BroadCare Software Limited


BroadCare supports healthcare organisations managing:
•NHS Continuing Healthcare (CHC)
•Funded Nursing Care
•Children’s CHC
•Complex, Specialist, Joint-Funded, Section 117 and Section 75 services
A secure, whole-system approach solution, BroadCare supports:
•Paperless caseload data collection, storage, retrieval
•Case management workflow
•Resource planning/scheduling/progress
•Reporting: real-time/scheduled/ad-hoc. Includes NHSEngland quarterly DHSC returns.


  • Bespoke, scalable CHC data management: data collection, storage and retrieval.
  • In-built reporting including 50 standard reports and ad-hoc report builder.
  • Supports case management including workflow, actions, activity reporting, resource scheduling.
  • Supports invoice management and has robust NHSSBS interfaces.
  • Supports the paperless agenda through e-file storage.
  • Supports NHS England national reporting including the quarterly DHSC return.
  • Fully compliant with the national CHC framework, as revised.
  • Robust security features, UK-hosted, and fully Spine compatible.
  • Ongoing product support via in-house Technical Support team and Helpdesk.
  • Widely-used across the NHS in England; team is extensively experienced.


  • Improved financial visibility and control through a comprehensive/interrogatable data set.
  • Scheme performance MI readily available through scheduled/ad-hoc reporting functionality.
  • Full visibility of CHC cohort and workload across case managers.
  • Improved invoice accuracy, leading to greater budgetary control.
  • Quicker, more secure data access and reduction in paper-based records.
  • Accurate/reliable/complete NHS E reports produced quickly/without manual input.
  • System set-up/workflows help to ensure national framework compliance.
  • Enables information governance/GDPR/Confidentiality protocols with IS risks mitigated/managed.
  • Expert support during office hours, incidents triaged ensuring timely assistance.
  • Low-risk, low-input transition and migration from existing systems/arrangements.


£21500 per licence per year

Service documents


G-Cloud 11

Service ID

4 4 6 6 3 3 7 9 8 3 5 4 5 3 7


BroadCare Software Limited

Mark Christie

07940 222592

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
System requirements
Access to a supported browser (Chrome or IE).

User support

Email or online ticketing support
Email or online ticketing
Support response times
Tickets are prioritised. Our response times are:
Critical - 1 hour (resolution time: 4 working hours)
Disruption - 1 hour (resolution time: 8 working hours)
Inconvenient - 1 hour (resolution time: 30 days)
Minor - 1 hour (resolution time: 30 days).
Support is available weekdays only.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Our in-house support team is available 8.30am - 5.00pm Monday to Friday via telephone, email and online support desk. Incidents will be assigned a ticket number and will be dealt with in priority order and in order of receipt.
We acknowledge all tickets within 1 working hours of receipt.

Priorities are:

1: Urgent, Not Usable (4 working hours resolution target)
2: High, Severe Limitation (8 working hours resolution target)
3: Medium, Moderate limitation
4: Low – Slight limitation or Request/ Query.

The advisor will notify the caller with the estimated time of resolution, according to the priority / severity of the incident.

Support is included in the licence cost.

Primary functions of the support desk include:
• Call management
• Incident and problem management
• Change & release management
• User administration and support.

The support team will answer all calls and attempt a resolution where possible. In the event that a first time fix is not possible the incident will be routed to the appropriate Technician.
Support available to third parties

Onboarding and offboarding

Getting started
Our training programme can be tailored but typically includes workplace training, e-learning packages and accompanying materials.

Training can be delivered in a traditional classroom setting with users working hands-on, providing opportunity for staff to ask questions/provide feedback, thus increasing user confidence and reducing resistance to change.

We also offer webinars which are viewed on-screen at the user’s desk and delivered by BroadCare staff remotely, we have a suite of e-learning modules for users to work through autonomously.

We also provide User Guides, Quick Reference Guides and a comprehensive online knowledge base.

Training is provided in modules to reflect roles and responsibilities within the organisation.

We provide key training modules for each standard user profile as listed below; every user must also complete the New User (45-minute session) and End User (3-hour session) Training Module.

• Administrator (for users who will enter/manage patient information)
• Nurse Assessor (for Nurses/Case Managers, who will work with reviews, enter case management information and E-Files)
• Finance (for users who will enter invoices, run payment schedules, analyse payments, review budget information, complete DHSC Quarterly Reporting)
• Supervisor (for users who provide administration support, work with BroadCare Users, Lookups Tables and Letter templates.
• Database Manager.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
As requested. This could include accessible formats including large print.
End-of-contract data extraction
We have a defined Exit Strategy and Plan, which is managed by a designated project manager to ensure a controlled, safe, secure, on-time exit is delivered to the outgoing customer.

A key deliverable in the Exit Plan is the exporting of the agreed data set in the agreed format, at the agreed time, all of which will be agreed with the customer as part of the exit planning process, and documented within the plan. Data will be transmitted according the recipient’s preferences; we will capture these during exit planning, ensuring the data is sufficiently protected during the transfer process (e.g. through encryption).

We will not delete the customer’s data from our servers until we have received written acceptance of the data set from the customer.

Throughout this process, BroadCare will conduct a professional engagement with the customer and their new supplier to ensure both parties have every opportunity to understand and transfer information and knowledge about the services previously delivered by us.
End-of-contract process
We have a defined Exit Strategy and Plan, included in the price of the contract, which is managed by a designated project manager to ensure a controlled, safe, secure, on-time exit is delivered to the outgoing customer.

Our plan will document:
• Respective responsibilities and obligations of all parties involved
• Exit timetable
• Activities of all parties
• Documentation to be provided
• Formal milestone acceptance.

Throughout the exit process, BroadCare will conduct a professional engagement with the customer and their new supplier to ensure both parties have every opportunity to understand and transfer information and knowledge about the services previously delivered by us.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Chrome
Application to install
Designed for use on mobile devices
Service interface
Description of service interface
Broadcare is a web-based system, designed to be intuitive and user friendly for both users and administrators. Its functionality, based on a modular design, covers full case management including workflow, actions, activity reporting, resource scheduling, invoices, e-file management and SPINE integration. Users can readily access information on patients' cases, as well as information on providers.
Administrators can access a comprehensive suite of reports via the Report Builder; the system also easily supports NHS England national reporting including the quarterly DHSC return.
Accessibility standards
None or don’t know
Description of accessibility
We are aware of web accessibility best practice; we ensure:
•Minimal non-text content.
•No live/pre-recorded audio/video content.
•Information/structure/relationships conveyed through presentation available in text.
•Our instructions for understanding/operating content don’t rely on sensory characteristics of components (shape/size/visual location/orientation/sound).
•We don't use only colour to convey information/indicating actions/prompting responses.
•Text/images are on white background in high-contrast colours.
•Users can zoom-in to increase text size - no loss of content/functionality.
•Text conveys information, not images of text (except logos).
•All functionality operable through keyboard.
•No flashing/moving/blinking/scrolling/auto-updating information.
•Pages/headings/labels describe topic/purpose.
•Labels/instructions for user input.
•Users cannot adjust/turn off inactivity time limit.
Accessibility testing
We have not currently carried out any testing with users of assistive technology, but would be willing to do so, if required.
What users can and can't do using the API
The API is currently not open source API and is managed by BroadCare working with clients on specific API integration.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
BroadCare uses 'look-ups'; whereby customers can define drop-down lists to meet their requirements.

Over 50 customisable look-ups exist, including for fields such as client groups, types of contract, case management notes, etc.

The system can be customised via the System Settings functionality, by those granted administration access rights. General users cannot make such amendments.


Independence of resources
As part of general maintenance protocols, our development team, working with our hosted service provider, monitors service availability through load balance testing in relation to demand from the current user population.

In the event that monitoring reveals any capacity or stress issues, or in the event of increased user numbers, the team will increase the hardware requirements such as memory, space, load balance drives until an acceptable level is once again reached.


Service usage metrics
Metrics types
We provide scheduled reporting to our customers on a monthly basis, covering the specific service metrics agreed during contract mobilisation. These could cover a range of metrics including:

- A list of all named users
- Systems usage
- Uptime
- Etc

The above to be discussed via a local review meeting if required by the customer.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
BroadCare is an SQL Database – any information recorded can be reported against using either the comprehensive suite of standard reports, or via the in-built Report Builder.

BroadCare’s search functionality for Patient/Provider data uses full record search using metadata elements. Additionally, Report Builder allows the retrieval/display of a set of data taken from different data tables within the database and exported to Excel for analysis.

Additionally, the system can provide a Total Data Report which provides a full data extract from the system in Excel and will allow authorised customer staff to build their own dashboard reporting through dashboard software.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
Other protection within supplier network
The data is protected within the system by user profile, along with secure N3 connection to the data, which is held within a secure UK-based data centre compliant with ISO27001.

Availability and resilience

Guaranteed availability
We use all reasonable efforts to ensure the service (excluding for the duration of any event of force majeure) will have a minimum Uptime of 99.95% at all times. Uptime is calculated monthly over each calendar month, using the following formula:

U% = (S-D)/S x 100
U% = Uptime Percentage
S = Available Usage Hours per calendar month, within the service provision time.
D = Downtime aggregate hours (excluding any period of force majeure).
Scheduled downtime may occasionally be necessary to carry out essential maintenance or network upgrades. This will be kept to a minimum and scheduled to minimise disruption.

We have achieved all uptime targets in the last 12 months.

We aim to provide 7 days’ notice of scheduled downtime, which will be performed during a window between the hours of 19:30 and 07:30 UK-time, Monday to Friday.

In the event emergency maintenance is required, we will use reasonable endeavours to give prior warning and will endeavour to keep such maintenance to an absolute minimum.

We do not offer refunds for downtime events.
Approach to resilience
Our service is hosted by Xicon, who host our cloud platform across two data centres in the UK that are configured in a highly resilient architecture. This means that the failure of any component will not adversely affect the availability of our service. This architecture means that business continuity and disaster recovery requirements are addressed. The data centres have world class security services to protect equipment from threats and comply with all of the standards required as part of ISO27001:2013 accreditation. Further information is available on request.
Outage reporting
All components of Broadcare's cloud platform are monitored by Solarwinds monitoring software which is set up and managed by technical engineers at Xicon (our hosting / development provider). Alerts are messaged to Xicon engineers (P1) and emailed to Xicon service desk (P2 and P3). Proactive monitoring of alerts (including text alerts for P1 incidents) is undertaken 24*7. Customers are notified by phone or email as necessary in the event of an outage affecting access in normal working hours.

Identity and authentication

User authentication needed
User authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access to the Broadcare system is requested through an email to our in-house support team. New user requests must be approved by a designated manager from the customer's team. Initial log-in details are sent to the new user via email and the new user is prompted to verify the email and change their password immediately. Thereafter, access is only available through the secure log-in process.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
BroadCare operates the following:

-Information Security Policy
-Confidentiality & Data Protection Policy
-Information Governance Policy
-Records Management Policy
-Privacy Impact statement

The Board leads on IG and is responsible for ensuring all necessary support/resources are available for effective policy implementation. Our Senior Information Risk Owner (SIRO) leads on Information Security matters. Our Caldicott Guardian leads on Confidentiality and Safeguarding matters.

The Board is responsible for accessing/providing specialist advice and support on all aspects of IG, reviewing policies and ensuring they are updated in line with changes in legislation and best practice.

Employees are trained on all the policies listed above during induction and on a scheduled basis to refresh their knowledge. Thereafter they are responsible for ensuring compliance with all policies, and for seeking appropriate advice and guidance where required.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our configuration/change management process ensures all changes are recorded/evaluated/authorised/prioritised/planned/tested/implemented, documented/reviewed in a controlled manner.

Change Requests are assessed for impact/resource requirements before being considered by the Change Advisory Board (CAB). Identification of related systems/components affected by proposed changes/input from other affected groups may be required.

If acceptable, the CAB will authorise. Once implemented, it will be reviewed/closed once acceptance criteria are met.

Change categories:

1. Service
2. Normal
3. Emergency
4. Major.

Major changes are referred to the IT Steering Group, then raised as projects with their own business case/project team/budget.

Emergency changes are fast-tracked via an emergency (CAB) meeting.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Patches to the hosted platform are deployed in scheduled maintenance windows by Solarwinds. This software contains detailed release information for all software patches made available by the major software vendors allowing our hosting provider Xicon to selectively release/apply patches based on category.

Threats to the Broadcare software, our email system and local devices including firewalls, etc, are identified via a number of methods including real-time/continual monitoring using Solarwinds MSP Service Desk software.

Potential/actual threats are dealt with immediately by our IT team, in consultation with directors.

Threats are logged centrally and discussed at a monthly IT Governance meeting.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The Data Centre and Broadcare system are protected via firewall configurations, monitored in real-time using Solarwinds MSP Service Desk software.

For the hosted platform, Xicon identify potential compromises via Solarwinds monitoring software. Alerts are generated to the Xicon service desk by email and to Xicon engineers by text (depending on severity) P1 alerts are responded to within 15 minutes P2 alerts are responded to within 3.25 hours P3 alerts are responded to within 47.25 elapsed hours. The Xicon team will notify Broadcare as soon as a compromise has been verified, to allow us to plan next steps, including notifying customers.
Incident management type
Supplier-defined controls
Incident management approach
BroadCare has a Recovery Process Plan for serious incidents (defined in our Incident Reporting policy/plan):
• Discovery/communication of incident
• Form Executive/Coordination Teams to assess extent of incident
• Decide on Recovery Strategy
• Form Recovery Teams
• Follow Checklist for selected Recovery Strategy
• Return to Normal Service once resolved

Our policy/plan includes processes for common events including those relating to potential security breaches (unauthorised access/hacking incident/data loss, etc).

It instructs users on how to report incidents/to who/how quickly, and describes investigation/remedial action processes followed after a report is made.

A register is kept of all incidents/recoveries/outcomes/lessons learnt.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Connected networks
  • NHS Network (N3)
  • Other
Other public sector networks
NHS Spine


£21500 per licence per year
Discount for educational organisations
Free trial available
Description of free trial
We provide one month's free trial version of a test environment.

For customers wishing to access a demonstration, a tailored environment will be set up and log-ins provided to allow users to explore the functionality in relation to their own requirements.
Link to free trial

Service documents

Return to top ↑