Edenbridge Healthcare Limited


APEX is a business intelligence platform designed to support Primary Care Organisations with real-time analytics, empowering NHS customers to make critical business and healthcare decisions. APEX provides a clear understanding of patient and workforce utilisation, supporting improved productivity and efficiency. Allowing evidence based system-level decision making to meet patient demand.


  • Real-Time Data Analytics for Primary Care
  • Primary Care Management Reporting Tool and Analytics
  • Patient Level Service Utilisation Trends
  • Digital Clinician Appraisal and Workforce Development Tool
  • Automated Submissions and National Reporting Templates (DES/LES)
  • Cross Organisational Rota and Resource Management
  • COVID-19 Tracking with Patient Level Exposure and High Risk Groups
  • Cloud-based Platform Accessible on all Web Browsers
  • Fully Interoperable with EMIS Web and TPP SystmOne
  • System-Level Data Analytics for PCNs, CCGs, ICSs, ICPs, STPs


  • Easily understand trends in demand to effectively manage capacity
  • Access service/patient level DNA analysis to improve appointment utilisation
  • View patient level reattendance to inform service design and signposting
  • Access high level management reports on key information across organisations
  • Understand utilisation trends of services by patient cohort
  • Access long term condition prevalence reporting for population health management
  • Quickly plan Extended Access and automate reporting to national standards
  • Understand service utilisation across locations in multi-site organisations
  • Automate management of PCN DES and local QI/LES submissions
  • Effectively manage shared workforce and resources across multi-organisation settings


£0.09 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@edenbridgehealthcare.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

3 0 3 5 6 3 5 8 6 0 2 8 4 3 4


Edenbridge Healthcare Limited Allison Homer
Telephone: 01924 900177
Email: enquiries@edenbridgehealthcare.com

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
APEX is used by Primary Care Organisations to provide data analytics and services in relation to data predominantly held within their practice Electronic Patient Record System.
APEX is fully interoperable with the EMIS Web and TPP SystmOne Electronic Patient Record Systems. Other EPRs are not supported at this time.
System requirements
Internet Access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support tickets raised via email within standard support hours (Monday to Friday 9am-5pm) - Target First Response time is 30mins.

Tickets raised outside of support hours, including weekends, will be responded to on the next working day.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Edenbridge Healthcare offers a standard level of support across all users of APEX. The standard support service is fully inclusive within the annual APEX Software as a Service license fee.

The standard support service is provided by the APEX Support Team, who's core service operating hours are Monday-Friday 9:00am - 5:00pm.

Information on how to contact the APEX Support Team is provided within the APEX application homepage, as well as on Edenbridge Healthcare's website.

The APEX Support Team provide support services via dedicated support email and telephone channels, both supported by an online service ticketing system to monitor the progress of all service requests in line with SLAs. APEX users can view, track and update their service requests via the online service platform on a 24/7/365 basis.

APEX Customers may escalate service requests to the APEX Support Team Manager via the escalation process detailed on the Edenbridge Healthcare website.
Support available to third parties

Onboarding and offboarding

Getting started
APEX is typically deployed to new customers following a three-stage process incorporating:
i. Remote installation and configuration with the GP clinical system
ii. Remote commissioning session to customise APEX to the local way of working
iii. Final commissioning session for broader engagement of workforce and alignment to local strategic objectives.

During the remote installation process the Edenbridge team will work with users to install necessary software on a nominated local PC to ensure data flows from the GP clinical systems to APEX.

During the remote commissioning session the Edenbridge team will guide users to configure APEX to their unique way of working, aligning dashboards and reports to the operational model of the Primary Care Organisation.

During the final commissioning session the Edenbridge team will engage a wider audience of the Primary Care Organisation workforce, including clinicians, to highlight the benefits of APEX as well as embed the tool into organisational aims and objectives as well as ensuring this is aligned to the strategic and operational direction of local Primary Care Networks (PCN), Clinical Commissioning Groups (CCG), Integrated Care Systems (ICS)/Partnerships (ICP) and Sustainability & Transformation Partnerships (STP).
Service documentation
Documentation formats
Other documentation formats
Online Learning Portal - Accessed via the APEX Platform
End-of-contract data extraction
Typically data extract from APEX is not required by customers who cease to utilise APEX. This is because the underlying clinical, appointment and organisational data within APEX is obtained from integration with the Primary Care Organisation's Electronic Patient Record System (EMIS Web or SystmOne).

However, a final data extract service is available upon request to customers, providing any APEX acquired data in a csv extract format.

In the event that an exiting customer requests a final data extract the Edenbridge team would work with the customer to confirm secure arrangements for the transit of such data in compliance with applicable security standards, including ISO27001.
End-of-contract process
We seek to ensure that at all stages of the contract life-cycle that APEX customers receive the best service possible, this includes upon contract termination.

At the end of a contract a decommissioning process is carried out with the exiting customer, which includes:
i. Confirmation of service termination date with registered APEX users;
ii. Disable access to APEX platform to registered users upon service termination date;
iii. Decommission interoperability data flow with Electronic Patient Record system;
iv. If requested by the customer, a final data extract can be provided; and
v. Deletion of customer data held within APEX, within time frames communicated to the customer and compliant with applicable Information Governance legislation.

The exiting customer is kept informed of progress throughout the decommissioning process and may still raise support tickets with the APEX service desk until all decommissioning services have been concluded.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
Designed for use on mobile devices
Differences between the mobile and desktop service
There are no functionality differences between the mobile and desktop versions of APEX. The navigation of the platform does not change dependent upon device.

As a responsive web application the platform is designed to work across multiple form factors.
Service interface
Description of service interface
There is a full user interface for the application, allowing users to access all services available via the APEX platform.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
APEX has not been assured with any assistive technologies at the present time.
Customisation available
Description of customisation
APEX is fully-customisable to each organisation's local way of working in regards to data held in the Electronic Patient Record system.

Within APEX , if the necessary role-based access permissions allow (administrator must be selected on the profile), users can utilise the Settings menu to define Services based on combinations of Session Holders, Session Categories, Slot Types and Flags to create bespoke dashboards and reports based on the data meaningful to them.

Furthermore, users with the necessary profile can also define which Slot Types denote different Modes of Contact as well as set organisation preferences around Consultation Types and working hours.

APEX Enterprise, the cross-system aggregation platform, allows consistent data sets across mixed clinical system areas to be shared at system-level to inform service design and enhanced patient care. This is fully customisable to the local landscape and way of working, with the ability to breakdown by PCN, network or locality.

Custom Reporting within the APEX Enterprise solution also allows users to create bespoke reports based on a series of metrics across population health, appointment and consultation data. This function also allows users to define data visualisation with options on tabular and chart outputs, with the ability to export.


Independence of resources
The APEX platform is hosted within an Azure architecture.

The platform is highly scalable in order to allow burst capacity where required by user demand. The APEX team continuously monitor platform usage in order to decide whether architectural changes to infrastructure requirements are needed to support user demand.

All organisational databases are segregated in order to ensure that there is no cross-customer usage impact at a database level.


Service usage metrics
Metrics types
APEX users receive monthly Service Management Reports including:
- Organisational login utilisation data and trends
- Dashboard utilisation data and trends
- Report utilisation data and trends
- Service Desk utilisation data
- Progress Reporting
- Service & System Availability
- Planned Maintenance
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Through APEX there are a number of functions which can be taken offline in various formats.
Firstly, all APEX Dashboards and Reports are configured to effectively format in the Microsoft Print to PDF function.
Users may also export their data from APEX via a range of activities, including;
- Exporting data behind graphs directly to CSV format
- Creating custom reports to export to Excel
- Creating custom dashboard style reports to export to PDF
- Exporting a GP Appraisal report to PDF
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • Excel
Data import formats
Other data import formats
Direct Interoperability with GP Clinical System

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
As a cloud based solution availability of the APEX application to our users is of paramount importance.

Accordingly, APEX customers receive a contractual SLA that the service will remain available to users 99.95% of the time during a Service Period.

A Service Period is defined as a calendar month.

Service Management reports are provided monthly to customers confirming performance against all SLAs, including Service Availability.

All SLAs are provided on a reasonable endeavours basis. The Supplier shall use their reasonable endeavours to achieve the specified SLAs. Financial refunds are not offered for failure to achieve specified SLAs.

This SLA is exclusive of up to 120 minutes of Planned Downtime, communicated to customers in advance, per Service Period. Planned Downtime shall be performed between the hours of 20:30 - 06:30.
Approach to resilience
APEX is hosted within Azure data centre solutions in the UK.

Full information on the Microsoft Azure data centre resilience offering is available to all users upon request.
Outage reporting
APEX service outages will be reported to customers via email alerts and via monthly Service Management reporting to Primary Care Commissioning bodies in accordance with the APEX Service Management process.

Such reports shall detail the date, time and duration of the service outage.

Customers are kept regularly informed of progress on any outage incidents via regular email notifications. Additionally, any customer reported outages, resulting in a service ticket, can be tracked by the customer via the APEX support desk ticket portal.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Individuals are granted access by a system administrator at each healthcare organisation and can only see data visible to that organisation and with role-based permissions configured for them. Role-based access permissions range from system administrator profiles through to individual user access for individual clinicians to view only personal workload. Only users with an administrator option selected are able to make any customisation within APEX and only users with the option to view other user details can view data surrounding colleagues in the healthcare organisation.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • NHS Data Security and Protection Toolkit
  • Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
NHS DSP Toolkit - Organisation code 8K712
Information security policies and processes
The APEX service is subject to Edenbridge Healthcare's security policies and processes. These policies and processes have been designed to ISO:27001 compliance levels and are governed by the companies Regulatory Compliance Board, chaired by the company's Managing Director, Development Director and Operations Director.

These policies cover all elements of the ISO:27001 standard, including data security, information governance, asset management, supplier management, acceptable use, data quality, secure development, physical media handling, change management, business continuity and continual improvement.

All policies and procedures are flowed down to employees, contractors and suppliers of the organisation, as appropriate, and are enforced via both contractual and operational obligations and monitoring processes.

Note - Edenbridge Healthcare Ltd is not ISO:27001 certified as at the date of submission of the GCloud 12 application. The organisation has ISO:27001 audits booked for certification in Q4 2020, which shall include the APEX service offering within scope.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All service components, along with their configurations and dependencies are documented in the APEX Inventory of Information Hardware/Software Assets.

All significant, non-routine changes to service components are subject to change control.

Change requests are assessed by the Information Security Manager to identify potential risks in-line with the risk management framework.

All changes require a testing plan with clear acceptance criteria.

Once a change is implemented the Change Manager authorises its transfer to the operational environment, ensuring that business processes are not disturbed and that business continuity plans are updated.

Software updates are version controlled and system documentation is updated.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
An automated vulnerability assessment system is used to strengthen the security posture of service components, providing advanced threat protection across the infrastructure.

Continuous assessments are performed across the infrastructure to determine whether existing or new resources are configured according to security best practices, providing a clear understanding of the security status of each resource. Workloads are also assessed to provide threat prevention recommendations and security alerts.

A Secure Score is associated with each recommendation which informs the prioritisation of mitigation or remediation actions.

Vulnerability fixes or configuration changes are applied in-line with the relevant priority based SLAs.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The Security Center provided by the hosted environment generates alerts when a threat is detected to the network or a service resource. Security Center prioritises and lists alerts, along with the information needed to investigate the problem. Recommendations are provided for how to remediate an attack. Related alerts are automatically collated into security incidents. Incidents provide a single view of an attack, giving a clear understanding of what actions the attacker took, severity, status, and the affected resource.

Actions to mitigate the threat and prevent future attacks are taken based on the recommendations based on severity.
Incident management type
Supplier-defined controls
Incident management approach
All Service Incidents are reported via the APEX Support Team and tracked within the online APEX support platform.
Service Incidents receive a priority rating, assigned by the APEX Support Team, dependent upon their severity. The severity rating at P1 - P4, with P1 being the highest level of severity. Pre-defined processes exist for common events to ensure speed of service delivery and continuous service improvement.
Users report Incidents to the APEX Support Team via either dedicated telephone or email submission routes.
Incident Reports are provided via Service Management reports on a monthly basis, or otherwise upon request from a customer.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£0.09 a unit a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@edenbridgehealthcare.com. Tell them what format you need. It will help if you say what assistive technology you use.