First Databank Europe Limited

AnalyseRx

AnalyseRx supports Primary Care Networks and Clinical Commissioning Groups in delivering proactive, well-governed, ongoing medicines optimisation across a patient population by providing actionable evidence-based best practice, safety and cost guidance integrated within existing clinical system workflows.

Features

  • Automatic identification of medicines optimisation opportunities across a practice population
  • Co-ordinate, manage and record opportunities on a patient-specific basis
  • Proactive ongoing management of patients on repeat medications
  • Measure the clinical and financial impact of medicines interventions
  • Embedded within the clinical system - no separate log-in required
  • Patient-specific algorithms ensure opportunities present in the right context
  • Full and direct access to the patient medical record

Benefits

  • Improve medicines safety, reduce ADEs and unplanned hospital admissions
  • Optimise patient outcomes and experience, reduce unwarranted prescribing variation
  • Improve operational efficiency and multi-disciplinary team working
  • Maximise the clinical pharmacist resource
  • Support the delivery of the Primary Care Network DES

Pricing

£0.40 a person a year

Service documents

Framework

G-Cloud 12

Service ID

3 5 4 1 0 9 5 9 4 0 3 4 0 1 1

Contact

First Databank Europe Limited

Simon Radcliffe

07969292549

simon.radcliffe@fdbhealth.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
N/A
System requirements
  • N3/HSCN connectivity required by Buyers (if appropriate for vendor)
  • Valid licence with vendor clinical system
  • Internet connection compatible with IE10 and above
  • Licence in place with FDB
  • Data Sharing Agreement activated in vendor clinical system

User support

Email or online ticketing support
Email or online ticketing
Support response times
First-line Support for the Licensee’s System will continue to be provided in accordance with Licensee’s service levels with its Vendor System provider. For specific FDB Licensed Solution queries, FDB’s customer service department will be available during the Contracted Support Hours, being 9.00am to 5.30pm (GMT) Monday to Friday, excluding public holidays in England. Any queries to FDB will receive a response from FDB’s customer service department during the Contracted Support Hours. On receipt of the query from the Licensee, FDB will acknowledge via email to the Licensee the receipt of the query.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
A Dedicated Account Manager for the duration of the contract.

1.1. First-line Support for the Licensee’s System will continue to be provided in accordance with Licensee’s service levels with its Vendor System provider.

1.2. For specific FDB Licensed Solution queries, FDB’s customer service department will be available during the Contracted Support Hours, being 9.00am to 5.30pm (GMT) Monday to Friday, excluding public holidays in England.

1.3. Any queries forwarded by Licensee’s nominated individual to FDB will receive a response from FDB’s customer service department during the Contracted Support Hours.
1.4. On receipt of the query from the Licensee, FDB will acknowledge via email to the Licensee the receipt of the query.

1.5. All queries received by FDB’s customer service department will be logged and assigned with a unique reference number.

1.6. FDB shall ensure that a log is maintained in respect to each query raised by the Licensee.

1.7. Whenever so requested by Licensee, acting reasonably at all times, and during Contracted Support Hours, FDB shall provide an update report from the log with respect to any Licensee related queries.

1.8. Queries will not be accepted from Authorised Users directly. Only queries from Licensee’s nominated individual will receive a response
Support available to third parties
No

Onboarding and offboarding

Getting started
Onsite or virtual training on the use of the FDB AnalyseRx is provided to the Clinical Commissioning Group medicines management teams and Primary Care Network teams in the set-up period. On site demonstrations of how FDB AnalyseRx is implemented within the clinical software, and any necessary training, can be provided for GPs and practice staff. User guides, FAQs and associated training materials will be made available.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Data extraction not required
End-of-contract process
FDB AnalyseRx is an integral modular component of prescribing systems and can be instantly de-activated by removal of the Unity Portal, and deactivating the Data Extract Agreement.

Using the service

Web browser interface
No
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
No
Customisation available
No

Scaling

Independence of resources
We are using Azure Cloud services to enable us to be as scalable as required.

Analytics

Service usage metrics
Yes
Metrics types
User activity, prescribing budget cost savings, workflow reporting, medicines optimisation opportunity progress. Further detail can be found in the Service Definition Document attached below.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
The Encryption at Rest designs in Azure use symmetric encryption to encrypt and decrypt large amounts of data quickly.
A symmetric encryption key is used to encrypt data as it is written to storage. The same encryption key is used to decrypt that data as it is readied for use in memory.
Data may be partitioned, and different keys used for each partition.
Keys must be stored in a secure location with identity-based access control and audit policies. Data encryption keys are often encrypted with a key encryption key in Azure Key Vault to further limit access.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Usage reports can be exported for the licensee on request.
Data export formats
  • CSV
  • Other
Data import formats
Other
Other data import formats
Data provided by Vendor

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
In addition, we validate a buyer using JWT authentication
Data protection within supplier network
Other
Other protection within supplier network
Azure Cloud - Data is pseudonymised to a patient identifier (unique between vendor and supplier). We use managed identities to ensure our resources are communicating with one another securely. Production access is restricted via roles to a limited number of users.

Availability and resilience

Guaranteed availability
FDB shall use reasonable efforts to ensure that the service will have a minimum uptime percentage of 99.99% at all times during the service provision time (excluding scheduled downtime and the duration of any force majeure event) in any month. Uptime is calculated on a monthly basis over each discrete calendar month by FDB.
Approach to resilience
Available upon request.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
Other
Other user authentication
Unique JWT authentication generated by the user.
Access restrictions in management interfaces and support channels
Azure Cloud - Data is pseudonymised to a patient identifier (unique between vendor and supplier). We use managed identities to ensure our resources are communicating with one another securely. Production access is restricted via roles to a limited number of users.
Access restriction testing frequency
At least once a year
Management access authentication
Other
Description of management access authentication
Azure Cloud - Data is pseudonymised to a patient identifier (unique between vendor and supplier). We use managed identities to ensure our resources are communicating with one another securely. Production access is restricted via roles to a limited number of users.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Devices authorised to access the corporate network and associated systems are built, maintained and actively managed by a single business unit using AD policies and SCCM . Requests and incidents are managed within a single responsibility hierarchy using audit-enabled tooling.

Passwords are subject to best practice policy and enforcement and where possible all corporate-connected accounts are federated.

Staff are required to understand and adhere to a comprehensive IT policy and undergo annual assessment.

Software is developed under change-managed and independently governed processes and procedures.
Information security policies and processes
Devices authorised to access the corporate network and associated systems are built, maintained and actively managed by a single business unit using AD policies and SCCM . Requests and incidents are managed within a single responsibility hierarchy using audit-enabled tooling.

Passwords are subject to best practice policy and enforcement and where possible all corporate-connected accounts are federated.

Staff are required to understand and adhere to a comprehensive IT policy and undergo annual assessment.

Software is developed under change-managed and independently governed processes and procedures.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The status, location and configuration of service components (both hardware and software) are tracked throughout their lifetime.

Changes to the service are assessed for potential security impact. Then managed and tracked through to completion.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential new threats, vulnerabilities or exploitation techniques which could affect the service are assessed and corrective action is taken
Relevant sources of information relating to threat, vulnerability and exploitation techniques are monitored by FDB.
The severity of threats and vulnerabilities is considered within the context of the service and this information is used to prioritise the implementation of mitigations.
Using a suitable change management process, known vulnerabilities are tracked until mitigations have been deployed
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
FDB utilises internet security (Cloudflare) to identify potential compromises. As an Azure Cloud hosted service, we also benefit from Azure security alerts relating to unauthorised access.
Any events are analysed to identify potential compromises or inappropriate use of the service. We take prompt and appropriate action to address incidents.
Incident management type
Supplier-defined controls
Incident management approach
Incident management processes are in place for the service and are actively deployed in response to security incidents.
Pre-defined processes are in place for responding to common types of incident and attack.
A defined process and contact route exists for reporting of security incidents by Buyers and external entities.
Security incidents of relevance will be reported in acceptable timescales and formats.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.40 a person a year
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑