Community Physiotherapy MSK Patient Record
Our Physiotherapy/MSK app provides user-friendly graphics to assist in diagnosis. Instead of drawing on paper, we use a full 360 degree view of a body chart, allowing clinicians to click an area to record relevant information.
The app can be used online/offline and can exchange data with existing trust systems.
- Integrated clinical record from existing trust / GP systems
- Interoperability standards used
- Online and offline working in secure environment
- Record clinical data
- API use
- Push and pull data
- AI for user input
- Tablet and web use
- Design based on graphics and AI to help clinicians
- Patient access to records via the Patient Portal
- Manage patients in community settings using graphical interface
- Saves time and alerts show latest hospital activity
- View integrated clinical record
- Enables compliance with Digital Plan using existing systems
- Interoperability standards in place
- Exchange data with NHS systems using standards
- Access to records anywhere anytime
- Offline working supported
- Patient access to records to monitor health
- Reporting included
£120 to £150 per user per year
Business Development Unit
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Can be integrated with existing electronic patient record (EPR) /Case management system/GP systems and PAS with HL7 standard messages.|
|Cloud deployment model||Private cloud|
- N3/HSC network
- Viewing external patient data is dependent on having active sharing data agreements in place.
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Email to firstname.lastname@example.org
Support is provided in line with our support levels below.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
P 1 - Service unavailable for all users - Resolution time 6 working hours
P 2 - Individual Direcht service unavailable - Resolution time 8 working hours
P 3 - Core/Clinical module failure - Resolution time 24 working hours
P 4 – Non-core module failure - Resolution time 50 working hours
P 5 – New requirements or screen changes or UX issues- Resolution time potential future release if agreed by supplier-customer support group
|Support available to third parties||No|
Onboarding and offboarding
Training is provided as part of the implementation project. The trust should nominate clinical champions / expert users to deal with routine queries after implementation. Documentation is also provided and there is help within the system.
The apps are intuitive, based on current recording methods, so will be familiar to staff.
|End-of-contract data extraction||The data stored from our systems is usually pushed back into existing EPR. If no system exists, a copy of new data collected will be stored on the server housed at the trust; the trust always has access and control of its data. If the trust chooses not to use the app, the data would remain accessible on the trust server.|
All data will be extracted from the system and provided to Trusts in JSON/XML format.
Once the trusts confirms safe receipt of data on their systems Sidqam Ltd will destroy all the data present on our servers and provide a written confirmation of the same.
Data extraction in another format other than JSON/XML will incur a cost / tbf.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||Android|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
The Android Tab is designed a carry away system to read and write data to. This will work both online and offline.
The web version is a read only view of the data and MIS reporting are available through the web.
|What users can and can't do using the API||
Patient API allows a third party system to consume data from Direcht Systems and it allows users to put consultations into the patient’s medical record as a consultation.
Direcht Systems has the functionality to send structured data (ISO 13606 models) to a third party solution in order to allow transfer of care between systems.
Sidqam is open to working with any third party supplier and our interface specifications are based on existing healthcare standards such as HL7.
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||
We work with trusts during implementation to tailor clinical screens to both display useful information and allow staff to record information. All clinical screens can be customised to meet trust requirements.
In addition the system also has a built in functionality which adopts to users pattern of using the system and adopts its interface.
|Independence of resources||
Direcht Systems provide both vertical and horizontal scaling.
The system has been designed to manage large volumes of patient transactions in an efficient manner.
The use of ISO13606 as the underlying architecture provide the flexibility to scale and adopt.
|Service usage metrics||Yes|
|Metrics types||We provide a series of metrics based on data available. However trusts can define metrics they wish to view, the reporting tools are included in the software.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Other data at rest protection approach||Data is stored in a way that demographic data and clinical data are stored in different set of tables. They are only linked at run-time with the two factor authentication.|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||The Direcht systems provide an out of box reporting tools accessible via its web version which can be exported to Microsoft Excel for further analysis. We work with trusts to help define data the requirement and the standards used for export. This is our data extraction services for customers wishing to analyse more complex criteria. We also provide a data analytics service with can be purchased separately.|
|Data export formats||
|Other data export formats||
|Data import formats||Other|
|Other data import formats||
|Data protection between buyer and supplier networks||Private network or public sector network|
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||Application availability 98% with a threshold of 96%. Infrastructure downtime or other incidents within Force Majeur, planned or unplanned, is excluded from this calculation.|
|Approach to resilience||Available on request. Resilience provided by underlying hosting platform.|
|Outage reporting||E-mail alerts|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
• Username and two-factor authentication
• Limited access over dedicated link, enterprise or community network
• Role Base Access Controls (RBAC)
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||Sidqam Ltd is committed to ensuring security governance is given the highest level of importance. We have consultants who have worked in the security and information governance domain and are helping us to achieve the ISO/IEC 27001 certification.|
|Information security policies and processes||Our Information Security management System is used as a tool to assist us to identify and comply with business and legal/regulatory requirement and contractual security obligations. All Procedures are reviewed once a year to make sure they comply. All staff are required to comply with our information security guidelines.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Our configuration and change management processes services are aligned to ITIL. All build and configuration assets are version controlled using source control. All changes are peer reviewed by at least two others and UAT performed before being merged into the base codebase.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||We do in-house penetration testing. Any known vulnerabilities should be patched within 24 hours. In addition we have robust vulnerability management processes in place within Microsoft Azure to identify, triage, and mitigate vulnerabilities.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Realtime monitoring is in place to monitor potential compromises.
Microsoft Azure communicates any data breach if it becomes aware of such.
Escalation processes are in place once any compromise is identified.
The degree of compromise will determine resource allocation and urgency of response. In most cases any compromise will be addressed immediately.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Customers can phone or email with incidents. We use an incident management tool (Zoho) that has built-in reporting. In addition we also have procedures for
- Conducting risk assessments for discovered security incidents.
- Notify clients in the event a security incident occurs.
- Revising our annual Security Risk Analysis and Risk Management Plan as necessary.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||Yes|
|Connected networks||NHS Network (N3)|
|Price||£120 to £150 per user per year|
|Discount for educational organisations||No|
|Free trial available||No|