Community Mobile Patient Record EPR App

We provide an app (android-tab) and a web version of our software, which displays an integrated clinical record from multiple sources. We use interoperability standards throughout, allowing us to pull information into the app and push it back. We provide tailored systems for services in community services with online/offline working.


  • Integrated clinical record
  • Interoperability standards used
  • Online and offline working
  • Community service patient management
  • API use
  • Push and pull data
  • AI for user input
  • Tablet and web use
  • Secure mobile working
  • Patient access to records


  • Manage patients in community settings
  • Saves time
  • View integrated record
  • Supports best practice
  • Interoperability standards in place
  • Link to any system using standards
  • Access to records anywhere anytime
  • Offline working supported
  • Patient access to records to monitor health
  • Reporting included


£120 to £150 a user a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

1 6 9 8 2 8 6 8 5 6 9 3 2 6 7


SIDQAM LTD Business Development Unit
Telephone: 07737714106

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Can be integrated with existing electronic patient record (EPR) /Case management system/Maternity system/PAS with HL7 standard messages.
Cloud deployment model
Private cloud
Service constraints
- N3/HSC network
- Viewing external patient data is dependent on having active sharing data agreements in place.
System requirements
  • Server housed within the NHS cloud environment
  • Minimum specification for PC/Web environments
  • Minimum specification for Android Tab environments

User support

Email or online ticketing support
Email or online ticketing
Support response times
Email to
Support is provided in line with our support levels below.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
P 1 - Service unavailable for all users - Resolution time 6 working hours

P 2 - Individual Direcht service unavailable - Resolution time 8 working hours

P 3 - Core/Clinical module failure - Resolution time 24 working hours

P 4 – Non-core module failure - Resolution time 50 working hours

P 5 – New requirements or screen changes or UX issues- Resolution time potential future release if agreed by supplier-customer support group
Support available to third parties

Onboarding and offboarding

Getting started
Training is provided as part of the implementation project. The trust should nominate clinical champions / expert users to deal with routine queries after implementation. Documentation is also provided and there is help within the system.
The apps are intuitive, based on current recording methods, so will be familiar to staff.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The data stored from our systems is usually pushed back into existing EPR. If no system exists, a copy of new data collected will be stored on the server housed at the trust; the trust always has access and control of its data. If the trust chooses not to use the app, the data would remain accessible on the trust server.
End-of-contract process
All data will be extracted from the system and provided to Trusts in JSON/XML format.

Once the trusts confirms safe receipt of data on their systems Sidqam Ltd will destroy all the data present on our servers and provide a written confirmation of the same.

Data extraction in another format other than JSON/XML will incur a cost / tbf.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install
Compatible operating systems
Designed for use on mobile devices
Differences between the mobile and desktop service
The Android Tab is designed a carry away system to read and write data to. This will work both online and offline.

The web version is a read only view of the data and MIS reporting are available through the web.
Service interface
What users can and can't do using the API
Patient API allows a third party system to consume data from Direcht Systems and it allows users to put consultations into the patient’s medical record as a consultation.
Direcht Systems has the functionality to send structured data (ISO 13606 models) to a third party solution in order to allow transfer of care between systems.

Sidqam is open to working with any third party supplier and our interface specifications are based on existing healthcare standards such as HL7.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
We work with trusts during implementation to tailor clinical screens to both display useful information and allow staff to record information. All clinical screens can be customised to meet trust requirements.

In addition the system also has a built in functionality which adopts to users pattern of using the system and adopts its interface.


Independence of resources
Direcht Systems provide both vertical and horizontal scaling.

The system has been designed to manage large volumes of patient transactions in an efficient manner.

The use of ISO13606 as the underlying architecture provide the flexibility to scale and adopt.


Service usage metrics
Metrics types
We provide a series of metrics based on data available. However trusts can define metrics they wish to view, the reporting tools are included in the software.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Data is stored in a way that demographic data and clinical data are stored in different set of tables. They are only linked at run-time with the two factor authentication.
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
The Direcht systems provide an out of box reporting tools accessible via its web version which can be exported to Microsoft Excel for further analysis. We work with trusts to help define data the requirement and the standards used for export. This is our data extraction services for customers wishing to analyse more complex criteria. We also provide a data analytics service with can be purchased separately.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • XML
  • HL7
Data import formats
Other data import formats
  • JSON
  • XML
  • HL7

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Application availability 98% with a threshold of 96%. Infrastructure downtime or other incidents within Force Majeur, planned or unplanned, is excluded from this calculation.
Approach to resilience
Available on request. Resilience provided by underlying hosting platform.
Outage reporting
E-mail alerts

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
• Username and two-factor authentication
• Limited access over dedicated link, enterprise or community network
• Role Base Access Controls (RBAC)
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Sidqam Ltd is committed to ensuring security governance is given the highest level of importance. We have consultants who have worked in the security and information governance domain and are helping us to achieve the ISO/IEC 27001 certification.
Information security policies and processes
Our Information Security management System is used as a tool to assist us to identify and comply with business and legal/regulatory requirement and contractual security obligations. All Procedures are reviewed once a year to make sure they comply. All staff are required to comply with our information security guidelines.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our configuration and change management processes services are aligned to ITIL. All build and configuration assets are version controlled using source control. All changes are peer reviewed by at least two others and UAT performed before being merged into the base codebase.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We do in-house penetration testing. Any known vulnerabilities should be patched within 24 hours. In addition we have robust vulnerability management processes in place within Microsoft Azure to identify, triage, and mitigate vulnerabilities.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Realtime monitoring is in place to monitor potential compromises.
Microsoft Azure communicates any data breach if it becomes aware of such.
Escalation processes are in place once any compromise is identified.
The degree of compromise will determine resource allocation and urgency of response. In most cases any compromise will be addressed immediately.
Incident management type
Supplier-defined controls
Incident management approach
Customers can phone or email with incidents. We use an incident management tool (Zoho) that has built-in reporting. In addition we also have procedures for
- Conducting risk assessments for discovered security incidents.
- Notify clients in the event a security incident occurs.
- Revising our annual Security Risk Analysis and Risk Management Plan as necessary.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Connected networks
NHS Network (N3)


£120 to £150 a user a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.