MIG Primary Care Data Set Service
MIG is secure middleware technology providing a two way exchange of patient data between different healthcare organisations. MIG Primary Care dataset service caters for the real time retrieval and display of patient record information for a pre-defined dataset related to a specific condition or pathway
Features
- Real-time retrieval and display of patient record information
- Specialist view made up of specific coded entries for condition/pathway
- Journal view provides single view of all encounters chronologically
- Service Discovery Locator: locate a patient and ascertain what's available
- Integrated embedded view within consuming syste
- Fully auditable
- Ability to share local or nationally
- Cost effective
- Fully managed end to end service
- Journal View displays all free text
Benefits
- Immediate access to patient data in real time
- Fully auditable
- 24/7 access to live patient data
- Reduces administration overheads and avoids unnecessary appointments/treatment delays
- Provides safeguarding/mental health information
- Better co-ordinated care; improving patient satisfaction and clinical safety
- Manipulate structured data for analysis; improving care planning and outcomes
- Free text ensures clinicians have full picture
- Specific views removes need for cross referencing screens
- Provides confidence clinician acting in line with patient wishes
Pricing
£0.04 a user
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
9 8 3 2 7 6 4 3 3 5 6 8 9 2 8
Contact
EMIS Ltd
Bid Team
Telephone: 0113 380 3000
Email: bids@emishealth.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Health information exchange, portal, electronic medical records, electronic patient records, integration engines, healthcare clinical systems, patient apps.
- Cloud deployment model
- Private cloud
- Service constraints
-
• Core systems being EMIS Health, Vision, TPP or Microtest
• Full streaming to Vision 360 for Vision sites
• PDS and/or MIG Trace, Extended Patient Trace
• Sharing Agreements in place with relevant endpoints as per content model
• EMIS have a monthly maintenance window for 1 hour per month on a Wednesday between the hours of 12:00 and 13:00. - System requirements
- Health and Social Care Network or N3 access required
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response times as detailed in MSA depending on incident level. Help Desk available 9am to 6pm Mon to Fri. Help desk remotely monitored at the weekend.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 A
- Web chat accessibility testing
- None or don't know
- Onsite support
- Yes, at extra cost
- Support levels
- Service design and system training support is provided by the Professional Services Team. Commissioners can attend free masterclass sessions held at multiple venues that cover use of the platform but onsite training and support can be provided at a day rate cost of £495.00 plus VAT. Technical support is provided by the technical team. This support type is usually to investigate interoperability using APIs, creating bespoke reports etc. The rate for technical support is £895.00 plus VAT per day. Commissioners can purchase support packs. A three day support pack is available to cover training and service design at a rate of £1200.00 plus VAT.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- EMIS apply a tried tested approach to the deployment of MIG services. Within this context all the project management activity is based upon a tailored plan to meet the individual project requirements, taking into account the varied system estate and resource allocation, which can determine the rate and complexity of the implementation.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
-
- Microsoft Excel
- Microsoft Word
- End-of-contract data extraction
- As the MIG is a bi-directional brokering service it does not hold or store and any data, therefore at the end of the contract there is no data for a customer to extract. The only element that our customer may request is a CSV file which confirms their configuration for example what connectivity there was between organisations . This will be available on request at no extra charge
- End-of-contract process
- At the end of a contract the Specialist Dataset service will be decommissioned. As no data is stored in the MIG service, no data extraction is required. We simply remove the consuming and providing organisations that come under the contract from our sharing agreement configuration using the MIG management portal. There is no additional charges incurred by the customer.
Using the service
- Web browser interface
- No
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
-
Via our API, customers can locate patient information using NHS number or patient demographics. Across multiple care settings and systems, users obtain details about where the patient is registered and what data is available. User select what information they which to retrieve from care setting or system, this can be taken as structured or unstructured patient data depending on system. Data is then shared in real time and presented to accredited MIG client systems based on local sharing agreements.
EMIS have in place a robust accreditation process for partners who wish to connect to our API. Partners will be provided access to our development pack and sandpit environment. Dedicated support is given by our technical integration team. Once connectivity has been achieved, partners will attain MIG accreditation status.
Changes cannot be made to the MIG schemas to accommodate bespoke solutions. The MIG messaging interface is the foundation of the service we provide and facilitates interoperability through the use of a shared standard. - API documentation
- Yes
- API documentation formats
-
- HTML
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- The service can return the patient information as either as a series of 10 tab html views or as structured data. Data is presented as 10 views • Patient summary • Problems • Diagnosis • Medication (current, past and issues) • Risk and warnings • Procedures • Investigations • Examinations (Blood pressure measurements) • Events (Encounters, admissions and referrals) • Patient demographics Users can choose to take all of the above views or a subset of these views as HTML In the case of structured data, users can manipulate and present the data to appear native to the host application, persist this data and amalgamate data to create graphs, charts and dashboards Customisation would be done by the consuming system supplier.
Scaling
- Independence of resources
-
Our infrastructure provides highly optimised services which have been designed to be horizontally scaled.
Each service call is initially load balanced across our service infrastructure to several potential service nodes so that any load is spread evenly across them.
The number of these service nodes has been chosen to far exceed our current load capacity expectations so that any spikes in service usage or long running requests won’t impact our expected response times.
All of our infrastructure components have been carefully chosen to be the best in practice where performance, scalability, and resilience are concerned.
Analytics
- Service usage metrics
- Yes
- Metrics types
- EMIS service metrics by way of a monthly report to customers on request . This demonstrates the total number of transactions for the reported period by organisation. This also includes a breakdown of those successful and failed transactions along with raw data for the period. Enhanced reporting is available at an additional charge. Bespoke analytical reports are available from the service desk on request subject to availability.
- Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- As the MIG is a bi-directional brokering service it does not hold or store and any data, therefore at the end of the contract there is no data for a customer to export.
- Data export formats
- Other
- Other data export formats
- Not applicable no data to export
- Data import formats
- Other
- Other data import formats
- Not applicable no data upload required
Data-in-transit protection
- Data protection between buyer and supplier networks
- Private network or public sector network
- Data protection within supplier network
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
-
EMIS do not guarantee any level of availability, we use reasonable endeavours to provide at least 99% availability in respect of the relevant service during its standard support hours.
Service availability shall be represented as a percentage, calculated as follows:
• actual minutes in month – planned downtime minutes = total service minutes
• total service minutes – unplanned downtime minutes*100% = Availability
Service availability is measured at the end of each calendar month.
For the avoidance of doubt, issues and downtime caused by the acts or omissions of the customer or any third party caused outages or disruptions will be taken into account by EMIS on an appropriate basis when determining the availability measure achieved.
Users are not refunded in the event of EMIS not meeting SLAs - Approach to resilience
-
EMIS operate the service from multiple availability zones to ensure redundancy in case of disaster.
Our application infrastructure is designed to provide resilience through multiple deployments of application nodes within each data centre. Each application node consists of multiple containers where we deploy our application services. This micro-service-based architecture pattern provides resilience through isolation as any failing service is highly unlikely to affect other running services on the same application node. All application nodes are backed by a cluster of databases where data is replicated between them and in the event of any failure, failover can take place to an alternative database. Databases use tiered storage structure to provide a facility to take snapshots at regular intervals to secondary storage so that, in case of any failures, we can restore all data to the last snapshot. - Outage reporting
-
All outages and/or scheduled maintenance are reported to stakeholders using the Atlassian Status Page Software. This software is the method used for all Services provided by EMIS by default all updates are also set to update the Service Delivery Twitter feed.
Stakeholders sign up for this reporting service using the webpage and from their can choose how they receive the alerts (email, text or RSS feed) specifically for them and how often.
The page is updated manually be the Service Delivery team at each stage of an outage (issue, monitoring, resolved) then a root cause analysis provided if appropriate. The API of this software is also linked to our Social Media account on Twitter should the stakeholder prefer this method of communication.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Public key authentication (including by TLS client certificate)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Restricted access to our management interfaces is provided by a firewall IP whitelist. Once the firewall has established a users IP as valid, a user must also have valid username/password credentials to access any of the web portals developed for various elements of our infrastructure. We limit the ability to provide maintenance to a limited number of technical staff and whose access has been approved by heads of departments and elevated by a change process to an internal technical services team for review. The maintenance staff can only access lower levels of our infrastructure by using SSH public-key authentication.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- Public key authentication (including by TLS client certificate)
- Limited access network (for example PSN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- Less than 1 month
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI Group
- ISO/IEC 27001 accreditation date
- 10/09/2022
- What the ISO/IEC 27001 doesn’t cover
- A 14.2.7 Outsourced Development
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
EMIS follow ISO 27001 methodology and are independently certified to the ISO/IEC 27001: 2013 standard.
EMIS are committed to establishing, implementing, operating, monitoring, reviewing and maintaining an Information Security Management System.
EMIS have an overarching information security policy with clear aims and objectives set throughout the business with robust processes in place, which are as follows;
• Information security risk assessment process that assesses the business harm likely to result from a security failure and the realist likelihood of such a failure occurring in the light of prevailing threats and vulnerabilities, and controls currently implemented;
• Defined security controlled perimeters and access controlled offices to prevent unauthorised access, damage and interference to business premises and information;
• Data classification and exchange guidelines, including compliance with regulations;
• Development and maintenance of an appropriate business continuity plan to counteract interruptions to business activities and protect critical business processes;
• Information security awareness guidance for all company employees;
• Incident management and escalation procedures for reporting and investigating security incidents and;
• A senior management team that supports the continuous review and improvement of the companies Information Security Management System.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- This is controlled by our internal development policy here all releases and development work is risk assessed. This process is controlled and managed by the Development team, Product Owner and Clinical Safety Officer. Services are managed during the lifecycle by monitoring their usage, this task is performed by our Product team.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- EMIS follow our secure development policy which outlines a development process that covers secure development coding guidelines. Each development work item is validated by a definition of done which includes having an assessment by an external clinical safety officer. The clinical safety officer is responsible for classifying each work item according to criteria defined by our Safety Hazard Log and, if a vulnerability is identified, then the emergency release process is followed. This is assessed by a change advisory board and the system will be patched at a time and date specified by the change advisory board (within 24 hours)
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- EMIS perform regular PEN tests by external contractors that assess the accessibility of our application programming interfaces (API) against current security standards which are covered by Cyber Essentials, PCI Security Council Standards, CHECK, Crest, and TigerScheme accreditation's. Our PEN tests are scheduled every year or upon any major API changes and any issues are categorised from low to critical. Any issues that are identified as high or critical are address immediately. All other issues are assessed and prioritised by the seriousness of their nature and if any clinical safety is involved and then scheduled into our normal development life cycle.
- Incident management type
- Supplier-defined controls
- Incident management approach
- EMIS have a predefined process in place for all incidents. Users will report this incident via a set template giving a description and severity of the incident this is then handled by the information security officer who will report back to user when the incident has been logged and resolved. During handling the information security officer will resolve the incident via the correct department and put in service improvement if required to prevent re-occurrence.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- NHS Network (N3)
- Health and Social Care Network (HSCN)
Social Value
- Social Value
-
Social Value
Fighting climate changeFighting climate change
EMIS employees are educated annually on environmental matters with an emphasis on personal responsibility regarding energy consumption and waste management. This is supported by relevant policies, such as EMIS’s Group Environmental Policy Statement and company benefits, e.g. during 2021 the Group launched a salary sacrifice scheme for employees to lease electric cars and for individuals to fund tree planting with Ecologi, who provide a route for organisations and individuals to fund climate action projects.
Through Ecologi, EMIS planted 25 saplings for each new employee who joined the business during the previous twelve months, resulting in approx. 7,300 new saplings planted in countries badly affected by deforestation.
Pricing
- Price
- £0.04 a user
- Discount for educational organisations
- No
- Free trial available
- No