G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with CareWorks Limited are still valid.
CareWorks Limited

CareDirector Social Care Case Management

CareDirector is a comprehensive health and social care case management system. It is an enterprise grade, modular system used by health and social care organisations to manage their electronic patient recording needs. The solution comprises case recording, business intelligence, finance and numerous specialist modules in an integrated care platform.

Features

  • User-friendly
  • Accessible
  • Easy to integrate
  • Real-time reporting
  • Customisation layer
  • Forms engine
  • Dashboards & Graphical Data Visualisation
  • Mobile Apps
  • Portal Platform
  • Built-in Finance modules

Benefits

  • Intuitive user interface, reduces training and improves efficiency
  • Accessible from multiple browsers and devices. Tested to accessibility standards
  • Open API’s, FHIR standard, REST Service and HL7
  • Interactive charts and lists customisable by the user
  • User defined forms, views, charts, dashboards and workflows
  • Form design engine with capable of building sophisticated dynamic forms
  • Dashboards incorporating interactive charts and lists with drill-down capability
  • Online/Offline capability with support for Android, Windows and iOS
  • Resource directory, provider and citizen portal capability with CSS styling
  • Financial assessment, invoicing and payment management

Pricing

£250 to £500 a user a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@a5c1fd0c-310d-4e28-8b92-7f70be96066f.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

5 9 3 4 0 9 5 1 3 3 1 6 5 4 9

Contact

CareWorks Limited <removed>
Telephone: <removed>
Email: <removed>@a5c1fd0c-310d-4e28-8b92-7f70be96066f.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No
System requirements
  • Windows Edge, Firefox and Chrome
  • Support for Active Directory and CareDirector proprietary authentication schemes
  • Window 7 and Windows 10
  • Office 2013 or 2016 for Excel and Mail Merge integration

User support

Email or online ticketing support
Email or online ticketing
Support response times
CareWorks helpdesk allows customers to log and track progress of support call , access product, technical knowledge and documentation 24 hours.

This is performed through the web-based customer portal. The portal allows customers to view relevant information, track the progress of individual questions, support performance during a period and communicate with the team.

Once a question is raised through the portal, the main objective is to find a satisfactory answer ASAP. Questions are answered during core business hours only as defined in the SLA and target times for responses can be tailored within the SLA.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
CareWorks provide a comprehensive support service in line with the requirements of our enterprise grade customers, may of whom are government organisations.

CareWorks operate an ITIL standard support service with both online and telephone support underpinned by automated helpdesk system and associated procedures.

CareWorks offer a range of support levels as follows:
Standard Business Hours (9am-5pm) - As per Pricing Schedule
Extended Business Hours (7am-7pm) - On Request
24 x 7x 365 Hours (24 hour) - On Request

CareWorks provide a technical account manager as part of the standard support offering. They are responsible for acting as the primary contact for all account management and support related issues.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We help users to get started by providing them with access to a series of video tutorials which show them ‘how to’ complete the common tasks using the system.

We provide user manuals and product documentation.

Online and Onsite training are also available for a fee.

Data migration, business-process consultancy, configuration, customisation, project management and technical set-up services are all available at the standard day rates.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
As part of the contract we could agree an exit strategy and plan. That would describe an agreed set of chargeable services which we would provide to extract data for transfer to the customer in a suitable format.
End-of-contract process
Within 30 days of either party issuing notice of Contract Termination or 120 days before Contract expiry, CareWorks undertakes to provide the customer with a written specification and pricing for subsequent extracts of the customer’s data pertaining to this Contract, hereafter referred to as the ‘Data Extract Specification’.

On the day of Contract Termination, CareWorks will provide to the customer one full set of system data including but not limited to client data, user data and reference data, in accordance with the structure and format detailed in the ‘Data Extract Specification’.

If the customer requires additional data extracts in accordance with the ‘Data Extract Specification’ then CareWorks shall provide these data extracts on a Time & Materials basis at the day rates provided, to a schedule agreed by both parties.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The mobile version is a cut-down version of the desktop version. The CareDirector Mobile client supports paperless futures by providing mobile users with information on their workloads, clients and appointments whilst on the move removing the need to print off details prior to leaving the office. It also allows the local authority and partners to complete assessment forms and case notes on the move plus the collection of mandatory signatures on forms using the mobile device screen. Photos of documents can also be taken and uploaded to the client record.
Service interface
Yes
Description of service interface
The service interface has multiple graphical user interfaces- desktop, mobile and portal. The application is web based. User-led design provides CareDirector with an inherent usability derived from its familiar look and feel. CareDirector uses graphics, icons and colours to make it easier to use and intuitive navigation structure to provide a consistent methodology throughout the system.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
CareDirector has been tested by users of:
• Supernova: a screen reader and magnification application used by those with low or no vision
• ZoomText: a magnification application used by those with low vision
• JAWS: a screen reader used by blind people to access Web pages
• Dragon NaturallySpeaking: voice activated software used by those that do not use a conventional input device such as a keyboard or mouse.
• Switch Access: used by those with severe mobility impairments such as Cerebral Palsy to input commands to a computer.

CareDirector user testing has been carried out by carried out by people with a range of disabilities including:
• Blindness or visual impairment
• Deafness
• Colour blindness
• Hard of hearing
• Autistic spectrum disorders
• Dyslexia
• Mobility impairment
• Learning difficulties
• Cognitive impairments

CareDirector has been integrated with the text-to-speech tool from ReadSpeaker, this tool’s features include:
• Read entire content area of page, or
• User can select text to speak
• Current word being spoken is highlighted
• Multiple languages
• Usage statistics
API
Yes
What users can and can't do using the API
The CareDirector API supports two-way communication including Create, Read, Update and Delete (CRUD) operations. This allows users to make changes through the API including the creation of contact records and updating of existing service user and case details. Data retrieval is also supported which includes case delivery information, such as service user contact and demographic details in addition to case summary and status information.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The customisation suite allows system administrators to do the flowing:
• Add new Data Placeholders (fields) to the records
• Modify the Forms for each record type including fields, sections and tabs
• Modify and Create new Views of the data
• Create new Relationships with other data types
• Create Data Mapping to pass data from one record to another
• Create entire new Record Types to support other processes
The customisation processes all take place in a purpose designed user interface without the need for managing manual changes to the database or resorting to code.

The Customisation Suite enables the customer to customise the system locally to meet additional requirements. So, even if you require an additional data field added to a screen or would like to change the layout to facilitate a new business process, these changes can often be made locally without the need for recourse to the supplier.

Scaling

Independence of resources
CareDirector is built on a platform that provides enterprise levels of scalability and performance. With virtualisation, multi-tenancy and hosting options, organisations can maximize hardware utilization and increase their capability to deliver superior application performance and scalability while simultaneously reducing costs.

CareDirector is designed to meet enterprise performance and scalability requirements and can be cost-effectively optimized and tuned using readily available resources and tools. CareDirector is built on the powerful and scalable Microsoft SQL Server platform. Microsoft customers are using Microsoft SQL Server today in multi-thousand user deployments and expanding those deployments to include tens of thousands of users.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Subject to security permissions, a user can easily export data from CareDirector to Excel. A data export button is embedded into screens with a list of data. Lists of records are created by ad-hoc searches, views and reports. This means that users can create their own data views using our simple to use interface, add or remove columns from those views and save views for reuse later. Each time a view is reused, the latest information is displayed and can be exported to Excel using the ribbon bar button.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
CareDirector can be configured to support up to 99.999% availability. The CareDirector Application servers can be arranged in a high availability Network Load Balanced Cluster. If one of the CareDirector Application servers fails, then the load will automatically be taken up by the remaining application server. The CareDirector database servers also support high availability options including SQL Active/Passive or Always-On availability groups.

We would expect to agree appropriate Service Level Agreements and a Service Credit Regime based on an agreed set of service levels on a case by case basis with the relevant customer.
Approach to resilience
The CareDirector Application servers can be arranged in a high availability Network Load Balanced Cluster. If one of the CareDirector Application servers fails, then the load will automatically be taken up by the remaining application server. The CareDirector database servers also support high availability options including SQL Active/Passive or Always-On availability groups.

Data centre Disaster Recovery options are also available with failover to an alternative site.

You can set up automated backups for your SQL Server VMs and a manual backup function is also available.
Outage reporting
The CareWorks Event management procedure outlines that standardized procedure for handling of Events through the recording, classification, action definition and implementation and closure of activities. Events can be generated by means of email alarms. The event is logged on the Service Desk and reported to the customer through the Service Desk.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
CareDirector provides a comprehensive and granular level of security adopting a role-based security model. Roles can be created for different groups of staff or individual users.

The main components of the Role Based Security are:
Business Units
Teams
Security Roles
Users

Once added to the system, a user is assigned to a business unit and must provide a user name and password before access is granted. One or more security roles are added to each user which govern access to the management interface and modules within. Staff can be grouped into Teams and security roles assigned at the Team level.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials
  • NHS Data Security and Protection

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Careworks follow a remote Access Security policy that define the rules on how assets or networks are used by employees. A Change Management Policy that defines the formal policy for applying changes to a system. A security incident response Policy to deal with security related events. An acceptable use and email guidance policy. A Data security policy that outlines rules around physical security, system security, data security and internet security. Policies are reviewed each 6 months. Reporting is performed on a monthly basis to the CTO except where incidents occur which require immediate reporting.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
A change management and configure plans would be created. The remote management software implemented by Careworks and Azure contains a configuration management database. This allows an audit of changes of the components throughout their lifetime. This includes asset tracking and auditing. All changes are managed and agreed using standard ITIL change management processes and a change control board. All changes are peer reviewed to ensure are assessed for potential security impacts and other impacts.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerabilities are assessed according to our patching policy. Patch contents include critical, security, rollups and third-party updates. New updates are checked and updated weekly. Zero-day critical patches are installed immediately. Network and other hardware firmware checks are made monthly to ensure devices are running established and publicly available firmware, updated to manufacturer recommendations. A case is raised with associated priority for identified vulnerabilities. CareWorks contract a third-party to perform Penetration Testing on a yearly basis against the entire environment and full penetration testing against the application. A report is compiled identifying risks and potential impact of vulnerabilities with remediation options.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Careworks use remote monitoring software and Azure monitor to monitor all components and services. The azure security monitor and Careworks monitoring can identify potential compromises. These potential compromises will be logged as incidents and managed using incident management and change management processes. The severity of the potential compromise will be determined rating against risk, and this will determine the severity rating of the incident. This will dictate using SLAs the response time on the incident.
Incident management type
Supplier-defined controls
Incident management approach
All cases are formally recorded on the Service Desk. Incidents are managed as per CareWorks documented Incident Management process which adheres to the ITIL V3 Framework. The Incident Management process is applied to every incident regardless of what channel it was received through or time of day. The Service Desk incident supports all three recommended ITIL metrics: Impact, Urgency, Priority.
How calls are logged:
• Alerts
• E-mail
• Phone
• Web Portal
A portal allows customers to view relevant information, track the progress of individual incidents, track the support performance during a period and communicate with the team.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Pricing

Price
£250 to £500 a user a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed>@a5c1fd0c-310d-4e28-8b92-7f70be96066f.com. Tell them what format you need. It will help if you say what assistive technology you use.