MobiMed Smart provides paramedics with an electronic Patient Care Record, ePCR, using a structured workflow and support that enhances the clinical decision making process. The eCPR in combination with vital signs monitoring ensures that the patient gets the right care, at the right time, in the right place.
- Smart-card login
- Summary Care Record (SCR)
- Personal Demographics Service (PDS)
- Monitoring with clinical background from cardiac critical care
- Easy to configure/adapt to any clinical standard.
- Integrate with CAD, Defibrillators, information systems at hospitals
- Web browser
- Dynamic reports for Hospital and General Practitioner output form.
- Camera support - taking/incorporating images in the ePR and reports.
- Vital signs are automatically transmitted monitoring to the ePR.
- Facilitates collaboration between paramedic and receiving hospital
- Comprehensive set of fields, supporting adaptation to working practices
£50 per licence per month
- Free trial available
Ortivus UK Ltd
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||MobiMed Smart VSM for performing high quality vital signs monitoring can be extended with MobiMed Smart ePCR, or vice versa.|
|Cloud deployment model||Private cloud|
|Service constraints||Ortivus will schedule and plan any necessary maintenance or releases / upgrades with customers to ensure minimal service disruption.|
|System requirements||Windows based|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Ortivus Support mailbox is monitored during normal business hours, 9am-5pm GMT/BST, Monday to Friday (excluding Bank Holidays) and all emails are responded to within 24hrs. Ortivus also provide an online service portal which is available 24x7 through which customers can raise Incidents and Service Requests.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 AA or EN 301 549|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||1st line call qualification and validation is typically performed by the Customer who would receives incoming calls from the end users and would attempt to resolve incidents in the first instance. Ortivus provide 2nd and 3rd line support for incidents raised that are unable to be resolved by 1st Line.|
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||We can customise training for starting organisations - primarily onsite training, with provision of user guides and materials. The service also mirrors the live service with the provision of training server, so that organisations can arrange for user education in a 'safe' environment.|
|End-of-contract data extraction||At the end of contract customer data will be transferred in XML format. There is also an option of a continuous integration transfer during the contract period.|
|End-of-contract process||Data in XML format will be provided within one month after contract end. Ortivus can also supply the data according to specific schemas and formats as requested by the customer. That would incur an additional cost depending on the details of the request.|
Using the service
|Web browser interface||No|
|Application to install||Yes|
|Compatible operating systems||Windows|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Clinical Workstations are the desktop, intended for Acute use, receiving ePCR, notifications, alerts etc.
Mobile version is ePCR, primary method for completing ePCR, and alerting Acute.
|Accessibility standards||None or don’t know|
|Description of accessibility||EPCR client software installed on Windows tablet, allows for fully customised data entry of patient assessment/treatment information.|
|What users can and can't do using the API||MobiMed Smart includes a web service API that can be used to consume ePCR data. The API is available on the server side. Bandwidth and polling frequency restrictions apply and depend on the infrastructure chosen.|
|API documentation formats|
|API sandbox or test environment||No|
|Description of customisation||
The MobiMed Smart ePCR is completely customisable and can be tailored to the customer need and processes.
Customisation can be managed solely by appointed users at the customer. This presupposes using the Ortivus SDK along with associated training. Ortivus also provide ePR configuration work at cost.
|Independence of resources||By making sure that the user demand is not exceeding system capabilities and by continuous monitoring of the service resource utilization. The service is designed to minimize the impact of any malicious user actions.|
|Service usage metrics||Yes|
|Metrics types||Online service usage metrics are provided for the organisation operating the servers. Service reports can be provided for customers on a monthly basis.|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
MobiMed Smart comes with several options for data export:
1) XML WebService intended for system integration of ePR data.
2) Data Warehouse intended for business reporting and intelligence.
3) Integration framework intended for system integration with downstream systems. Specific integrations come at additional cost.
|Data export formats||
|Other data export formats||
|Data import formats||Other|
|Other data import formats||None|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||The service is provided to 99.6% availability with Service Point penalties in place for any deviation. This is based on incident severity with any Service Points accrued on a sliding scale.|
|Approach to resilience||Available on request|
|Outage reporting||Service outages are communicated according to an agreed communications matrix which would include email alerts and telephone notifications depending on severity.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||Mobile access can also be restricted to specified sim-cards.|
|Access restrictions in management interfaces and support channels||Management interfaces only run locally within the data centre. Data Centre access is restricted to appointed personell using two factor authentication over VPN link.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Intertek Certification AB|
|ISO/IEC 27001 accreditation date||12 December 2014|
|What the ISO/IEC 27001 doesn’t cover||No exclusions|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Standard security policies and processes are in place and are reviewed as part of regular ISO auditing.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Ortivus have implemented Change Management, Release and Deployment Management procedures. All Requests for Change(RFCs) go through an initial risk assessment with Quality and compliance officers and when risks, clinical safety and security verifications have been clarified, appropriate actions and requirements on the RFC are initialized.
Customer approvals are handled through established governance structures involving all relevant stakeholders. The main interfaces being the Operational Board, the Project Board and the Steering Board depending on the RFC.
All assets, documents, training and configuration changes are constantly updated within the Asset Management module within the service management tool following standard ITIL V3 procedures.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Potential threats and vulnerabilities are assessed to determine deviations from acceptable configurations. Risk assessment is carried out and recommendations or appropriate mitigation countermeasures are developed in accordance with stakeholder agreements. Evaluation of network vulnerability and the risks associated with external connections is done through risk assessment by security specialists.
Patches are identified and applied in accordance with customer and authority agreements.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Potential compromises are identified through screening of servers, firewalls, routers and devices for system control and system administrations carried out on a weekly basis. This includes checking the content of the access logs and logs from intrusion detection.
Audit logging is enabled to identify all successful and failed logins, and logouts. Logs are retained for a minimum of six months and in the event of an incident, logs can be made available to the appropriate authorities such as HSCIC for investigation.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Incidents will be addressed in accordance with the Information Security Policy, which is ISO 27001 compliant and includes appropriate escalation and resolution activities.
In the event of an actual or suspected incident, weakness, or problem which may have an impact on any aspect of the service, the Information Security Officer will be informed promptly.
Incidents may be escalated to other parties including NHS, HSCIC, and any other affected body and any corrective action identified during incident resolution will be added to the improvement plan.
Security incidents will be reported and corrective actions tracked as part of the monthly performance reporting.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Connected networks||New NHS Network (N3)|
|Price||£50 per licence per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||A local test installation to be evaluated during a period of up to 6 months. Only MobiMed licenses are included, cost for hardware and 3rd party licenses not included.|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|