PATIENTSOURCE LIMITED

PatientSource

PatientSource's electronic healthcare platform is built around the modern healthcare professional. Clinicians lead our design team, ensuring that the workflows of your routine are supported. Our systems work where you work, by the bedside or in the community. We enable secure communication; with colleagues, IT systems, external organisations and patients.

Features

• Clinician designed user interface empowering minimal click access to information
• Modular solution – incrementally and safely build your platform
• Elastic-data-structure allows customers to apply solution to unique usecases easily
• Electronic Prescribing and Medicines Administration (EPMA)
• Electronic Patient Observations (eObs)
• Contemporaneous clinical noting including attachments and sketching
• Laboratory and Radiology test ordering and results viewer (Order Comms)
• Electronic patient referrals, appointments and admissions management (PAS)
• Dynamic patient pathways to tailor patients' treatment plans
• Pharmacy and surgical theatres management tools

Benefits

• Intuitive UI reduces clinician fatigue and reduces clinical risk
• Provides accountability and speed of access to data
• Minimises the timeline from 'data to decision' for clinical activities
• Optimises reporting of key clinical data metrics
• Streamlines access to benefits of third-party solutions through partner programme
• Unifies admin and clinical teams within agreed clinical processes
• Dramatically improves patient safety
• Advanced analytics enables refined future years service planning
• Defined pathways ensure adherence to statutory responsibilities
• Provides a foundation to achieve a high CQC rating

£15,000.00 to £1,000,000.00 a licence

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lee.francis@patientsource.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

987190121245912

Contact

Lee Francis
01223851273
lee.francis@patientsource.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Primarily deployed as a standalone service for many clinics but can also plug in to existing Patient Administration Systems and other healthcare IT software solutions to augment your organisation's capabilities.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No hard constraints.
• System requirements:
  • Modern standards compliant internet browsers.
  • A reliable internet connection.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Urgent - 10mins; High - 30mins; Medium - 4 Hours; Low - 24 Hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: PatientSource operates 1 level of support included in the customers annual license fee. ; ; PatientSource agrees to provide First line support to the Customer in the form of a 24/7/365 support line. This support line will provide “Level 1” support for most issues likely to be encountered by the Customer and a telephone number and/or online means of reaching the support service will be provided by PatientSource.; ; The Customer’s employees should initially contact the Customer’s internal IT support team who, if unable to resolve the issue should escalate the issue to PatientSource’s first line support service.; ; First line support initial response will be less than ten minutes but ordinarily much less than that.; ; First line support may be provided by PatientSource through a third-party contractor; ; Should Level 1 support staff be unable to resolve the Customer’s issue then they will escalate the issue to the Customer’s “Level 2a” support where further investigation may be required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: An initial meeting will be held with the client to gather the requirements so we ensure we agree scope of the project. This meeting will involve a Technical Configuration Analyst, and a Project Manager. ; This meeting will include the gathering of information to produce a Statement of Work, the SoW will provide a breakdown of tasks involved for the project, roles & responsibilities, timelines, costs, training requirements, quality assurance and testing procedures.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Video tutorials
• End-of-contract data extraction: This is provided in a mutually agreed format at the end of the contract usually provided in excel format (CSV) as standard although other formats may be available upon request, such as a database view/extracts or PDF.
• End-of-contract process: Following expiration or notification of cancellation we will engage with the client to confirm the termination date and agree timeframes for supplying the client data to them. If additional/bespoke reporting requirements are requested this would be costed appropriately.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service layout dynamically scales and adjusts for different device screen sizes. Note - not all views are optimised for smaller mobile phone screens, 'phablet'/tablet devices are recommended for use in care settings.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Users can obtain an API key through our admin interface. The API can be used to view, amend or create patient demographics, casenotes, admissions and most other parts of the patient record.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Almost all areas of the product can be extensively customised. There is an admin panel that allows users to self-customise, and we have configuration specialists who can help you get even more out of our offerings. In particular the ability to create casenotes and documents to exactly fit customer needs is very popular, as is our tracker capability that allows customers to set up complex patient workflows fully supported in the system.

Scaling

• Independence of resources: We can offer deployments with completely independent resources to our customers, so that they do not need to compete with other customers.

Analytics

• Service usage metrics: Yes
• Metrics types: Using SQL Explorer, we provide usage reports to meet the clients needs. These can include connection to third party tools such as Power BI.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: We can offer customers a separate near real time replica of their database for data analysis and reporting purposes. ; ; Customers are also able to use the SQL Explorer functionality to query their data and export as required. These queries can be saved and scheduled for repeated exports at interval determined by the customer
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • PDF
  • Excel
  • JSON
  • RTF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We offer a range of SLA's dependant on customer requirements. PatientSource agrees to provide First line support to the Customer in the form of a 24/7/365 support line. This support line will provide “Level 1” support for most issues likely to be encountered by the Customer and a telephone number and/or online means of reaching the support service will be provided by PatientSource.; ; The Customer’s employees should initially contact the Customer’s internal IT support team who, if unable to resolve the issue should escalate the issue to PatientSource’s first line support service.; ; First line support initial response will be less than ten minutes but ordinarily much less than that.; ; First line support may be provided by PatientSource through a third-party contractor; ; Should Level 1 support staff be unable to resolve the Customer’s issue then they will escalate the issue to the Customer’s “Level 2a” support where further investigation may be required.
• Approach to resilience: We take a containerised high availability approach to our deployments with full fail over and fail back across availability zones. There is also an option for on-site fail over for business continuity/disaster recover scenarios.; Full information available on request.
• Outage reporting: We facilitate the use of multiple monitoring tools including cloud platform monitoring tools and third-party availability monitoring tools. Alerts and dashboards can be set up on customer request. Most typically these are SMS/email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: User access can optionally be limited by IP address or IP address range as an addition to other authentication methods.
• Access restrictions in management interfaces and support channels: Only authorised administration users can access the admin panel for PatientSource. Further more, the access that these users have can be further managed on a granular level down to individual sections of individual system modules including read/write specific permissions.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: User access can optionally be limited by IP address or IP address range as an addition to other authentication methods.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: CIS (isocis.com)
• ISO/IEC 27001 accreditation date: 06/01/2022
• What the ISO/IEC 27001 doesn’t cover: None
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: PatientSource Ltd operate a Information Security Management System which contains Information Security and Governance, Acceptable Use and Breach Policies. The policies are implemented through the processes that PatientSource Ltd has adopted. Particular to the ISMS there are the following processes; ISMS Disciplinary Process, ISMS Management Review Process and Information Security Management System Process. Staff are asked to confirm they have read and understood these documents as part of the onboarding as well as when they are reviewed.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to our product, architecture and environment are authorised, reviewed and fully audited.; We use JIRA and JIRA Service Management to document and track bug fixes, releases, upgrades, maintenance and other elements that might impact our production environment.; All changes are tested in house by our UAT team before being applied to customer test instances and tested by the customer. After passing they are applied to live customer instances in collaboration with the customer.; New releases are accompanied by release notes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We perform annual penetration testing to find high level threats.; We work with specialist security partners to further identify and assess any threats.; When vulerabilities are spotted we deploy patches as quickly as possible. For highest priority issues we have deployed patches within minutes, for lower priority issues they will be patched in line with standard release cycles.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our systems are continuously monitored and alerts are configured to detect unusual activity.; There is a full audit capability within the system to allow us to trace all user activity as well as backend logging.; When potential compromises are found an incident is logged in our service desk and all on-call employees are notified and immediately will login, assess and secure the situation.; For critical compromises we respond within minutes.
• Incident management type: Supplier-defined controls
• Incident management approach: All incidents are logged in our service desk and will be tracked and updated within that system. Users are expected to report through the service desk as well, and there is the capability there to log a top level incident which will immediately alert on call specialists to respond.; If an incident cannot be resolved by the on call employee there is an escalation chain which is used.; Incident reports are typically provided in a rapid manner via the service desk and followed up by a written document to any affected users.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Wellbeing

  Fighting climate change

  The use of paper records in healthcare not only presents a clinical risk to patients but also a huge environmental burden in the management, transport and storage of vast volumes of paper documents. The use of cloud data management solutions such as PatientSource dramatically reduces this carbon footprint and saves the need to cut down trees required to make the paper in the first place.

  Covid-19 recovery

  PatientSource facilitates the delivery and management of remote/virtual healthcare for patient cohorts in cases where travelling to a healthcare organisation presents an avoidable risk of infection for vulnerable individuals. The solution can also be used to manage the provision of mental healthcare services.

  Wellbeing

  PatientSource is designed to benefit both the patients of a healthcare organisation as well as its employees. Not only does this solution empower the organisation to deliver higher quality patient care but it reduces stress and administrative burdens on those individuals providing that care, freeing them up to focus on what's most important.

Pricing

• Price: £15,000.00 to £1,000,000.00 a licence
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Access to a trial version of PatientSource can be made available free of charge for a limited period for evaluation purposes only and should not be used for real patient data. This does not include integrations to other services with the customer's IT infrastructure or customisation of proformas.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at lee.francis@patientsource.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.