SIDQAM LTD

Community Physiotherapy MSK Patient Record

Our Physiotherapy/MSK app provides user-friendly graphics to assist in diagnosis. Instead of drawing on paper, we use a full 360 degree view of a body chart, allowing clinicians to click an area to record relevant information.
The app can be used online/offline and can exchange data with existing trust systems.

Features

  • Integrated clinical record from existing trust / GP systems
  • Interoperability standards used
  • Online and offline working in secure environment
  • Record clinical data
  • API use
  • Push and pull data
  • AI for user input
  • Tablet and web use
  • Design based on graphics and AI to help clinicians
  • Patient access to records via the Patient Portal

Benefits

  • Manage patients in community settings using graphical interface
  • Saves time and alerts show latest hospital activity
  • View integrated clinical record
  • Enables compliance with Digital Plan using existing systems
  • Interoperability standards in place
  • Exchange data with NHS systems using standards
  • Access to records anywhere anytime
  • Offline working supported
  • Patient access to records to monitor health
  • Reporting included

Pricing

£120 to £150 per user per year

Service documents

G-Cloud 11

378254219769145

SIDQAM LTD

Business Development Unit

07737714106

direcht@sidqam.co.uk

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Can be integrated with existing electronic patient record (EPR) /Case management system/GP systems and PAS with HL7 standard messages.
Cloud deployment model Private cloud
Service constraints - N3/HSC network
- Viewing external patient data is dependent on having active sharing data agreements in place.
System requirements
  • Server housed within the NHS cloud environment
  • Minimum specification for PC/Web environments
  • Minimum specification for Android Tab environments

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Email to support@sidqam.co.uk
Support is provided in line with our support levels below.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels P 1 - Service unavailable for all users - Resolution time 6 working hours

P 2 - Individual Direcht service unavailable - Resolution time 8 working hours

P 3 - Core/Clinical module failure - Resolution time 24 working hours

P 4 – Non-core module failure - Resolution time 50 working hours

P 5 – New requirements or screen changes or UX issues- Resolution time potential future release if agreed by supplier-customer support group
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Training is provided as part of the implementation project. The trust should nominate clinical champions / expert users to deal with routine queries after implementation. Documentation is also provided and there is help within the system.
The apps are intuitive, based on current recording methods, so will be familiar to staff.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction The data stored from our systems is usually pushed back into existing EPR. If no system exists, a copy of new data collected will be stored on the server housed at the trust; the trust always has access and control of its data. If the trust chooses not to use the app, the data would remain accessible on the trust server.
End-of-contract process All data will be extracted from the system and provided to Trusts in JSON/XML format.

Once the trusts confirms safe receipt of data on their systems Sidqam Ltd will destroy all the data present on our servers and provide a written confirmation of the same.

Data extraction in another format other than JSON/XML will incur a cost / tbf.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems Android
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The Android Tab is designed a carry away system to read and write data to. This will work both online and offline.

The web version is a read only view of the data and MIS reporting are available through the web.
API Yes
What users can and can't do using the API Patient API allows a third party system to consume data from Direcht Systems and it allows users to put consultations into the patient’s medical record as a consultation.
Direcht Systems has the functionality to send structured data (ISO 13606 models) to a third party solution in order to allow transfer of care between systems.

Sidqam is open to working with any third party supplier and our interface specifications are based on existing healthcare standards such as HL7.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation We work with trusts during implementation to tailor clinical screens to both display useful information and allow staff to record information. All clinical screens can be customised to meet trust requirements.

In addition the system also has a built in functionality which adopts to users pattern of using the system and adopts its interface.

Scaling

Scaling
Independence of resources Direcht Systems provide both vertical and horizontal scaling.

The system has been designed to manage large volumes of patient transactions in an efficient manner.

The use of ISO13606 as the underlying architecture provide the flexibility to scale and adopt.

Analytics

Analytics
Service usage metrics Yes
Metrics types We provide a series of metrics based on data available. However trusts can define metrics they wish to view, the reporting tools are included in the software.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach Data is stored in a way that demographic data and clinical data are stored in different set of tables. They are only linked at run-time with the two factor authentication.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach The Direcht systems provide an out of box reporting tools accessible via its web version which can be exported to Microsoft Excel for further analysis. We work with trusts to help define data the requirement and the standards used for export. This is our data extraction services for customers wishing to analyse more complex criteria. We also provide a data analytics service with can be purchased separately.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • XML
  • HL7
Data import formats Other
Other data import formats
  • JSON
  • XML
  • HL7

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Application availability 98% with a threshold of 96%. Infrastructure downtime or other incidents within Force Majeur, planned or unplanned, is excluded from this calculation.
Approach to resilience Available on request. Resilience provided by underlying hosting platform.
Outage reporting E-mail alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels • Username and two-factor authentication
• Limited access over dedicated link, enterprise or community network
• Role Base Access Controls (RBAC)
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Sidqam Ltd is committed to ensuring security governance is given the highest level of importance. We have consultants who have worked in the security and information governance domain and are helping us to achieve the ISO/IEC 27001 certification.
Information security policies and processes Our Information Security management System is used as a tool to assist us to identify and comply with business and legal/regulatory requirement and contractual security obligations. All Procedures are reviewed once a year to make sure they comply. All staff are required to comply with our information security guidelines.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our configuration and change management processes services are aligned to ITIL. All build and configuration assets are version controlled using source control. All changes are peer reviewed by at least two others and UAT performed before being merged into the base codebase.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We do in-house penetration testing. Any known vulnerabilities should be patched within 24 hours. In addition we have robust vulnerability management processes in place within Microsoft Azure to identify, triage, and mitigate vulnerabilities.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Realtime monitoring is in place to monitor potential compromises.
Microsoft Azure communicates any data breach if it becomes aware of such.
Escalation processes are in place once any compromise is identified.
The degree of compromise will determine resource allocation and urgency of response. In most cases any compromise will be addressed immediately.
Incident management type Supplier-defined controls
Incident management approach Customers can phone or email with incidents. We use an incident management tool (Zoho) that has built-in reporting. In addition we also have procedures for
- Conducting risk assessments for discovered security incidents.
- Notify clients in the event a security incident occurs.
- Revising our annual Security Risk Analysis and Risk Management Plan as necessary.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks NHS Network (N3)

Pricing

Pricing
Price £120 to £150 per user per year
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑