SIDQAM LTD

Community Physiotherapy MSK Patient Record

Our Physiotherapy/MSK app provides user-friendly graphics to assist in diagnosis. Instead of drawing on paper, we use a full 360 degree view of a body chart, allowing clinicians to click an area to record relevant information.
The app can be used online/offline and can exchange data with existing trust systems.

Features

  • Integrated clinical record from existing trust / GP systems
  • Interoperability standards used
  • Online and offline working in secure environment
  • Record clinical data
  • API use
  • Push and pull data
  • AI for user input
  • Tablet and web use
  • Design based on graphics and AI to help clinicians
  • Patient access to records via the Patient Portal

Benefits

  • Manage patients in community settings using graphical interface
  • Saves time and alerts show latest hospital activity
  • View integrated clinical record
  • Enables compliance with Digital Plan using existing systems
  • Interoperability standards in place
  • Exchange data with NHS systems using standards
  • Access to records anywhere anytime
  • Offline working supported
  • Patient access to records to monitor health
  • Reporting included

Pricing

£120 to £150 per user per year

Service documents

Framework

G-Cloud 11

Service ID

3 7 8 2 5 4 2 1 9 7 6 9 1 4 5

Contact

SIDQAM LTD

Business Development Unit

07737714106

direcht@sidqam.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Can be integrated with existing electronic patient record (EPR) /Case management system/GP systems and PAS with HL7 standard messages.
Cloud deployment model
Private cloud
Service constraints
- N3/HSC network
- Viewing external patient data is dependent on having active sharing data agreements in place.
System requirements
  • Server housed within the NHS cloud environment
  • Minimum specification for PC/Web environments
  • Minimum specification for Android Tab environments

User support

Email or online ticketing support
Email or online ticketing
Support response times
Email to support@sidqam.co.uk
Support is provided in line with our support levels below.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
P 1 - Service unavailable for all users - Resolution time 6 working hours

P 2 - Individual Direcht service unavailable - Resolution time 8 working hours

P 3 - Core/Clinical module failure - Resolution time 24 working hours

P 4 – Non-core module failure - Resolution time 50 working hours

P 5 – New requirements or screen changes or UX issues- Resolution time potential future release if agreed by supplier-customer support group
Support available to third parties
No

Onboarding and offboarding

Getting started
Training is provided as part of the implementation project. The trust should nominate clinical champions / expert users to deal with routine queries after implementation. Documentation is also provided and there is help within the system.
The apps are intuitive, based on current recording methods, so will be familiar to staff.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The data stored from our systems is usually pushed back into existing EPR. If no system exists, a copy of new data collected will be stored on the server housed at the trust; the trust always has access and control of its data. If the trust chooses not to use the app, the data would remain accessible on the trust server.
End-of-contract process
All data will be extracted from the system and provided to Trusts in JSON/XML format.

Once the trusts confirms safe receipt of data on their systems Sidqam Ltd will destroy all the data present on our servers and provide a written confirmation of the same.

Data extraction in another format other than JSON/XML will incur a cost / tbf.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install
Yes
Compatible operating systems
Android
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The Android Tab is designed a carry away system to read and write data to. This will work both online and offline.

The web version is a read only view of the data and MIS reporting are available through the web.
Service interface
No
API
Yes
What users can and can't do using the API
Patient API allows a third party system to consume data from Direcht Systems and it allows users to put consultations into the patient’s medical record as a consultation.
Direcht Systems has the functionality to send structured data (ISO 13606 models) to a third party solution in order to allow transfer of care between systems.

Sidqam is open to working with any third party supplier and our interface specifications are based on existing healthcare standards such as HL7.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
We work with trusts during implementation to tailor clinical screens to both display useful information and allow staff to record information. All clinical screens can be customised to meet trust requirements.

In addition the system also has a built in functionality which adopts to users pattern of using the system and adopts its interface.

Scaling

Independence of resources
Direcht Systems provide both vertical and horizontal scaling.

The system has been designed to manage large volumes of patient transactions in an efficient manner.

The use of ISO13606 as the underlying architecture provide the flexibility to scale and adopt.

Analytics

Service usage metrics
Yes
Metrics types
We provide a series of metrics based on data available. However trusts can define metrics they wish to view, the reporting tools are included in the software.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Data is stored in a way that demographic data and clinical data are stored in different set of tables. They are only linked at run-time with the two factor authentication.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
The Direcht systems provide an out of box reporting tools accessible via its web version which can be exported to Microsoft Excel for further analysis. We work with trusts to help define data the requirement and the standards used for export. This is our data extraction services for customers wishing to analyse more complex criteria. We also provide a data analytics service with can be purchased separately.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • XML
  • HL7
Data import formats
Other
Other data import formats
  • JSON
  • XML
  • HL7

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Application availability 98% with a threshold of 96%. Infrastructure downtime or other incidents within Force Majeur, planned or unplanned, is excluded from this calculation.
Approach to resilience
Available on request. Resilience provided by underlying hosting platform.
Outage reporting
E-mail alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
• Username and two-factor authentication
• Limited access over dedicated link, enterprise or community network
• Role Base Access Controls (RBAC)
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Sidqam Ltd is committed to ensuring security governance is given the highest level of importance. We have consultants who have worked in the security and information governance domain and are helping us to achieve the ISO/IEC 27001 certification.
Information security policies and processes
Our Information Security management System is used as a tool to assist us to identify and comply with business and legal/regulatory requirement and contractual security obligations. All Procedures are reviewed once a year to make sure they comply. All staff are required to comply with our information security guidelines.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our configuration and change management processes services are aligned to ITIL. All build and configuration assets are version controlled using source control. All changes are peer reviewed by at least two others and UAT performed before being merged into the base codebase.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We do in-house penetration testing. Any known vulnerabilities should be patched within 24 hours. In addition we have robust vulnerability management processes in place within Microsoft Azure to identify, triage, and mitigate vulnerabilities.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Realtime monitoring is in place to monitor potential compromises.
Microsoft Azure communicates any data breach if it becomes aware of such.
Escalation processes are in place once any compromise is identified.
The degree of compromise will determine resource allocation and urgency of response. In most cases any compromise will be addressed immediately.
Incident management type
Supplier-defined controls
Incident management approach
Customers can phone or email with incidents. We use an incident management tool (Zoho) that has built-in reporting. In addition we also have procedures for
- Conducting risk assessments for discovered security incidents.
- Notify clients in the event a security incident occurs.
- Revising our annual Security Risk Analysis and Risk Management Plan as necessary.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Yes
Connected networks
NHS Network (N3)

Pricing

Price
£120 to £150 per user per year
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑