Amadeus Platform
Amadeus is an award-winning interoperability platform delivering a comprehensive approach to acquiring, enriching, presenting and analysing actionable health and care data. The scalable and open platform supports population health management initiatives, precision medicine and value-based care models, and provides healthcare professionals with real-time cognitive support at the point of care.
Features
- Single, comprehensive integrated digital care record
- Seamless integration and visualisation of healthcare data from disparate sources
- Integrated workflow and care coordination tools
- Integrated medicines platform for complete, patient-centric view of medications
- Patient Portal gives individuals easy access to their health record
- Virtual Care tools enable remote patient monitoring and engagement
- Reporting dashboards and visualisations for exploring data in the system
- Modular infrastructure providing a highly scalable and flexible platform
- Built using the latest industry standards (FHIR, HL7, standard APIs)
- Advanced, granular privacy capability provides controlled access to patient information
Benefits
- Improved care delivery and patient outcomes using a secure solution
- More timely and informed decision-making at the point of care
- Reduce clinical risk through informed decision-making and medicines reconciliation
- Reduced healthcare costs, e.g. repeated tests, appointments and unnecessary admissions
- Empower patients to engage and take control of their wellbeing
- Enhanced management of chronic patients using technology in their home
- Improved communication and collaboration between multiple health and care providers
- Optimise clinicians time by aggregating data into a single system
- Improved safety and privacy through risk management procedures and activities
- Improved patient experience in meeting individual needs and care planning
Pricing
£0 to £8 a user a month
Service documents
Request an accessible format
Framework
G-Cloud 12
Service ID
3 3 5 2 7 8 6 7 4 2 5 7 6 9 8
Contact
Orion Health Ltd
Shaun Kearney
Telephone: 08003686290
Email: commercial_uki@orionhealth.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- The service is based on an open, modular software stack and constraints of the service vary dependant on the modules taken within the Amadeus platform. The service is browser-based, dependencies detailed below.
- System requirements
-
- Desktop Operating Systems: Windows 7 or above, macOS
- Secure browser-based via HTTPS
- Supported browsers: Chrome, Microsoft Edge, IE11, Mozilla Firefox, Safari
- Mobile browsers: Mobile Mozilla Firefox, Mobile Safari, Mobile Chrome
- Database servers: Oracle, SQL Server
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
The Orion Health Support Tracker is an online tool for logging and tracking all client requests with our Client Support Services Team. Support Tracker has several levels of prioritising issues, referred to as the Fault Priority Level. Queries are assigned a Level depending on how critical the problem is. Orion Health's standard Initial Response Times per Ticket (incident) are:
Level 1 (Production Failure - Critical) - 30 minutes;
Level 2 (Production Degradation - Urgent) - 1 hour;
Level 3 (Functional Impact - Major) - Next Working Day;
Level 4 (No Production Impact - Planned) - Next Working Day. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Orion Health works with clients to tailor a support package that meets their specific needs. We provide 24x7x365 support ranging from 3rd line support through the Customer Support Services (CSS) help desk, and a comprehensive managed service for the Orion Health applications and supporting architecture through the Orion Health Application Managed Service (AMS). Both the CSS and AMS are supported through the ITIL aligned customer support services and delivery services of: Incident Management, Problem Management, Change Management, Release Management, Configuration Management, Service Level Management, Availability Management, Capacity Management, IT Service Continuity Management, Monitoring Tools.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Orion Health offers a wide range of training courses and materials to facilitate rapid adoption of the solution. Training is offered through:
- Online Academy; online self-paced modules with quizzes and file submissions graded by an experienced Orion Health trainer.
- Instructor-led; face to face training with an experienced Orion Health trainer, often at the customer site.
- Webinar; instructor-led training with the convenience of a virtual learning environment.
A 'Train the Trainer' approach is often recommended, whereby Orion Health provide the local team with the knowledge and skills necessary to establish an ongoing end user program independent of Orion Health resources. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- At the end of a contract, users can export their configuration and data before the server is cleared by Orion Health. Orion Health retains all intellectual property in the software, and grants a perpetual license to the customer, subject to payment of the license fee. The customer owns the configuration of the Orion Health solution at the customer site. The customer does not receive the source code of the software, but Orion Health offers an escrow service at an additional cost.
- End-of-contract process
- An agreed exit plan will be included in any contract with a customer, and Orion Health would comply fully with the requirements as set out for contract exit in the contract. The exit plan will contain all the detail necessary to affect a smooth and orderly termination of the services and hand-over to the customer or a new service provider. As such the deliverables and activities that would typically form part of an exit and handover include the obligations of each party, applicable schedule and timescales and the approach to data migration.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Linux or Unix
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Amadeus is 100% web based and can be accessed from any web enabled device. This includes desktops, laptops and tablets and means that staff can use the system from a range of locations and devices, providing they have internet connection. The Amadeus platform is mobile responsive; the display will dynamically adjust to the screen size in use (desktop, tablet, mobile).
- Service interface
- Yes
- Description of service interface
- The web-based Clinical Portal provides a single point of entry to the consolidated patient record, providing users with the ability to extract maximum value from the information as quickly as possible. Clinical Portal arranges data into a unified and consistent patient-centric view, making it relevant to the role of the user. The interface is easy to use; it has an efficient, modern and intuitive graphical interface that will be familiar to anyone who has browsed the internet and used common clinical systems. The Clinical Portal interface supports WCAG accessibility guidelines and is highly configurable.
- Accessibility standards
- WCAG 2.1 A
- Accessibility testing
- We actively test assistive technologies such as VoiceOver and JAWS and have implemented the necessary code as per the standards to enable other types of assistive technologies.
- API
- Yes
- What users can and can't do using the API
- Third party developers can access the rich data and services held in Amadeus through our Open APIs, which are built using industry standards such as REST and HL7 FHIR. Our APIs provide access to structured data resources held within the service, such as demographics, encounters, medications, etc. They currently provide read only capability.
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Amadeus provides a high level of customisation options, for both administrators and users, to meet the needs of individual clinicians and departments and/or specialities. Users can customise the way data is presented on the clinician homepage and patient summary screen to present information that is most relevant to the individual users' workflow. Administrators can easily undertake day-to-day configurations, as well as more specialised administration tasks, such as configuring Users and User Groups for access, User interface, Adding and deleting applications, User messaging, Automatic application monitoring and user notifications.
Scaling
- Independence of resources
- Each customer has their own instance of the service with dedicated application and database servers. The service uses elastic scaling load balances to handle peaks in demand and service monitoring allows proactive scaling of hosting infrastructure.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Orion Health provides a range of system metrics and reports, depending on the client need. Examples include: Total monthly logins, Account status, Total licences used, Monthly users created, Total tickets logged/open/closed for a month, Any high priority issues, Any problem tickets, Any outages, Server space report / Disk space used, Total messages processed, Portal account summary, Patient access review, Number of patient records viewed, Number of patient records available, Monthly usage figures (total logins), Number of pathology reports viewed, Number of radiology reports viewed, Open incidents.
- Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- At the end of a contract, users can export their configuration and data before the server is cleared by Orion Health. Orion Health retains all intellectual property in the software, and grants a perpetual license to the customer, subject to payment of the license fee. The customer owns the configuration of the Orion Health solution at the customer site. The customer does not receive the source code of the software, but Orion Health offers an escrow service at an additional cost.
- Data export formats
-
- CSV
- Other
- Other data export formats
- XML
- Data import formats
-
- CSV
- Other
- Other data import formats
- Data can be uploaded in any documented format
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Orion Health offer high availability solutions that are operational 24/7, 365 days per year. Typically, the only downtime is for scheduled maintenance (i.e. upgrades) which are usually scheduled for off-peak hours when there are minimal users online. Most Orion Health customers experience availability of at least 99.9%, with some operating at 99.99%.
- Approach to resilience
- The Amadeus platform architecture provides high availability in all components of the service using elastic scaling infrastructure, connection load balancers with service health monitoring, multiple redundant nodes geographically distributed over two or more availability zones, and block level data replication.
- Outage reporting
- Outages are handled as part of our Incident Management process and reported through real-time customer communications and monthly reports.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Amadeus supports Role Based Access Control (RBAC) whereby access is controlled based on the user's role and their membership in one or more user groups (e.g. administrator level access). Management access (e.g. for engineers) must be requested explicitly by individuals requiring access. Requests are reviewed and approved in accordance with our documented security policy and, if appropriate, granted with time bound, least privileged, constraints.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Lloyd's Register
- ISO/IEC 27001 accreditation date
- 02/12/2019
- What the ISO/IEC 27001 doesn’t cover
- The ISO/IEC 27001:2013 certification is applicable to the provision of Interoperable Health Software from the Orion Health UK and Ireland business, including our London, Glasgow and Belfast offices, and third party hosting services. This includes sales, implementation and support functions being delivered to the public and private sector.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
-
- ISO 27001:2013
- Data Security and Protection Toolkit (DSPT)
- Information Commissioners Office registration
- Data Protection Act 2018
- General Data Protection Regulation (GDPR)
- Caldicott Principles
- The services utilises Amazon Web Services (AWS) cloud hosting
- AWS is compliant with a series of global security standards
- Such as ISO 27001, 27017, 27018, 9001,
- CSA STAR 1 and 2, NCSC, DSPT, Cyber Essentials Plus
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
-
- Data Security and Protection Toolkit (DSPT)
- Information Commissioners Office registration (see Z8683942)
- Data Protection Act 2018
- General Data Protection Regulation (GDPR)
- Caldicott Principles - Information security policies and processes
-
Orion Health has adopted an internationally recognised information security management standard, ISO 27001:2013, in order to provide a systematic approach to managing confidential and sensitive information so that it remains secure. Using this standard as a baseline, Orion Health implements an Information Security Policy to control the governance and protection of our customers’ information assets under our care, as well as our own information. Our Information Security Policy is supported by a collection of administrative, technical, and physical policies and processes aligned with best practice advised by ISO 27002:2013 and expected by Article 32 GDPR. These policies and procedures ensure the integrity and confidentiality of personal data (including health data) and protect against anticipated threats or hazards to the security or integrity of such information.
The Information Security policy is approved by senior management and subject to continuous, systematic review and improvement. Orion Health has established a “secure by design” program that considers security as integral to the service lifecycle and regularly engages employees in Information Security, Privacy, and Code of Conduct training.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
The Change Management process is managed as part of our industry standard ITIL aligned customer support service. We operate a structured change control process so that where additions and changes are required they go through a thorough process of requirements gathering and joint agreement.
Our Change Management process ensures all changes to the architecture and its components (Configuration Items) are authorised and documented and appropriately managed to ensure that impact on the system is kept to a minimum. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Orion Health subscribes to various agencies for information and alerts related to emerging threats and vulnerabilities. Additionally, Orion Health conducts internal and external security scans of all Orion Health managed production environments, on at least a monthly basis. All findings are managed using Orion Health's Patch and Vulnerability process. The risk associated with each finding is assessed, and remediation is prioritised and managed in accordance with the Orion Health Risk Management Process.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- The Orion Health solution is monitored 24x7x365 by the Security Operations Center provided by the Managed Security Services Provider. This includes real time log monitoring, via a SIEM, from various log sources including Firewalls, Intrusion Prevention/Detection Systems, File Integrity Management, Anti-Malware, as well as infrastructure and administrator log events. Access to the environment is controlled via business requirements, strict minimum necessary permissions, and MFA. Access audits are conducted twice a year.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
The Incident Management process is managed as part of our industry standard ITIL aligned customer support service through the provision of the Orion Health Customer Support Service Desk. The Support Desk is responsible for receiving and processing service requests, for assisting users, and for coordinating incident resolution. Customer incidents are logged via a toll-free support telephone number and through an online support system, Support Tracker.
The incident management function is extended to deliver a problem management function to ensure analysis of root causes and to prevent incidents from recurring in the future.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- NHS Network (N3)
- Scottish Wide Area Network (SWAN)
- Health and Social Care Network (HSCN)
Pricing
- Price
- £0 to £8 a user a month
- Discount for educational organisations
- No
- Free trial available
- No