PatientSource Ltd

Electronic Patient Record Solution

PatientSource is a clinician-designed Electronic Medical Record solution for hospitals and community care.

Case Notes
Electronic Discharge
Bed Management
Patient Direct
Health IoT
Health Artificial Intelligence
Health Machine Learning
Health Automation
Health Integration
Integration Engine
Instant Clinical Messaging
Health Clinical Consulting
Health Strategy


  • Designed by doctors Built by the people from the NHS!
  • Tablet-compatible - Take it right up to the bedside
  • Works on tablets, laptops, desktops without needing installation.
  • Cloud-based Massively reliable, automatically backed up.
  • Powered by AI Artifical Intelligence to assist diagnosis.
  • Excellent value Built on modern, battle-hardened Open Source components.
  • Modular - Take just the parts that you need.
  • Patient portal - Patients can review their record from home.
  • Per user, per month subscription pricing.
  • Single Clinical user interface - Integrates other solutions.


  • Front-line staff find it really easy to use.
  • Empowers the keeping of contemporaneous clinical notes.
  • Minimal IT Team intervention required. Quick to install.
  • Never worry about running the infrastructure yourself again.
  • AI: detect deterioration and forecast resource usage.
  • Low cost, high value. No hidden licence fees.
  • It will interoperate with other clinical and information systems.
  • Patients and carers engaged and empowered in self care.
  • No capital, low risk only expand if solution is right.
  • Reduce clinical risk. Ease of training. Information always available.


£10 to £120 per person per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

2 0 4 7 0 5 9 4 6 6 6 6 2 2 2


PatientSource Ltd

Lee Francis


Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Our services are designed to be ultimately flexible and mould to the customers needs. No constraints apply when using any of our cloud deployment configurations. On-site server deployments may have variations in the SLA.
System requirements
  • Customer has to run a modern internet browser.
  • Robust and comprehensive Wi Fi coverage for handheld device use.
  • Robust and comprehensive Information Governance framework and training.
  • Resilient connection to the internet with sufficient bandwidth.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Queries are triaged and responded to according to urgency. Typically all support items are responded to by the end of the next working day but more critical items are escalated and responded to with appropriate urgency. Other routes for support are also available for more urgent queries such as telephone.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Onsite support
Support levels
PatientSource specialises in highly functional and cutting edge clinical software.

We utilise partners who are experts in their field of Service Management and support.

Our partners include:
PA Consulting

PatientSource will act as a strategic partner to customers, helping them assess each partner and their support offerings against the PatientSource modular functionality they are taking and any future road map considerations for the best fit.

Pricing is very flexible and tuned to the unique characteristics of the PatientSource modular solutions and incident report times selected.

If a customer has a preference for a support provider we are not currently partnered with, or they are already in contract with a service provider, PatientSource is open to considering extending the partnership scheme to the entity, providing they meet our exacting standards.
Support available to third parties

Onboarding and offboarding

Getting started
PatientSource take a consultative approach, from first engagement, we host as many conference calls and in person meetings to describe and demonstrate the full range of PatientSource modules.

Alignment is made to the customers aspirations, including any potential 3rd party vendors to complement PatientSource functionality. This will also include future road map considerations.

A high-level functional description is created, reviewed and approved by all parties forming a key component of the Prince 2 – Project Initiation Document.

Iterative agile cycles of customisation and any bespoke coding are undertaken before a production version of PatientSource is offered for end user acceptance testing.

PatientSource can train end users directly, or a more efficient way is for Train the Trainer sessions to empower the organisation for self-sufficiency in the future.

Comprehensive end user focused training documentation, videos, blogs, messages from the customer senior management team are produced and shared online and whichever mediums work for the organisation in question.

PatientSource provides floorwalking and after care support, end user positive experience is paramount.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
Printed Format
End-of-contract data extraction
PatientSource features a database extraction layer – Relevant patient information fields can be uploaded to a customer data warehouse, noting of course that the data schema and PatientSource IP must be protected.

Patient data can be exported to PDF enabling the customer to host in an EDM solution.

A one-off fee at the end of the contract will provision a read only “static” copy of PatientSource, the configuration and patient data held as per the day of contract expiry. This can take the form of a “mothballed” instance on the Microsoft Azure cloud, consuming only storage resources (payable by the customer) or a look up read only version, consuming both compute and storage.
End-of-contract process
PatientSource will provide an automated PDF extract of each patient registered in the customers PatientSource instance within the price of the contract.

PatientSource will provision access to the database abstraction layer within the price of the contract. PatientSource will assist the customers information team in designing an interface and export routine for a reasonable time and materials charge.

PatientSource will provision a stand alone, read only “snapshot” version of the solution as it was presented on the final day of the customer contract. This will attract a charge for the provision and a monthly storage and compute charge for the hosting on the public cloud.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
PatientSource intelligently renders to the mobile device screen size automatically.

PatientSource features stylus support, enabling signatures and annotations on clinical sketches.
Service interface
What users can and can't do using the API
We have HL7 interfaces which will work with many third party clinical systems.

Where we need to come up with something new, PatientSource Ltd employs some of the brightest software engineers who all graduated from the University of Cambridge. Our teams regularly undertake systems integration work for clients to get PatientSource talking to your third party systems.

Examples of interfaces we have achieved in real clinical environments:
TIE / interoperability platforms (such as Mirth, Ensemble and Rhapsody)

Automatic importing of blood test results the moment the results are announced by blood analysers.

Real-time operating on top of legacy Patient Administration Systems and Patient Master Index systems.

Automatic exporting of PatientSource data securely into a legacy PDF archiving system.

We don’t usually need the third party vendor’s assistance to do this, just API schema or permission to probe the third party system for tap points.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
API sandbox or test environment
Customisation available
Description of customisation
Firstly PatientSource is modular and within those modules, access provisioned to individuals within the organisation, this "system level" customisation ensures high value, a customer only ever pays for what they use, rather than one small team needing a specific module and it having to be licenced for the whole organisation.

PatientSource features a form builder with intelligent fields. Customers can (with a small amount of training) replicate their paper forms digitally.

Customers can design completely new clinical pathways once empowered with the convenience of digital forms.

Automatic alerts for monitoring thresholds can be individualised to the customers needs. PatientSource will come setup with national metrics, the National Early Warning Score for example, the customer can tweak as required.

There is an admin console featuring a powerful and comprehensive customisation tool.


Independence of resources
PatientSource scales through partners, utilising companies whose sole focus is service management or deployment to deliver to our clients.
We maintain multiple partners offering similar services ensuring we a myriad of options and are not reliant on a single supplier.
We can mandate quality metrics, swop personnel out if there are any issues holding the company contractually to account.

For the nucleus of PatientSource services, cutting edge clinical software, we maintain a collective of Cambridge educated software developers who represent the best of the “Gig Economy” working flexible contracts, bringing in experiences and ideals from other sectors in-between PatientSource contracts.


Service usage metrics
Metrics types
PatientSource provides the facility to write custom queries to the data to populate useful dashboards to help inform care and organisational management.
Reporting types
  • API access
  • Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported through a number of channels including automatic periodic export to connected systems or manual export of selected data. Formats include database extraction in SQL, CSV, or rendering as PDF.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • SQL
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Images (JPG, GIF, PNG, etc.)
  • PDF
  • Word DOC

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
PatientSource can be hosted within a private or public cloud. Public cloud availability terms, SLAs and financial guarantees are flowed down through the customer contract.
Approach to resilience
PatientSource can be hosted within a private or public cloud.

Public cloud availability terms, SLAs and financial guarantees are flowed down through the customer contract.

Resilience levels are dependent on the selected host supplier.
Outage reporting
Email alerts and an API can be used to report service outages

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
PatientSource provides a granular permissions matrix that can be applied on both a user group or individual level ensuring appropriate access to interfaces.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Certified International Systems Ltd.
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Devices, servers and networks physically maintained and controlled by clients.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
The PatientSource architecture has security and confidentiality “designed in”. We employ a security architecture following the best practice recommended by Bruce Schneier.

We are ISO27001 certified. All patient data is encrypted at rest, and in transit.

Relevant certifications:

● ISB 0129 (Clinical Safety) compliant
● ISO 9001
● ISO 14001
● ISO 27001
● MHRA Class I product
● NHS Digital certified Clinical Safety Officer
● NHS Digital Information Governance Toolkit, level 3

Dr Michael Brooks is the certified Clinical Safety Officer and responsible for compliance and auditing against policies and standards.

Dr Philip Ashworth is the Data Protection Officer, policies state that any suspected breaches should be reported to him immediately.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
PatientSource implements a full audit trail for all access and changes. Any configuration changes are logged and security validation is carried out with a combination of periodic manual testing against current standards and a library of unit tests. Possible security impacts identified are then reported and resolved appropriately.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
PatientSource implements a full audit trail for all access and changes. Any configuration changes are logged and security validation is carried out with a combination of periodic manual testing against current standards and a library of unit tests. Possible security impacts identified are then reported and resolved appropriately (critical patches are usually applied within 48 hours but in no event longer than 14 days).
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
PatientSource implements a full audit trail for all data access and changes. All access to data are logged and suspicious connections can be automatically identified, terminated and reported. Incidents are responded to as soon as they are identified.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Processes follow the ISO 27035:2016 standard and are documented and regularly audited as part of our ISO 27001 audited ISMS.
Users can report events either directly via email/telephone or using our online reporting tools.
Incident reports are typically delivered via email/phone depending on severity and urgency.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£10 to £120 per person per month
Discount for educational organisations
Free trial available
Description of free trial
Includes PAS, eNotation, eObservations for up to three months depending on size and type of organisation.

Exclusions that may incur additional charge:
Form configuration or observation chart customisation, enhanced support (out of office hours), staff account management, onsite staff training, integration with third party systems.

Service documents

Return to top ↑