users. We do have resource reservations and shares on our connectivity services that are not dedicated to our customers - such as internet bandwidth. In addition, the capacity planning team ensure that connectivity usage in terms of all resources are constantly monitored and increased accordingly to demand


Service usage metrics
Metrics types
The SLA details the hours of cover as well as the target response and resolution times for each Incident Severity.
Our Service Delivery Manager utilises the system to generate data extracts for our customer performance monitoring reports.  The system contains several standard data extract reports as well as an ad-hoc reporting module which enables us to produce customer specific reports when required. These reports can be generated by our Service Management team at any time for any given time period.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The customer has complete autonomy of how data is stored and managed within their virtual environment. Data can be extracted either from within the VM (for example, copying data over virtual networks), or the entire VM (for example, exporting as a VMDK or OVF).
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
Our hosting partner offers the choice of connecting:
• Via the internet using additional encryption such as TLS 1.2
• IPSec VPN tunnels
• Via private networks such as leased lines or MPLS
• Via public sector networks such as PSN, N3, HSCN, Janet
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
Our hosting partner uses dedicated CAS-T circuits between each of their sites to ensure the protection of customer data in-flight. The partner additionally encrypts this data within their Elevated OFFICIAL platform. All data flows are also subject to a protective monitoring service.

Availability and resilience

Guaranteed availability
We confirm that the application can be hosted within an environment that provides full disaster recovery services.
We will configure the MAXIMS solution according to local requirements but for most procurements we are assuming system availability is paramount and so we would propose to provide a high-availability, dual-datacentre (DC) solution, which is disaster resilient and will enable all environments to continue to operate in the event of a disaster impacting either of the datacentres.
Service credits are awarded when performance falls below the contracted level, The number of Service Points awarded to each Service Failure in that Service Period.
The accumulated total of Service Credits available.
A rolling total of the number of Service Failures that have occurred and the amount of Service Credits that have been incurred over the past six months;
Approach to resilience
Multiple MAXIMS Application Servers and Report Servers will be configured as a cluster of VMs across these hosts and, should one of these servers fail or be taken out of service for maintenance work, then the remaining servers in the VM cluster will take up the additional workload. With the rapid recovery features in VMware your preferred method for resilience may be to dynamically provision new servers as and when a failure occurs. Your local preferences will dictate your approach to resilience and availability but be assured that MAXIMS can be configured to meet your needs.

A number of options enable you to build resilience into your applications. We offer Private Cloud Compute from two geographically distinct sites, both located in the UK and separated by over 100km for excellent geo-diversity.
Outage reporting
All outages will be reported via the Service Status page and the notifications service within the Cloud Portal.  Outages are identified as Planned maintenance, Emergency maintenance, and platform issues.  In addition, the designated Technical Account Manager will proactively contact customers as appropriate.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
  • Other
Other user authentication
Username and strong password/passphrase enforcement
Access restrictions in management interfaces and support channels
Separation and access control within management interfaces
User access control within management interfaces
Consumers manage only their own service, and cannot access, modify or otherwise affect the service of other consumers via management tools and interfaces.

Customers have the option to raise a support request via telephone or email. Our hosting partner will always authenticate the identity of the user by validating known phone numbers and asking them for specific characters within their pre-agreed memorable word. The management interfaces are only available on the network.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
  • Other
Description of management access authentication
This is done through the use of Role Based Access.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
28th October 2016
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • Data Protection Act Registration - Z6940443
  • Certified to ISO9001:2008
  • MAXIMS conformation ISB0129 Patient Safety Risk Management System
  • Accordance with BSISO/IEC 27002 Code of Practice Information Security Management
  • MAXIMS conformation BSISO/IEC 12207 software life cycle processes.
  • MAXIMS conformation ISB0129 Manufacture of Health Software.
  • IGSOC V13 connection to NHS Digital
  • Accreditation to PRSB standards
  • Records Management – NHS Code of Practice
  • Access to Medical Reports & Health Records acts

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
IMS MAXIMS has a documented framework for security governance, with policies governing key aspects of information security relevant to the service.

Security and information security are part of the service provider’s financial and operational risk reporting mechanisms, ensuring that the board would be kept informed of security and information risk.
Processes to identify and ensure compliance with applicable legal and regulatory requirements.

Our hosting partner has a number of inter-connected governance frameworks in place which control both how the Company operates and the manner in which it delivers cloud services to its customers. These have been independently assessed and certified against ISO20000, ISO27001 and ISO27018 by LRQA, a UKAS accredited audit body. The service is governed by an integrated suite of information security policies. Under the top level Information Security Policy itself are second-level documents with specific focus on Acceptable Use, Antivirus Protection, Asset Management, Business Continuity Management, Data Protection, Password Management, Personnel Management, Supply Chain Management and many others.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our hosting partner has documented configuration and change management policies and processes, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 standard. Formal configuration management activities, including record management and asset reporting, are monitored and validated constantly, and any identified discrepancies promptly escalated for investigation. A robust, established process for the formal submission of change requests is mandated prior to review and approval of the daily Change Advisory Board, which is attended by a quorum of operational and technical management personnel.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Potential new threats, vulnerabilities or exploitation techniques which could affect your service are assessed and corrective action is taken
Relevant sources of information relating to threat, vulnerability and exploitation techniques are monitored by the service provider
The severity of threats and vulnerabilities is considered within the context of the service and this information is used to prioritise the implementation of mitigations.
Our change management process ensures known vulnerabilities are tracked until mitigations have been deployed
We ensure we know service provider timescales for implementing mitigations and are happy with them
Patches are applied when necessary depending on their assessed priority
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The service generates adequate audit events which we use to support effective identification of suspicious activity. Audit reports are run at regular intervals. Any attempts at unauthorised access are alerted to the system manager. These events are analysed to identify potential compromises or inappropriate service use.
We take prompt and appropriate action to address incidents. Incidents are categorised by laid down priorities which each have response times for remedial action.

Following best practice from National Cyber Security Centre, our service has enhanced protective monitoring, including checks on time sources, cross-boundary traffic, suspicious boundary activities, network connections and backup status etc.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incident management processes are in place for the service and are actively deployed in response to security incidents
Pre-defined processes are in place for responding to common types of incident and attack
A defined process and contact route exists for reporting of security incidents by consumers and external entities
Security incidents of relevance to you will be reported in acceptable timescales and formats

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

Fighting climate change

Fighting climate change

IMS MAXIMS are committed to supporting zero carbon footprint. We have invested in technology to support remote meetings via conference calls and video to avoid travel. We encourage staff to use public transport whenever possible and to work from home.
Equal opportunity

Equal opportunity

IMS MAXIMS is committed to the policy of equal treatment of all employees and applicants, and requires all employees, of whatever grade or authority, to abide by and adhere to this general principle and the requirements of the Code of Practice issued by the Equal Opportunities Commission, the Commission for Racial Equality, under the Disability Discrimination Act.

It is IMS MAXIMS’ policy to treat job applicants and employees in the same way, regardless of their sex, sexual orientation, age, race, ethnic origin or disability. Further, the organisation will monitor the composition of the workforce and introduce positive action if it appears that this policy is not fully effective.


£2.22 to £2.74 a transaction
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.