Orion Health Ltd

Amadeus Platform

Amadeus is an award-winning interoperability platform delivering a comprehensive approach to acquiring, enriching, presenting and analysing actionable health and care data. The scalable and open platform supports population health management initiatives, precision medicine and value-based care models, and provides healthcare professionals with real-time cognitive support at the point of care.

Features

  • Single, comprehensive integrated digital care record
  • Seamless integration and visualisation of healthcare data from disparate sources
  • Integrated workflow and care coordination tools
  • Integrated medicines platform for complete, patient-centric view of medications
  • Patient Portal gives individuals easy access to their health record
  • Virtual Care tools enable remote patient monitoring and engagement
  • Reporting dashboards and visualisations for exploring data in the system
  • Modular infrastructure providing a highly scalable and flexible platform
  • Built using the latest industry standards (FHIR, HL7, standard APIs)
  • Advanced, granular privacy capability provides controlled access to patient information

Benefits

  • Improved care delivery and patient outcomes using a secure solution
  • More timely and informed decision-making at the point of care
  • Reduce clinical risk through informed decision-making and medicines reconciliation
  • Reduced healthcare costs, e.g. repeated tests, appointments and unnecessary admissions
  • Empower patients to engage and take control of their wellbeing
  • Enhanced management of chronic patients using technology in their home
  • Improved communication and collaboration between multiple health and care providers
  • Optimise clinicians time by aggregating data into a single system
  • Improved safety and privacy through risk management procedures and activities
  • Improved patient experience in meeting individual needs and care planning

Pricing

£0 to £8 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial_uki@orionhealth.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

3 3 5 2 7 8 6 7 4 2 5 7 6 9 8

Contact

Orion Health Ltd Shaun Kearney
Telephone: 08003686290
Email: commercial_uki@orionhealth.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
The service is based on an open, modular software stack and constraints of the service vary dependant on the modules taken within the Amadeus platform. The service is browser-based, dependencies detailed below.
System requirements
  • Desktop Operating Systems: Windows 7 or above, macOS
  • Secure browser-based via HTTPS
  • Supported browsers: Chrome, Microsoft Edge, IE11, Mozilla Firefox, Safari
  • Mobile browsers: Mobile Mozilla Firefox, Mobile Safari, Mobile Chrome
  • Database servers: Oracle, SQL Server

User support

Email or online ticketing support
Email or online ticketing
Support response times
The Orion Health Support Tracker is an online tool for logging and tracking all client requests with our Client Support Services Team. Support Tracker has several levels of prioritising issues, referred to as the Fault Priority Level. Queries are assigned a Level depending on how critical the problem is. Orion Health's standard Initial Response Times per Ticket (incident) are:
Level 1 (Production Failure - Critical) - 30 minutes;
Level 2 (Production Degradation - Urgent) - 1 hour;
Level 3 (Functional Impact - Major) - Next Working Day;
Level 4 (No Production Impact - Planned) - Next Working Day.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Orion Health works with clients to tailor a support package that meets their specific needs. We provide 24x7x365 support ranging from 3rd line support through the Customer Support Services (CSS) help desk, and a comprehensive managed service for the Orion Health applications and supporting architecture through the Orion Health Application Managed Service (AMS). Both the CSS and AMS are supported through the ITIL aligned customer support services and delivery services of: Incident Management, Problem Management, Change Management, Release Management, Configuration Management, Service Level Management, Availability Management, Capacity Management, IT Service Continuity Management, Monitoring Tools.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Orion Health offers a wide range of training courses and materials to facilitate rapid adoption of the solution. Training is offered through:

- Online Academy; online self-paced modules with quizzes and file submissions graded by an experienced Orion Health trainer.

- Instructor-led; face to face training with an experienced Orion Health trainer, often at the customer site.

- Webinar; instructor-led training with the convenience of a virtual learning environment.

A 'Train the Trainer' approach is often recommended, whereby Orion Health provide the local team with the knowledge and skills necessary to establish an ongoing end user program independent of Orion Health resources.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
At the end of a contract, users can export their configuration and data before the server is cleared by Orion Health. Orion Health retains all intellectual property in the software, and grants a perpetual license to the customer, subject to payment of the license fee. The customer owns the configuration of the Orion Health solution at the customer site. The customer does not receive the source code of the software, but Orion Health offers an escrow service at an additional cost.
End-of-contract process
An agreed exit plan will be included in any contract with a customer, and Orion Health would comply fully with the requirements as set out for contract exit in the contract. The exit plan will contain all the detail necessary to affect a smooth and orderly termination of the services and hand-over to the customer or a new service provider. As such the deliverables and activities that would typically form part of an exit and handover include the obligations of each party, applicable schedule and timescales and the approach to data migration.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Amadeus is 100% web based and can be accessed from any web enabled device. This includes desktops, laptops and tablets and means that staff can use the system from a range of locations and devices, providing they have internet connection. The Amadeus platform is mobile responsive; the display will dynamically adjust to the screen size in use (desktop, tablet, mobile).
Service interface
Yes
Description of service interface
The web-based Clinical Portal provides a single point of entry to the consolidated patient record, providing users with the ability to extract maximum value from the information as quickly as possible. Clinical Portal arranges data into a unified and consistent patient-centric view, making it relevant to the role of the user. The interface is easy to use; it has an efficient, modern and intuitive graphical interface that will be familiar to anyone who has browsed the internet and used common clinical systems. The Clinical Portal interface supports WCAG accessibility guidelines and is highly configurable.
Accessibility standards
WCAG 2.1 A
Accessibility testing
We actively test assistive technologies such as VoiceOver and JAWS and have implemented the necessary code as per the standards to enable other types of assistive technologies.
API
Yes
What users can and can't do using the API
Third party developers can access the rich data and services held in Amadeus through our Open APIs, which are built using industry standards such as REST and HL7 FHIR. Our APIs provide access to structured data resources held within the service, such as demographics, encounters, medications, etc. They currently provide read only capability.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Amadeus provides a high level of customisation options, for both administrators and users, to meet the needs of individual clinicians and departments and/or specialities. Users can customise the way data is presented on the clinician homepage and patient summary screen to present information that is most relevant to the individual users' workflow. Administrators can easily undertake day-to-day configurations, as well as more specialised administration tasks, such as configuring Users and User Groups for access, User interface, Adding and deleting applications, User messaging, Automatic application monitoring and user notifications.

Scaling

Independence of resources
Each customer has their own instance of the service with dedicated application and database servers. The service uses elastic scaling load balances to handle peaks in demand and service monitoring allows proactive scaling of hosting infrastructure.

Analytics

Service usage metrics
Yes
Metrics types
Orion Health provides a range of system metrics and reports, depending on the client need. Examples include: Total monthly logins, Account status, Total licences used, Monthly users created, Total tickets logged/open/closed for a month, Any high priority issues, Any problem tickets, Any outages, Server space report / Disk space used, Total messages processed, Portal account summary, Patient access review, Number of patient records viewed, Number of patient records available, Monthly usage figures (total logins), Number of pathology reports viewed, Number of radiology reports viewed, Open incidents.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
At the end of a contract, users can export their configuration and data before the server is cleared by Orion Health. Orion Health retains all intellectual property in the software, and grants a perpetual license to the customer, subject to payment of the license fee. The customer owns the configuration of the Orion Health solution at the customer site. The customer does not receive the source code of the software, but Orion Health offers an escrow service at an additional cost.
Data export formats
  • CSV
  • Other
Other data export formats
XML
Data import formats
  • CSV
  • Other
Other data import formats
Data can be uploaded in any documented format

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Orion Health offer high availability solutions that are operational 24/7, 365 days per year. Typically, the only downtime is for scheduled maintenance (i.e. upgrades) which are usually scheduled for off-peak hours when there are minimal users online. Most Orion Health customers experience availability of at least 99.9%, with some operating at 99.99%.
Approach to resilience
The Amadeus platform architecture provides high availability in all components of the service using elastic scaling infrastructure, connection load balancers with service health monitoring, multiple redundant nodes geographically distributed over two or more availability zones, and block level data replication.
Outage reporting
Outages are handled as part of our Incident Management process and reported through real-time customer communications and monthly reports.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Amadeus supports Role Based Access Control (RBAC) whereby access is controlled based on the user's role and their membership in one or more user groups (e.g. administrator level access). Management access (e.g. for engineers) must be requested explicitly by individuals requiring access. Requests are reviewed and approved in accordance with our documented security policy and, if appropriate, granted with time bound, least privileged, constraints.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Lloyd's Register
ISO/IEC 27001 accreditation date
02/12/2019
What the ISO/IEC 27001 doesn’t cover
The ISO/IEC 27001:2013 certification is applicable to the provision of Interoperable Health Software from the Orion Health UK and Ireland business, including our London, Glasgow and Belfast offices, and third party hosting services. This includes sales, implementation and support functions being delivered to the public and private sector.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • ISO 27001:2013
  • Data Security and Protection Toolkit (DSPT)
  • Information Commissioners Office registration
  • Data Protection Act 2018
  • General Data Protection Regulation (GDPR)
  • Caldicott Principles
  • The services utilises Amazon Web Services (AWS) cloud hosting
  • AWS is compliant with a series of global security standards
  • Such as ISO 27001, 27017, 27018, 9001,
  • CSA STAR 1 and 2, NCSC, DSPT, Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
- Data Security and Protection Toolkit (DSPT)
- Information Commissioners Office registration (see Z8683942)
- Data Protection Act 2018
- General Data Protection Regulation (GDPR)
- Caldicott Principles
Information security policies and processes
Orion Health has adopted an internationally recognised information security management standard, ISO 27001:2013, in order to provide a systematic approach to managing confidential and sensitive information so that it remains secure. Using this standard as a baseline, Orion Health implements an Information Security Policy to control the governance and protection of our customers’ information assets under our care, as well as our own information. Our Information Security Policy is supported by a collection of administrative, technical, and physical policies and processes aligned with best practice advised by ISO 27002:2013 and expected by Article 32 GDPR. These policies and procedures ensure the integrity and confidentiality of personal data (including health data) and protect against anticipated threats or hazards to the security or integrity of such information.

The Information Security policy is approved by senior management and subject to continuous, systematic review and improvement. Orion Health has established a “secure by design” program that considers security as integral to the service lifecycle and regularly engages employees in Information Security, Privacy, and Code of Conduct training.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The Change Management process is managed as part of our industry standard ITIL aligned customer support service. We operate a structured change control process so that where additions and changes are required they go through a thorough process of requirements gathering and joint agreement.
Our Change Management process ensures all changes to the architecture and its components (Configuration Items) are authorised and documented and appropriately managed to ensure that impact on the system is kept to a minimum.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Orion Health subscribes to various agencies for information and alerts related to emerging threats and vulnerabilities. Additionally, Orion Health conducts internal and external security scans of all Orion Health managed production environments, on at least a monthly basis. All findings are managed using Orion Health's Patch and Vulnerability process. The risk associated with each finding is assessed, and remediation is prioritised and managed in accordance with the Orion Health Risk Management Process.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The Orion Health solution is monitored 24x7x365 by the Security Operations Center provided by the Managed Security Services Provider. This includes real time log monitoring, via a SIEM, from various log sources including Firewalls, Intrusion Prevention/Detection Systems, File Integrity Management, Anti-Malware, as well as infrastructure and administrator log events. Access to the environment is controlled via business requirements, strict minimum necessary permissions, and MFA. Access audits are conducted twice a year.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
The Incident Management process is managed as part of our industry standard ITIL aligned customer support service through the provision of the Orion Health Customer Support Service Desk. The Support Desk is responsible for receiving and processing service requests, for assisting users, and for coordinating incident resolution. Customer incidents are logged via a toll-free support telephone number and through an online support system, Support Tracker.
The incident management function is extended to deliver a problem management function to ensure analysis of root causes and to prevent incidents from recurring in the future.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • NHS Network (N3)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Pricing

Price
£0 to £8 a user a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial_uki@orionhealth.com. Tell them what format you need. It will help if you say what assistive technology you use.