Dermatologist designed, N3 enabled SaaS coordination platform tracks, plans and reviews care.
Remote-referral-to-discharge, image calibrated, workflows enrich distributed clinical collaboration and sanction compliance to entire tele-dermatological standards.
Pathpoint™ database architecture mimics the dynamics of patient care, automatically coding clinical treatment via SNOMED-CT NLP referencing to yield superior analytical outcomes.
- Tele-dermatology: Automatic image calibration, sanctions quality and specification compliance
- Tele-dermatology: Macro and dermoscopy image support
- Tele-dermatology: On-screen patient signature consent capture & tracking
- Skin cancer MDT collaborative workflows
- Centralised skin lesion biopsy planning and booking
- TWW support and automatic breach warning notifications
- Workflow: Tele-dermatology, clinical grade appropriate user advice & guidance
- Clinical pathway: Photo-therapy
- Clinical pathway: Skin patch testing
- Real-time service metric review
- Standardized, digital referral-to-discharge, comprehensive tele-dermatology tracking service
- Simplified collaboration for decentralized, multi-site clinical teams
- Integrated with existing systems
- Locally customized clinical pathways
- Conspicuous uptake in biopsy lists utilization
- Reduced urgent skin lesion load on outpatients service
- Discernible reduction in adverse incidents and complaints
- Easy access diagnosis/procedural lists for clinical audit and research
- Observable TWW compliance and patient safety improvement
£15000 to £78000 per licence per year
- Education pricing available
- Free trial available
Open Medical Ltd
0203 475 2955
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Pathpoint™|
|Cloud deployment model||Public cloud|
|Service constraints||Requires N3/HSCN access|
|System requirements||IE 11+ or Chrome/Firefox/Safari browser|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Week days - within 8 hours.
Weekends - within 12 hours.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AAA|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Onsite support|
Licence subscription includes:
Business-as-usual - single point-of-contact client support; managing delivery and resolution of service queries.
Extra-ordinary - 24 x 7 x 365 same-day on-site support to resolve high severity live system application related incidents.
|Support available to third parties||Yes|
Onboarding and offboarding
Installation: The on-boarding program is designed to ensure minimal disruption to departmental working practices.
Week 1: A small team of trainers deployed to each department to provide full on-site, on-the-job training.
Week 2-4: Weekly one day training resource.
On-going: Training sessions coincide with the induction day of new clinical staff throughout the duration of the contract. Training assets: wall posters, eLearning video demonstrations, manuals, client support phone/email.
|End-of-contract data extraction||
Contract termination does not result in service discontinuation. System remains live in read-only state.
Exported SQL files and a binary archives are generated and provided automatically.
Data extraction via JSON:API or FHIR API directly from the system is also available.
OpenMedical licenses are SaaS products.
Where recommissioning is not optioned at the end of subscription period, there are no additional costs.
The service remains available with a full read-only functionality and can be resumed at any time.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||No difference|
|What users can and can't do using the API||EDerma is a decoupled service that can be fully operated via APIs. JSON:API, FHIR, and HL7 v2.x APIs are available out of the box allowing all CRUD operations via basic or cookie authentication. Any authorised user of the service can make any changes allowed by their access role with no limitations.|
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
EDerma out-of-the-box system pathway and interfaces can be modified to clinical team specifications.
The patient and clinical pathway entities are fully customisable and can be added, changed or removed (including specific data fields).
The refinements process is managed by OpenMedical's engineering team, in association with clinical team leaders.
|Independence of resources||
The system's load balancing process automatically provisions additional VMs and containers. Upscaling system resources in response to request loads.
Furthermore OpenMedical employs a number of processor reduction techniques, including multiple cache-like layers for querying and outputs with forced tag and context cache expiration.
|Service usage metrics||Yes|
Our systems are designed to track, plan and review patient care.
Embedding coded-fields into the data-storage architecture allows OpenMedical to manipulate and present service metrics at a range of granularity levels. Includes Clinical: diagnosis/procedure specific data, temporal, demographic.
Health management: KPIs, referral source, time-of-day, year-on-year, service capacity/level boundaries.
Auditing: User data access tracking.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Authenticated users can export their data via the JSON:API / FHR API /directly via the user interface as an CSV file.|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Our standard Service Level Agreement guarantees 99.9% server up-time.
Any unscheduled service outage for more than 1 hour after reporting is refunded at its full subscription price for the outage duration.
|Approach to resilience||Available on request|
|Outage reporting||The service reports any outages via a public API, by email alerts to all clinical team leads and nominated secondary addresses.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Client determines access requirements to match their specific organisational needs. Role-based and team-based access system manages system's restrictive access controls, constraining user functionality assignment; including writing, editing and viewing. Team-based permissions are dependent on data-originating teams. Role-based access restricts system-wide processes and data such as management, user-auditing and interface channels.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||N3 Assurance and NHS Digital IGT|
|Information security policies and processes||The following policies are used to capture and monitor security: Data Protection Policy, Information Risk Policy, Information Security Policy, Network & Mobile Security Policy, Pseudonymisation Policy, Recruitment and Contracting Policy, Secure Data Transfer Procedure, eTrauma System Level Security, eTrauma Data Flow Mapping. A dedicated team with the responsibility to monitor the above is contactable at firstname.lastname@example.org. All security policies are reviewed every 6 months internally and verified every year independently.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Change management policies ensure all the changes are assessed, approved, implemented and reviewed in a controlled manner. All changes will be recorded in the service management tool following an explicit process: Recording of all changes, Classification, Risk assessment for their risk, Impact and business benefit, Approval and authorisation, Coordination for implementation of changes, Post implementation review, Post implementation feedback.|
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||The vulnerability management process follows a mandatory workflow: Preparation, Vulnerability scan, Remediation actions definition, Remediation actions implementation, Vulnerability scanning.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Compromise scanning: Three-way data surveillance, including database and binary data tracks identification alteration. Daily reconciliation of all IP access logs outside the N3 network.
Compromise response: Suspected authentication/access or integrity immediately escalated to engineering and infrastructure team for assessment and action.
Confirmed compromises: Reported as per the Information Risk Policy to SIRO, senior management, ICO, NHS Digital and the client organisation Information Security and IG teams.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Recorded incident reporting and pre-existing incident response processes are in-place.
All incidents and adverse events are reported and recorded according to Information Risk Register Policy and cross-referenced to the Disaster Recovery and Business Continuity Plans.
IG SIRIs will be managed in accordance with the Incident Management Procedure.
All incidents are reported to SIRO, senior management, ICO, NHS Digital and the client organisation immediately.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£15000 to £78000 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Universal four-month trial period. Full access to system. Includes evidence based service improvement evaluation.|