Medayo provides medical and management staff with real time information allowing them to focus on the patient's care.
With the capability of integrating with external systems; Medayo provides a unified view of the patients' journey, overview of the hospital and other care providers.
- Real-time Care Management
- Patient Timeline
- Smart Bed Management
- Hospital Insights
- Meaningful and deep customisable reporting
- Rich API
- Seamless integration
- Device agnostic
- Streamlined patient journey
- Improved patient care
- Reduced length of stay
- Intuitive view of hospital operations
- Better management of resources
- Reduced administrative load on staff
- Identifies discrepancies in patient care
- Identify infection breakouts
£15000 per unit per month
- Free trial available
|Software add-on or extension||No|
|Cloud deployment model||Hybrid cloud|
There are no service constraints.
We will liaise and work with customers on all planned arrangements and any specific configurations required.
Customers can contact Medayo with any questions regarding the solution.
|Email or online ticketing support||Email or online ticketing|
|Support response times||Medayo will aim to respond to emails within 3 business days (Monday to Friday)|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Priority support is provided as per the following tiers
1 - Service not available (all users and functions unavailable).
Response time: 1 hour
Resolution time: ASAP - Best Effort
Escalation threshold: 2 hours
2 - Significant degradation of service (large number of users or business critical functions affected)
Response time: 2 hours
Resolution time: ASAP - Best Effort
Escalation threshold: 4 hours
3 - Limited degradation of service (limited number of users or functions affected, service use can continue).
Response time: 4 hours
Resolution time: Within one working day
Escalation threshold: 8 hours
4 - Small service degradation (service use can continue, specific user/s affected).
Response time: 8 hours
Resolution time: Within one working day
Escalation threshold: 8 hours
Medayo offers a premium support package which is tailored to your specific needs on a per customer basis.
|Support available to third parties||Yes|
Onboarding and offboarding
When Medayo is deployed users will be keen to start using it. The service is designed to be simple and intuitive to use and with our three day onsite training your staff will able to use it proficiently
We understand that healthcare is a demanding, varied sector thus further training may be required to accommodate staff availability and working patterns. This can be arranged upon request.
Technical aspects of our system are clearly documented and available anytime.
The software contains inbuilt assisted help at the click of a button. Separate user guides are available.
|End-of-contract data extraction||
Patient information and it's integrity is at the core of Medayo's services. We will assist in any way possible to ensure the security and transfer of this data should a customer decide to stop using our service.
This will be performed as part of our offboarding process.
Guidance will be provided on the correct decommissioning of our service and Medayo will work with customers to ensure data is transferred securely and safely to a nominated information asset owner (IAO).
Decommissioning support is provided at our day rate which is available in our pricing document.
We estimate decommissioning and data transfer to take two working days but this will vary based on specific customer needs and setup.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
The solution allows hospital staff to interact with Medayo on the move. The mobile service is different in that the user experience is tailored to the smaller screen of smartphones and tablets.
Mobile features include:
- Mobile allows care at the bedside providing instantaneous secure access to the patients care information.
- Mobile data exchange facilitates smooth and accurate handover
- Collaboration controls and exchanges enrich staff interactions, while keeping focus on the patients care
- Record essential encounters with the patient
- Patient centred care checklists
|Accessibility standards||WCAG 2.0 AA or EN 301 549|
No assistive technology testing has be carried out at this time but we believe that this is an important requirement and is an aim for us to complete.
Medayo uses Google Material for it's main UI baseline which has been created with accessibility as one of it's founding principles.
|What users can and can't do using the API||
All functions of Medayo are available via our API. This allows customer's and third party vendors systems (if authorised) to add, amend or retrieve information from Medayo. The API allows complete control including system setup and configuration.
Medayo runs a RESTful API service which can respond with either JSON or XML content type.
The API access is controlled by scopes which allows a fine degree of control over individual/system access levels. For example the "view_patient" scope only allows a user or system to read patient demographics. They are unable to create, modify or interact with the patient record otherwise.
Contact Medayo if you have specific technical questions around our API.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
All workflows can be created and managed by users at specific authentication levels.
System administrators can manage user access to ensure only the right information is visible to the right people. Scopes allow restriction and control of features/data down to an individual user level.
For example users such as hospital managers with the scope "edit_dashboard" will be able to customise dashboard views to show information that is important to them.
|Independence of resources||
Medayo was built with scale in mind utilising the microservices architecture. This allows the business to scale Medayo independently using decentralised load balanced autonomous services.
Each component can be scaled to meet demands of users. For example, if a core hospital system required complex information from the Medayo reporting API, the reporting component can be scaled independently without affecting users.
|Service usage metrics||Yes|
Medayo has a range of analytical information about both system usage and health statistics.
- System health check
- System ping
- Server usage
- Node stats
- Service availability
- Cluster health
- Real-time notifications of downtime
- Application logging
- API audit log
All logging is provided through our search giving you rapid in-depth diagnosis.
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
All data is available through our API service as JSON or XML.
Medayo also provides reporting which can be exported in a wide range of standard formats. Reports can also be generated via the API for more complex needs.
Due to the secure way in which Medayo is designed, database access and dumps are not directly available by users. This information can be made available to System Administrators by request.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
Medayo shall use all reasonable commercial efforts to ensure that the Platform is available to 99.9% of the time in any calendar month.
If Medayo do not meet these levels of availability, customers may be eligible to receive a refund in the form of service credits.
|Approach to resilience||Available on request.|
Medayo provides system health checks and metrics. See Analytics
/Metrics section of the application for detailed information on this.
Webhooks are available to be setup by the administrator, providing customisable real time alerting
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Medayo leverages secure management of our services through roles and scopes. These can be configured on a per user basis giving customers complete control to securely manage use of our services.
This configuration can be done using dashboards within the system or controlled via our API ensuring that users are clearly separated within management interfaces. Our access controls are regularly tested as part of our standard software development practices.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||Other|
|Other security governance standards||Medayo follows the guidance for, and aims to comply with, CSA CCM V3.00 but we are not yet accredited.|
|Information security policies and processes||
Medayo follows HMG requirements in having named appointees in the positions of Senior Information Risk Owner (SIRO), Departmental Security Officer (DSO) and Information Technology Security Officer (ITSO).
Medayo also requires that all customers have a named appointed Information Asset Owner (IAO) compliant with the UK government security policy framework. This person will be responsible for all data access requests prior to Medayo being contacted.
Nominated information risk assessment, management and other specialists may also be required dependant on the customer's deployment of our service although this is not normally required.
Our Information Security Policy, which is subject to change, is available upon request.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||The source code for the Medayo system is stored in a typical VCS with full tracking of changes to any components. Assessment of potential security impact is embedded as part of our development lifecycle.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Medayo is regularly tested for vulnerabilities and security threats. If vulnerabilities are identified patches will be created and customers will be directly contacted with advice to upgrade. Upgrading is simple and controlled by the customer, with minimum disruption to the service.
Medayo uses a wide range of sources to identify threats and vulnerabilities which are available upon request.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Medayo maintains access and usage audit logs of our services which can be scrutinised via our dashboards and search facility. These logs are also exposed via Medayo's API allowing customers to use specific monitoring tools tailored to their needs.
Any identified compromises are taken extremely seriously and Medayo would work with customers to identify and resolve security issues through our standard support structure.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Medayo handle incident management through our standard support structure to ensure a clear and robust communication pathway for all incidents.
Medayo operate a transparent model of incident reporting and we will endeavour to keep customers abreast of all incidents and their resolution. We appreciate that some incidents may be of a sensitive customer environment specific nature and these would be kept private.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£15000 per unit per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Trial version of Medayo is available upon request and is accessible for a period of one month. This version has all features included.|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|