APEX
APEX is a business intelligence platform designed to support Primary Care Organisations with real-time analytics, empowering NHS customers to make critical business and healthcare decisions. APEX provides a clear understanding of patient and workforce utilisation, supporting improved productivity and efficiency. Allowing evidence based system-level decision making to meet patient demand.
Features
- Real-Time Data Analytics for Primary Care
- Primary Care Management Reporting Tool and Analytics
- Patient Level Service Utilisation Trends
- Digital Clinician Appraisal and Workforce Development Tool
- Automated Submissions and National Reporting Templates (DES/LES)
- Cross Organisational Rota and Resource Management
- COVID-19 Tracking with Patient Level Exposure and High Risk Groups
- Cloud-based Platform Accessible on all Web Browsers
- Fully Interoperable with EMIS Web and TPP SystmOne
- System-Level Data Analytics for PCNs, CCGs, ICSs, ICPs, STPs
Benefits
- Easily understand trends in demand to effectively manage capacity
- Access service/patient level DNA analysis to improve appointment utilisation
- View patient level reattendance to inform service design and signposting
- Access high level management reports on key information across organisations
- Understand utilisation trends of services by patient cohort
- Access long term condition prevalence reporting for population health management
- Quickly plan Extended Access and automate reporting to national standards
- Understand service utilisation across locations in multi-site organisations
- Automate management of PCN DES and local QI/LES submissions
- Effectively manage shared workforce and resources across multi-organisation settings
Pricing
£0.09 a unit a year
Service documents
Request an accessible format
Framework
G-Cloud 12
Service ID
3 0 3 5 6 3 5 8 6 0 2 8 4 3 4
Contact
EGTON MEDICAL INFORMATION SYSTEMS LIMITED
Allison Homer
Telephone: 01924 900177
Email: enquiries@edenbridgehealthcare.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
-
APEX is used by Primary Care Organisations to provide data analytics and services in relation to data predominantly held within their practice Electronic Patient Record System.
APEX is fully interoperable with the EMIS Web and TPP SystmOne Electronic Patient Record Systems. Other EPRs are not supported at this time. - System requirements
- Internet Access
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Support tickets raised via email within standard support hours (Monday to Friday 9am-5pm) - Target First Response time is 30mins.
Tickets raised outside of support hours, including weekends, will be responded to on the next working day. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Edenbridge Healthcare offers a standard level of support across all users of APEX. The standard support service is fully inclusive within the annual APEX Software as a Service license fee.
The standard support service is provided by the APEX Support Team, who's core service operating hours are Monday-Friday 9:00am - 5:00pm.
Information on how to contact the APEX Support Team is provided within the APEX application homepage, as well as on Edenbridge Healthcare's website.
The APEX Support Team provide support services via dedicated support email and telephone channels, both supported by an online service ticketing system to monitor the progress of all service requests in line with SLAs. APEX users can view, track and update their service requests via the online service platform on a 24/7/365 basis.
APEX Customers may escalate service requests to the APEX Support Team Manager via the escalation process detailed on the Edenbridge Healthcare website. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
APEX is typically deployed to new customers following a three-stage process incorporating:
i. Remote installation and configuration with the GP clinical system
ii. Remote commissioning session to customise APEX to the local way of working
iii. Final commissioning session for broader engagement of workforce and alignment to local strategic objectives.
During the remote installation process the Edenbridge team will work with users to install necessary software on a nominated local PC to ensure data flows from the GP clinical systems to APEX.
During the remote commissioning session the Edenbridge team will guide users to configure APEX to their unique way of working, aligning dashboards and reports to the operational model of the Primary Care Organisation.
During the final commissioning session the Edenbridge team will engage a wider audience of the Primary Care Organisation workforce, including clinicians, to highlight the benefits of APEX as well as embed the tool into organisational aims and objectives as well as ensuring this is aligned to the strategic and operational direction of local Primary Care Networks (PCN), Clinical Commissioning Groups (CCG), Integrated Care Systems (ICS)/Partnerships (ICP) and Sustainability & Transformation Partnerships (STP). - Service documentation
- Yes
- Documentation formats
- Other
- Other documentation formats
- Online Learning Portal - Accessed via the APEX Platform
- End-of-contract data extraction
-
Typically data extract from APEX is not required by customers who cease to utilise APEX. This is because the underlying clinical, appointment and organisational data within APEX is obtained from integration with the Primary Care Organisation's Electronic Patient Record System (EMIS Web or SystmOne).
However, a final data extract service is available upon request to customers, providing any APEX acquired data in a csv extract format.
In the event that an exiting customer requests a final data extract the Edenbridge team would work with the customer to confirm secure arrangements for the transit of such data in compliance with applicable security standards, including ISO27001. - End-of-contract process
-
We seek to ensure that at all stages of the contract life-cycle that APEX customers receive the best service possible, this includes upon contract termination.
At the end of a contract a decommissioning process is carried out with the exiting customer, which includes:
i. Confirmation of service termination date with registered APEX users;
ii. Disable access to APEX platform to registered users upon service termination date;
iii. Decommission interoperability data flow with Electronic Patient Record system;
iv. If requested by the customer, a final data extract can be provided; and
v. Deletion of customer data held within APEX, within time frames communicated to the customer and compliant with applicable Information Governance legislation.
The exiting customer is kept informed of progress throughout the decommissioning process and may still raise support tickets with the APEX service desk until all decommissioning services have been concluded.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- Yes
- Compatible operating systems
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
There are no functionality differences between the mobile and desktop versions of APEX. The navigation of the platform does not change dependent upon device.
As a responsive web application the platform is designed to work across multiple form factors. - Service interface
- Yes
- Description of service interface
- There is a full user interface for the application, allowing users to access all services available via the APEX platform.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- APEX has not been assured with any assistive technologies at the present time.
- API
- No
- Customisation available
- Yes
- Description of customisation
-
APEX is fully-customisable to each organisation's local way of working in regards to data held in the Electronic Patient Record system.
Within APEX , if the necessary role-based access permissions allow (administrator must be selected on the profile), users can utilise the Settings menu to define Services based on combinations of Session Holders, Session Categories, Slot Types and Flags to create bespoke dashboards and reports based on the data meaningful to them.
Furthermore, users with the necessary profile can also define which Slot Types denote different Modes of Contact as well as set organisation preferences around Consultation Types and working hours.
APEX Enterprise, the cross-system aggregation platform, allows consistent data sets across mixed clinical system areas to be shared at system-level to inform service design and enhanced patient care. This is fully customisable to the local landscape and way of working, with the ability to breakdown by PCN, network or locality.
Custom Reporting within the APEX Enterprise solution also allows users to create bespoke reports based on a series of metrics across population health, appointment and consultation data. This function also allows users to define data visualisation with options on tabular and chart outputs, with the ability to export.
Scaling
- Independence of resources
-
The APEX platform is hosted within an Azure architecture.
The platform is highly scalable in order to allow burst capacity where required by user demand. The APEX team continuously monitor platform usage in order to decide whether architectural changes to infrastructure requirements are needed to support user demand.
All organisational databases are segregated in order to ensure that there is no cross-customer usage impact at a database level.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
APEX users receive monthly Service Management Reports including:
- Organisational login utilisation data and trends
- Dashboard utilisation data and trends
- Report utilisation data and trends
- Service Desk utilisation data
- Progress Reporting
- Service & System Availability
- Planned Maintenance - Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
-
Through APEX there are a number of functions which can be taken offline in various formats.
Firstly, all APEX Dashboards and Reports are configured to effectively format in the Microsoft Print to PDF function.
Users may also export their data from APEX via a range of activities, including;
- Exporting data behind graphs directly to CSV format
- Creating custom reports to export to Excel
- Creating custom dashboard style reports to export to PDF
- Exporting a GP Appraisal report to PDF - Data export formats
-
- CSV
- Other
- Other data export formats
-
- Excel
- Data import formats
- Other
- Other data import formats
- Direct Interoperability with GP Clinical System
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
As a cloud based solution availability of the APEX application to our users is of paramount importance.
Accordingly, APEX customers receive a contractual SLA that the service will remain available to users 99.95% of the time during a Service Period.
A Service Period is defined as a calendar month.
Service Management reports are provided monthly to customers confirming performance against all SLAs, including Service Availability.
All SLAs are provided on a reasonable endeavours basis. The Supplier shall use their reasonable endeavours to achieve the specified SLAs. Financial refunds are not offered for failure to achieve specified SLAs.
This SLA is exclusive of up to 120 minutes of Planned Downtime, communicated to customers in advance, per Service Period. Planned Downtime shall be performed between the hours of 20:30 - 06:30. - Approach to resilience
-
APEX is hosted within Azure data centre solutions in the UK.
Full information on the Microsoft Azure data centre resilience offering is available to all users upon request. - Outage reporting
-
APEX service outages will be reported to customers via email alerts and via monthly Service Management reporting to Primary Care Commissioning bodies in accordance with the APEX Service Management process.
Such reports shall detail the date, time and duration of the service outage.
Customers are kept regularly informed of progress on any outage incidents via regular email notifications. Additionally, any customer reported outages, resulting in a service ticket, can be tracked by the customer via the APEX support desk ticket portal.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Individuals are granted access by a system administrator at each healthcare organisation and can only see data visible to that organisation and with role-based permissions configured for them. Role-based access permissions range from system administrator profiles through to individual user access for individual clinicians to view only personal workload. Only users with an administrator option selected are able to make any customisation within APEX and only users with the option to view other user details can view data surrounding colleagues in the healthcare organisation.
- Access restriction testing frequency
- At least once a year
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
-
- NHS Data Security and Protection Toolkit
- Cyber Essentials
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- NHS DSP Toolkit - Organisation code 8K712
- Information security policies and processes
-
The APEX service is subject to Edenbridge Healthcare's security policies and processes. These policies and processes have been designed to ISO:27001 compliance levels and are governed by the companies Regulatory Compliance Board, chaired by the company's Managing Director, Development Director and Operations Director.
These policies cover all elements of the ISO:27001 standard, including data security, information governance, asset management, supplier management, acceptable use, data quality, secure development, physical media handling, change management, business continuity and continual improvement.
All policies and procedures are flowed down to employees, contractors and suppliers of the organisation, as appropriate, and are enforced via both contractual and operational obligations and monitoring processes.
Note - Edenbridge Healthcare Ltd is not ISO:27001 certified as at the date of submission of the GCloud 12 application. The organisation has ISO:27001 audits booked for certification in Q4 2020, which shall include the APEX service offering within scope.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
All service components, along with their configurations and dependencies are documented in the APEX Inventory of Information Hardware/Software Assets.
All significant, non-routine changes to service components are subject to change control.
Change requests are assessed by the Information Security Manager to identify potential risks in-line with the risk management framework.
All changes require a testing plan with clear acceptance criteria.
Once a change is implemented the Change Manager authorises its transfer to the operational environment, ensuring that business processes are not disturbed and that business continuity plans are updated.
Software updates are version controlled and system documentation is updated. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
An automated vulnerability assessment system is used to strengthen the security posture of service components, providing advanced threat protection across the infrastructure.
Continuous assessments are performed across the infrastructure to determine whether existing or new resources are configured according to security best practices, providing a clear understanding of the security status of each resource. Workloads are also assessed to provide threat prevention recommendations and security alerts.
A Secure Score is associated with each recommendation which informs the prioritisation of mitigation or remediation actions.
Vulnerability fixes or configuration changes are applied in-line with the relevant priority based SLAs. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
The Security Center provided by the hosted environment generates alerts when a threat is detected to the network or a service resource. Security Center prioritises and lists alerts, along with the information needed to investigate the problem. Recommendations are provided for how to remediate an attack. Related alerts are automatically collated into security incidents. Incidents provide a single view of an attack, giving a clear understanding of what actions the attacker took, severity, status, and the affected resource.
Actions to mitigate the threat and prevent future attacks are taken based on the recommendations based on severity. - Incident management type
- Supplier-defined controls
- Incident management approach
-
All Service Incidents are reported via the APEX Support Team and tracked within the online APEX support platform.
Service Incidents receive a priority rating, assigned by the APEX Support Team, dependent upon their severity. The severity rating at P1 - P4, with P1 being the highest level of severity. Pre-defined processes exist for common events to ensure speed of service delivery and continuous service improvement.
Users report Incidents to the APEX Support Team via either dedicated telephone or email submission routes.
Incident Reports are provided via Service Management reports on a monthly basis, or otherwise upon request from a customer.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £0.09 a unit a year
- Discount for educational organisations
- No
- Free trial available
- No