First Databank Europe Limited

FDB OptimiseRx

OptimiseRx supports Clinical Commissioning Groups and Commissioning Support Units in delivering their medicines optimisation strategy by providing healthcare professionals with evidence based alerts and prompts in the form of actionable reference messages, at the point of care, relating to best practice, safety and cost.

Features

• Timely, informed decision making during the prescribing workflow
• Prescribing guidance that is trusted, and acted upon
• Clinically relevant prescribing guidance specific to the patient's medical record
• Help GPs to implement standards of prescribing safety and quality
• Ability to request localisation of profile messages (authored by FDB)
• Web-based reporting functionality
• Web-based content management portal

Benefits

• Instantly translate prescribing guidance into clinical actions
• Unique prescribing data insights to make informed prescribing decisions
• Guiding prescribers to the most effective evidenced based therapies
• Messages are optimised to maximise potential savings
• Messages are patient specific to help minimise alert fatigue

£0.31 to £0.34 a person a year

Service documents

• Pricing document (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)

Framework

G-Cloud 12

Service ID

444750817383400

Contact

First Databank Europe Limited

Simon Radcliffe

07969292549

simon.radcliffe@fdbhealth.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: FDB and its hosting provider shall use commercially reasonable endeavours to schedule downtime during the hours of 9pm and 7am so as to minimise impact on the sevices.
• System requirements:
  • Valid licence with vendor clinical system
  • Licence in place with FDB
  • N3/HSCN connectivity if required for vendor clinical system
  • Internet connection compatible with IE9 and above

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: A response shall be provided within 8 business hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Dedicated Account Manager who can provide access to our technical and content team as required.; In addition, our customer service department will be available to support email and telephone enquiries. On receipt of the query from the Licensee, FDB will acknowledge via email to the Licensee the receipt of the query, and it will be logged and assigned with a unique reference number. FDB shall ensure that a log is maintained in respect to each query raised by the Licensee. Whenever so requested by Licensee, acting reasonably at all times, and during Contracted Support Hours, FDB shall provide an update report from the log with respect to any Licensee related queries.; SLA incorporated as part of the Terms and Conditions for further information.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Onsite training on the use of the FDB OptimiseRx portal to manage the messages and use the reporting capabilities is provided to the CCG/CSU medicines management teams in the set-up period, as well as discussing the need for any localised guidance.; On site demonstrations of how FDB OptimiseRx is implemented within the clinical software, and any necessary training, can be provided for GPs and practice staff.; User guides, FAQs and associated training materials are available for download from the FDB OptimiseRx portal.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: OptimiseRx data is fully integrated with the GP clinical system, and a data extract is not required.
• End-of-contract process: FDB OptimiseRx is an integral modular component of prescribing systems and can be instantly de-activated by removal of the license key.

Using the service

• Web browser interface: Yes
• Supported browsers: Internet Explorer 9
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• Description of service interface: OptimiseRx portal accessible to authorised end users.
• Accessibility standards: None or don’t know
• Description of accessibility: Not applicable.
• Accessibility testing: Not applicable.
• API: Yes
• What users can and can't do using the API: The API is integrated within the vendor's clinical system and the system is activated from within the vendor's clinical system. Users will be unable to make changes or set up through the API.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can manage their content profile via a web portal. Users can request localised messages to be authored by FDB, who will then add these messages to the CCG portal, to enable, once checked.

Scaling

• Independence of resources: Service monitoring and capacity planning is undertaken routinely by FDB.

Analytics

• Service usage metrics: Yes
• Metrics types: Please refer to the Service Definition for reports available within OptimiseRx
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Reports can be exported in CSV or PDF format.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: None

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: The environment is protected behind firewall security, and data is accessible by authorised personnel only.

Availability and resilience

• Guaranteed availability: FDB shall use reasonable efforts to ensure that the service will have a minimum uptime percentage of 99.99% at all times during the service provision time (excluding scheduled downtime and the duration of any force majeure event) in any month. Uptime is calculated on a monthly basis over each discrete calendar month by FDB.
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: Username and password restricts access to the buyer portal profile.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: Devices authorised to access the corporate network and associated systems are built, maintained and actively managed by a single business unit using AD policies and SCCM . Requests and incidents are managed within a single responsibility hierarchy using audit-enabled tooling.; ; Passwords are subject to best practice policy and enforcement and where possible all corporate-connected accounts are federated.; ; Staff are required to understand and adhere to a comprehensive IT policy and undergo annual assessment.; ; Software is developed under change-managed and independently governed processes and procedures.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All code is source controlled. ; Any changes to the services would be tested in accordance with in-house QA standards (as accredited by NICE) prior to implementation.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: FDB continuely monitor for any potential threats to our services, and if a threat were detected we would take immediate action to neutralise such threat. FDB use automatically updated anti-virus end point protection software to ensure that services are secure. Software patching is carried out on a scheduled basis (if required).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: FDB continuely monitor for any potential compromises to our services, and if a compromise were detected we would take immediate action to neutralise such compromise. FDB use automatically updated anti-virus end point protection software to ensure that services are secure. Software patching is carried out on a scheduled basis (if required).
• Incident management type: Supplier-defined controls
• Incident management approach: Users will report incidents by telephone or email to our customer services team. This incident would then be managed in accordance with our in-house policy to undertake a clinical risk assessment and root cause analysis, and any resolution would be conveyed by email. Incident report are not provided, however, users can request an update through customer services.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Pricing

• Price: £0.31 to £0.34 a person a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)