Clinical Decision Support (CDS) Software

Clinical Decision Support (CDS) cloud hosted Software-as-a-Service solution. Solution leverages Royal College of Radiologists (RCR) iRefer Appropriate Use Criteria guidelines. Solution integrates to existing Electronic Health Record (EHR) systems using healthcare interoperability standards.


  • Real-time Clinical Decision Support
  • Software-as-a-Service Cloud Offering
  • Healthcare Interoperability standards
  • User Authentication
  • EHR Integration
  • CDS Web Portal
  • CDS Analytics and Business Intelligence Reporting
  • CDS Authoring Studio Rules Engine


  • Enhance clinical decision-making processes with evidence based guidelines
  • Seamless integration into existing clinical workflows
  • Deliver evidence-based imaging requests at point of referral
  • Single knowledge base that supports quality improvement program
  • Minimise exposure of patients to unnecessary radiation
  • Reduce repeat and unnecessary imaging tests


£9800 to £53200 per licence per year

Service documents

G-Cloud 11



Martin Kepa

+44 (0) 203 950 9801

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints -Microsoft Azure Platform as a Service
-Microsoft technology stack (MS SQL 2016, IIS 8)
-Planned maintenance determined based on customer requirements
-99.9% Uptime Service Level Agreement
System requirements
  • Internet Connection (1Mbps or higher)
  • Internet Browser (Internet Explorer,Chrome, Firefox,Edge)
  • Firewall access to public URL

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Monday through Friday, excluding Statutory holidays, 8am to 5pm are standard business support hours. Level 3 severity issues within 4 hours during business hours. Level 2 severity issues within 2 hours during business hours. Level 1 severity within 1 hour on a 24/7 basis.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Priority 1(Urgent) – User cannot perform basic functions; financial or patient care negatively impacted; no workaround is available. Response within 1 hour on a 24/7 basis. Resolution target within 3 hours.
Priority 2(Important) – User can perform basic functions; some features are unavailable; some features are unavailable or loss of effectiveness and efficiency is evident; temporary workarounds are available. Response within 2 hours during Business Hours. Resolution target within 24 hours.
Priority 3(Routine) – User can perform materially all functions; minor inefficiencies, loss of effectiveness, or opportunity for improvement is evident. Response within 4 hours during Business Hours. Resolution target per mutual agreement with client.

The 3 support levels are included in standard pricing model. Issue resolution is managed by assigned support desk resource who engages applicable MedCurrent team members to resolve issues.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Kickoff meeting with key project team members to outline roles and responsibilities. Online training via remote web session, user training videos and user documentation provided as part of standard offering. Onsite training using train the trainer methodology is provided for upto 10 customer participants as part of standard service offering, subject to additional travel costs. Additional training can be provided based on customer requirements based on standard rate card.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Customer requests MedCurrent through service ticket to make a copy of customer DB instance and provide to customer via a compressed, encrypted format. MedCurrent will securely send client DB instance using secure technologies, e.g. SFTP, with encryption in transit and at rest. Users can also extract specific data using Analytics tool into CSV format as required.
End-of-contract process At end of contract, client's MS Azure instances will be turned off and not accessible. If required, client DB will be backed up and sent securely to client. Following contract end, client CDS software instance will be permanently deleted, unless client requests other instructions, at a nominal professional services cost, to be determined based on specific requirements.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Due to screen resolution differences between desktop browsers and mobile browsers, depending on the tablet size, users may be required to scroll screen to view all content. MedCurrent works with customers to recommend ideal mobile tablet screen resolutions to address business needs.
Customisation available Yes
Description of customisation Colour scheme, logos and other graphics can be customized. Translations and/or edits of existing user interface labels can be updated per client request. Medcurrent assesses specific customer customization requirements and performs user interface customization as required and/or where supported. In addition, the Authoring Studio component of the solution permits creation and customization of client specific clinical decision support business rules/pathways if required by customer based on specific organizational workflows. Analytics reports can also be user defined using provided GUI.


Independence of resources Each customer has their own MS Azure production environment instance that is scaled based on data volume, load, etc. If load is exceeded, the cloud hosting provider can be set to scale up resources as required to avoid performance impacts.


Service usage metrics Yes
Metrics types Metric #1 – Resolution of Issues . The metric for resolution of issues for a given Month is the number of Tickets Resolved within the Resolution Time Target during the Month divided by the total number of Tickets Resolved in the Month (the “Success Ratio”). 95% Target.
Metric #2 - Availability. Availability during periods of Planned Availability divided by the Planned Availability as measured each Month. 99.9% Target.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Using Analytics tool GUI, users can export data in CSV format. Additional data export requirements will require professional services based on specific requirements.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats MS Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.9% Uptime. Availability during periods of Planned Availability divided by the Planned Availability as measured each Month. Pro-rated service credits provided to customer if SLAs are exceeded. Client has option to cancel subscription with 30 days notice at any time.
Approach to resilience MedCurrent leverages MS Azure resiliency practices. Additional details provided at
Outage reporting MS Azure automatically triggers any outage notifications and sends automated email to MedCurrent service and support desk. MedCurrent informs clients of outages via email. If not response from client within 1 hour of email notification, MedCurrent contacts client resource via telephone to inform of outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Role Based Access Control for user access. Secure VPN connections where required.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards HIPPA
Information security policies and processes Annual certification and training of MedCurrent team to HIPPA standards through third party organization (Compliancy Group). Includes additional resources for GDPR compliance provided through Compliancy Group.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach MedCurrent follows SDLC principles using Kanban approach leveraging Atlassian and JIRA services. Newly developed components are assessed for security vulnerabilities using third party open source toolkits.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability assessment managed through MS Azure vulnerability services. Specific MedCurrent product patches are developed as soon as significant vulnerability is discovered and patches are released to clients in real time on existing MS Azure instances.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Urgent incidents, such as vulnerabilities, have a 1 hour response time 24/7. If compromise is discovered, clients are informed and solution is turned to read-only mode and/or completely shut down depending on the incident pending additional investigations.
Incident management type Supplier-defined controls
Incident management approach MedCurrent Professional services team owns Standard Operating Procedures (SOPs) around incident management that outline all aspects of incident management and reporting. SOPs available upon request.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £9800 to £53200 per licence per year
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑