Kainos Evolve Limited

Evolve Carepathway Automation

Kainos Evolve provides rapid, repeatable care pathway automation enabling healthcare networks to transform at a pace not possible before.
We enable our customers to deliver high-quality, patient-centric efficient care through better visibility of patient information and management of care pathways across teams and organizations at lower cost.


  • Rapidly automate care pathways for better outcomes at lower cost
  • Software-as-a-service via secure N3/HSCN accredited cloud infrastructure
  • Cross-specialty (eDischarge, eReferral) and speciality-specific (Stroke) care pathways
  • Drag-and-drop development environment, rapidly and easily build care pathways
  • Electronic forms, workflows & alerts to support multi-disciplinary teams
  • Patient centric design with extensible, customisable user interface
  • Unique mobile capability – native iOS and HTML 5
  • Interoperability platform based on FHIR, supports HL7, CDA & Spine
  • Automated data capture from IOT and wearables
  • Telehealth & Telemedicine enabled care pathways


  • Supports the Government’s 2020 personalised health and care agenda
  • Improve efficiency and effectiveness through digital transformation of care
  • Promote safe information exchange across continuum of care
  • Supports joined up care with safe sharing of information
  • Repeatable, flexible collaboration across your care organizations
  • Cost and efficiency savings through reduced emergency admittances
  • Care flows across teams and organizations through digital, clinical workflows
  • Safer co-ordinated care closer to home with reduced clinical error
  • Increased understanding of care recipients’ outcomes
  • Supports digital transformation of healthcare


£75000 per instance per year

Service documents

G-Cloud 10


Kainos Evolve Limited

Matt Cox



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Full details of the Evolve Carepathway Automation service is included in the attached service definition document.
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our standard support response times range from 30 minutes to 5 days depending on the incident categorisation and prioritisation as defined in a tailored service level agreement (SLA) per service.
The tailored SLA also defines the agreed hours of support service availability which can range from 24x7 to weekdays 09:00 to 17:00.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible For many of our support clients we configure private skype groups to allow the client real-time access to the support team.
However, we have not performed any web chat testing with assistive technology users.
Web chat accessibility testing For many of our support clients we configure private skype groups to allow the client real-time access to the support team.
However, we have not performed any web chat testing with assistive technology users.
Onsite support Onsite support
Support levels Our mature cloud support service blends continued service improvement with defect resolution, to ensure user needs, business goals and performance targets are realised and user satisfaction is maximised.

We offer a range of support levels (from 2nd to 4th line) which are aligned to client’s support requirements and defined in a tailored service level agreement. Our support methodology is based on the rigour of ITIL and the flexibility of Agile principles and a Dev Ops culture. This blend results in a robust break-fix service and pragmatic service targets which are ITIL-aligned and underpinned by our ISO 9000, ISO 20000 and ISO 27001 accreditation.

Support is included as part of the service cost.

A typical support team is led by a technical account manager who is responsible for day-to-day support and allocation of support requests to multiple cloud support engineers. This approach provides a resilient support service with sufficient cover to ensure all support requests are managed in an effective and efficient manner.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started One of our goals when designing Evolve Carepathway Automation was to provide care providers with a system that requires no training. We have introduced carefully selected inline help and tutorials to allow new users to get accustomed to the solution quickly. For example, the first time a user logs on, they will be presented with a step by step guide to configure their dashboard. Once the user has configured their dashboard this tutorial will be dismissed.

The Evolve Carepathway Automation solution provides in screen help in the form of frequent, inline contextual tool tips to help users understand fields throughout the screens. Service users have access to on-line help within the majority of the screens to explain their purpose and assist in making best use of solution functionality.

Optional onsite training is available on request.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats IBooks
End-of-contract data extraction Kainos shall make the Evolve API's available to provide the Customer with the capability to extract data from within Evolve.
End-of-contract process Exit management costs are excluded for the contract and can be scoped on a customer by customer basis.

After the end of the contract the Evolve service will be provisioned for a period of one month to enable the Trust to extract the required data from Evolve. Following extraction of the data, Kainos will permanently remove all data held for the customers within 90 days.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The Evolve Carepathway Automation user interface uses a responsive web design approach meaning it can be used on a range of device form factors, ranging from smart phones, to tablets and desktops. Evolve Carepathway Automation also has a dedicated iOS app supporting advanced features such as offline capability.
Accessibility standards None or don’t know
Description of accessibility During the development of Evolve Carepathway Automation, the user voice was the focus of the User Stories used to design the solution. This solution design is user-centric to drive through the importance of ease of use, and to allow users to quickly and easily find the clinical information they need.
Evolve Carepathway Automation has been developed using HTML5 using a responsive web design approach, to provide an optimal viewing and interaction experience – easy reading and navigation with a minimum of resizing, panning and scrolling across a wide range of mobile devices e.g. iOS, Android and Windows.
Accessibility testing Evolve has a team of highly experience usability experts who have conducted extensive usability testing with a wide range of end users including users of assistive technology.

The user interface of the Evolve Carepathway Automation platform is a responsive web design application that works across a number of device form factors ranging from smart phones to tablets and laptops. Evolve has a team of dedicated user experience designers whose role it is to perform user research and design the UI of the application to clean and intuitive to use while taking into account industry guidelines regarding clinical safety.
The National Patient Safety Agency (NPSA) guidelines document regarding safe on-screen display of medication information is one such standard whose principles are consider as part of all screens that are included within the Evolve platform. Examples of principles that are adhered to include consistent use of abbreviated units of measure across the platform (e.g. mL, mmol) and using national standard drug names.
What users can and can't do using the API Evolve Carepathway Automation has a fully functional API - all user and admin functions can be managed through the API.

Roles, groups and scope are used to limit user access to specific API functions.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation What -
A high level of configurability allows individual customers to customise to their own specific requirements and to introduce functionality at a rate that suits them.

How -
Out-of-the-box and customised templates within the solution provide a highly flexible customisation approach. Care professionals have the ability to personalise their home screen with widgets (screen panels), providing them relevant information at a glance. Users have the ability, at any time, to customise their dashboard with widgets from the library using drag and drop functions. Users with the appropriate level of permissions can create their own ad-hoc care recipient lists.

Who -
Business users can customise Evolve Carepathway Automation, programming skills are not required. Widgets are provided out of the box, they can also be customised or created by administrators using available data sets.


Independence of resources Evolve Carepathway Automation runs on a multi-tenant, cloud hosted platform, and as such, a key requirement is that the solution fully supports demands of multiple concurrent deployments.


Service usage metrics Yes
Metrics types - Service availability
- Patient access
- User activity

All delivered via a mix of graphical reports and dashboards.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach Any sensitive data is encrypted both at rest and in transit using 256 AES symmetric key encryption. The Evolve solution uses industry standards for the encryption of patient sensitive data at rest. Amazon Web Services are used i.e. EC2 Elastic Block Storage (EBS) drives are encrypted using AES-256; AWS Relational Database Service (RDS) data encryption AES-256 and AWS S3 using AES-256.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach CSV, FHIR and HL7 exports are supported as standard.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • FHIR
  • HL7
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • FHIR
  • HL7

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability The Evolve architecture is designed for continuous operation, and a target availability level of better than 99.9% is anticipated (excluding planned maintenance). Planned maintenance episodes are minimised as much as possible and are only required in exceptional circumstances – non-disruptive approaches to software release, patching, database maintenance are used to maximise the availability of the solution.

Resilience techniques such as load balancing/service discovery, replication of data and duplication of server roles are employed to minimise the impact of component failure. Extensive monitoring and alerting tooling is deployed at all tiers; this enables issues to be quickly identified and addressed, often without end-user impact.
Approach to resilience Available on request.
Outage reporting Public Dashboard
Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access is controlled via username and password authentication.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date Originally: 11/03/2011; Latest Issue: 07/01/2015
What the ISO/IEC 27001 doesn’t cover Information security outside of the design, development, testing and support of IT solutions.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Kainos is ISO 27001 certified and operates an Information Security Management System which undergoes an external BSI certification audit annually to ensure continued compliance with this standard.
All Kainos staff comply with the Kainos Information Security Policy, in addition to any other standards specified within the Kainos Information Security Management System. Staff are briefed on policies and processes via awareness training and must adhere to these at all times.
As an ISO27001 certified company Information Security is an important consideration for Kainos; in line with our responsibilities it is our policy to ensure that:
 Information will be protected against unauthorised access.
 Confidentiality of information will be assured.
 Integrity of information will be maintained.
 Regulatory and legislative requirements will be met.
 Business continuity plans will be produced, maintained and tested.
 Information security training will be available to all staff.
 All breaches of information security, actual or suspected, will be reported to, and investigated by the Kainos Information Security Manager and communicated appropriately to customers.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We have an established configuration and change management approach in line with our ISO 20000 service management process.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our operational management team monitor metrics from our vulnerability management software in addition to the service provided from our hosting provider.

- Maintain a list of assets that are assessed against industry notifications
- Manage subscriptions to vulnerability notification services
- Regular use of vulnerability scanning software
- Use of external managed security services that assess threat vectors and provide proactive advice/intelligence
- Regular internal and independent testing of infrastructure and applications
- Operate an internal security working group that proactively publishes information about vulnerabilities and best practices
Protective monitoring type Supplier-defined controls
Protective monitoring approach - Use of managed SIEM with intrusion detection systems
- Regular security testing and baselined results
- Proactive analysis of security and system event data
- Response to an incident is dependent on perceived impact, threat and exposure – it could range from no response being necessary through to full incident response involving senior business individuals and law enforcement agencies
- Security incident management process is implemented
- Security related incidents assessed and responded to in line with support processes
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Pre-defined processes

Kainos Support Services is certified by the British Standards Institute as operating an IT Service Management System that complies with the requirements of ISO 20000.

We have an established incident management process as part of ISO 20000.

Reporting Incidents

Users can report incidents directly via our dedicated Service Desk, by email or online via the Kainos Incident Management System (KIM).

Incident Reports

Evolve produces timely, reliable, accurate reports for informed decision making, effective communication and quality management. Kainos provides the client with formal monthly reporting detailing performance against the SLA and agreed Key Performance Indicators (KPI).

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)


Price £75000 per instance per year
Discount for educational organisations No
Free trial available Yes
Description of free trial A free of charge, time limited proof of concept is available to allow our customers to evaluate and measure the clinical and business value of Evolve Carepathway Automation.

The service includes initial discovery, deployment and support during the POC and by it's nature is bespoke to meet customer specific needs.
Link to free trial Subject to terms and conditions, made available following signature of NDA


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑