Open Medical Ltd


eTrauma is a clinical platform developed by orthopaedic specialists and professional software developers for centralised orthopaedic trauma coordination. eTrauma is a cloud clinical coordination platform, which replaces the legacy based patient management tools such as whiteboards, notebooks and paper lists with digital pathways including VFC, FLS, PROMs, and PPWTs.


  • Acute trauma handover and trauma meeting management
  • Trauma referrals and trauma admissions management
  • Trauma theatre planning and co-ordination
  • Daily review notes and clinical tasks
  • End-to-end digital Virtual Fracture Clinic
  • Elective orthopaedic pathways (Enhanced recovery, Joint School, etc)
  • Digital PROMs
  • Digital PPWTs
  • Real time service metrics and analytics
  • Natural Language Processing for end-user SNOMED-CT coding


  • Improved decentralised collaboration for multi-site clinical teams
  • Discernible BOAST guideline tracking and Best Practice Tariff attainment
  • Improved, forward-planning of patient care resources (bed, theatre slots, staff,)
  • Local/remote monitoring of Trauma Take and Theatre progress
  • Visible co-ordinated tracking of trauma and elective patients inside/outside hospital
  • Handover process improvement
  • Observable reduction of adverse incidents and complains
  • Diagnosis and procedure lists for clinical audit and research
  • Generation of new service metrics, include time-of-injury-to-theatre
  • Service improvements initiated by reporting clinical code, theatre, temporal markers


£15000 to £77560 per licence per year

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

5 2 9 7 6 0 9 5 5 3 3 7 6 9 9


Open Medical Ltd

Dorota Naumiuk

0203 475 2955

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Cloud deployment model
Public cloud
Service constraints
Requires N3 or HSCN access
System requirements
IE 11+ or Chrome/Firefox/Safari browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Week days - within 8 hours. Weekends - within 12 hours.
User can manage status and priority of support tickets
Online ticketing support accessibility
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Onsite support
Support levels
Licence subscription includes:

Business-as-usual - single point-of-contact client support; managing delivery and resolution of service queries.

Extra-ordinary - 24 x 7 x 365 same-day on-site support to resolve high severity live system application related incidents.
Support available to third parties

Onboarding and offboarding

Getting started
Installation: The on-boarding program is designed to ensure minimal disruption to departmental working practices.
Week 1: A small team of trainers deployed to each department to provide full on-site, on-the-job training.
Week 2-4: Weekly one day training resource.
On-going: Training sessions coincide with the induction day of new clinical staff throughout the duration of the contract. Training assets: wall posters, eLearning video demonstrations, manuals, client support phone/email.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Contract termination does not result in service discontinuation. System remains live in read-only state.
Exported SQL files and a binary archives are generated and provided automatically.
Data extraction via JSON:API or FHIR API directly from the system is also available.
End-of-contract process
OpenMedical licenses are SaaS products.
Where recommissioning is not optioned at the end of subscription period, there are no additional costs.
The service remains available with a full read-only functionality and can be resumed at any time.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
No difference
Service interface
What users can and can't do using the API
ETrauma is a decoupled service that can be fully operated via APIs. JSON:API and FHIR APIs are available out of the box allowing all CRUD operations via basic or cookie authentication. Any authorised user of the service can make any changes allowed by their access role with no limitations.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
ETrauma out-of-the-box system pathway and interfaces modified to clinical team specifications.
The patient and clinical pathway entities are fully customisable and can be added, changed or removed (including specific data fields).
The refinements process is managed by OpenMedical's engineering team, in association with clinical team leaders.


Independence of resources
System's load balancing process automatically provisions additional VMs and containers. Upscaling system resources in response to request loads.

Furthermore OpenMedical employs a number of processor reduction techniques, including multiple cache-like layers for querying and outputs with forced tag and context cache expiration.


Service usage metrics
Metrics types
Our systems are designed to track, plan and review patient care.
Embedding coded-fields into the data-storage architecture allows OpenMedical to manipulate and present service metrics at a range of granularity levels.
Clinical; diagnosis/procedure specific data, temporal, demographic.
Health management: KPIs, referral source, time-of-day, year-on-year, service capacity/level boundaries.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Authenticated users can export their data via the JSON:API / FHR API / directly via the user interface as an CSV file.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our standard Service Level Agreement guarantees 99.9% server uptime.
Any unscheduled service outage for more than 1 hour after reporting is refunded at its full subscription price for the outage duration.
Approach to resilience
Available on request
Outage reporting
The service reports any outages via a public API, by email alerts to all clinical team leads and nominated secondary addresses.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
Client determines access requirements to match their specific organisational needs.
Role-based and team-based access system manages system's restrictive access controls, constraining user functionality assignment; including writing, editing and viewing.
Team-based permissions are dependent on data-originating teams. Role-based access restricts system-wide processes and data such as management, user-auditing and interface channels.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • N3 Assurance
  • IG Toolkit

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
N3 Assurance and NHS Digital IGT
Information security policies and processes
The following policies are used to capture and monitor security: Data Protection Policy, Information Risk Policy, Information Security Policy, Network & Mobile Security Policy, Pseudonymisation Policy, Recruitment and Contracting Policy, Secure Data Transfer Procedure, eTrauma System Level Security, eTrauma Data Flow Mapping.

A dedicated team with the responsibility to monitor the above is contactable at All security policies are reviewed every 6 months internally and verified every year independently.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change management policies ensure all the changes are assessed, approved, implemented and reviewed in a controlled manner. All changes will be recorded in the service management tool following an explicit process: Recording of all changes, Classification, Risk assessment for their risk, Impact and business benefit, Approval and authorisation, Coordination for implementation of changes, Post implementation review, Post implementation feedback.
Vulnerability management type
Vulnerability management approach
The vulnerability management process follows a mandatory workflow:
- Preparation
- Vulnerability scan
- Remediation actions definition
- Remediation actions implementation
- Vulnerability scanning
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Compromise scanning: Three-way data surveillance, including database and binary data tracks identification alteration. Daily reconciliation of all IP access logs outside the N3 network.
Compromise response: Suspected authentication/access or integrity immediately escalated to engineering and infrastructure team for assessment and action.
Confirmed compromises: Reported as per the Information Risk Policy to SIRO, senior management, ICO, NHS Digital and the client organisation Information Security and IG teams.
Incident management type
Supplier-defined controls
Incident management approach
Recorded incident reporting and pre-existing incident response processes are in-place.
All incidents and adverse events are reported and recorded according to Information Risk Register Policy and cross-referenced to the Disaster Recovery and Business Continuity Plans.
IG SIRIs will be managed in accordance with the Incident Management Procedure.
All incidents are reported to SIRO, senior management, ICO, NHS Digital and the client organisation immediately.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)


£15000 to £77560 per licence per year
Discount for educational organisations
Free trial available
Description of free trial
Universal four-month trial period.
Full access to system.
Includes evidence based service improvement evaluation.

Service documents

Return to top ↑