Advanced Referral & Triage - ART

psHEALTH's Advanced Referral & Triage - ART supports NHS and private healthcare organisations with managing large volumes of referrals more efficiently. Intelligent integration, automation and workflow streamlines the process eliminating time consuming tasks and saving cost.


  • Emails are automatically extracted, structured and presented in ART
  • Integrate with NHS e-Referral to extract and book referrals
  • Referrals are automatically validated
  • Scanned pdfs and images converted to machine-readable text with OCR
  • Triage engine provides safeguarding measure
  • Flexibly incorporate changes to triage by adding new rules
  • Role based access control and groups allow for distributed working
  • Keep a local DOS and easily implement change
  • Use of system rules to direct referrals allows on-going fine-tuning
  • Real-time reporting accessed through a dashboard


  • Reduce staff cost
  • Ensure consistent approach
  • Support referrers using a range of referral methods
  • System workflow helps manage referral along prescribed pathway
  • Clinical triagers only receive referrals matching their competency
  • Flexibly introduce new stakeholders or services
  • Ensure only appropriate referrals reach secondary care, relieving pressure
  • Enhance the use of new, more cost effective pathways
  • Provide referrers and other stakeholders with valuable MI
  • Ensure compliance with commissioning policy


£0.83 to £1.75 per unit

Service documents

G-Cloud 9



Josh Murray

0845 50 50 120

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints We have scheduled maintenance - and will notify customers with enough lead time
System requirements Web browser only

User support

User support
Email or online ticketing support Email or online ticketing
Support response times PsHEALTH support is available 09:00-17:30 Monday-Friday. Tickets are dealt with according to their priority.

1) Critical - 4 hours to completion
2) High - 8 hours to completion
3) Medium - 32 hours to completion
4) Low - 64 hours to completion
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels PsHEALTH's support desk can be accessed Mon-Fri between the hours of 09:00-17:30. The support desk is contactable via an online ticketing system or telephone. This team is also responsible for remote ongoing maintenance.

In addition to the support team customers will be assigned an account manager who will hold regular calls with the customer. The account manager is also responsible for leading a quarterly review meeting with customers.

At the review meetings, we will work with the customer team to analyse the effectiveness of the solution and assist in interpreting the Management Information. We will also collect feedback which will be fed into our product road-map for future improvements and new features.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started During deployment we conduct training face to face and via WebEx. User documentation is available to customers.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction A combination of APIs and database extraction - based on requirements. This is written into our standard contract.
End-of-contract process At service end we'll draw up an off-boarding plan for the customer

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No difference. Solution renders on our native app
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Independently verified
What users can and can't do using the API Users can initiate and update workflow. There are minimal restrictions - these are based on individual customer requirements.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Buyers can customise clinical pathways and selection values


Independence of resources Solution is designed to automatically scale - based on performance thresholds


Service usage metrics Yes
Metrics types Number of referrals processed by user.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users (can be super users) can export data to csv or excel via report writer.
Data export formats
  • CSV
  • Other
Other data export formats Excel
Data import formats
  • CSV
  • Other
Other data import formats Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Our solution is only accessible via web browser over https

Availability and resilience

Availability and resilience
Guaranteed availability Our standard offering is 99.95% availability
Approach to resilience It's available on request
Outage reporting Email and text alerts to named contacts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Our solution has a strict role based access control security model. This restricts access to functionality by role.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QAS International
ISO/IEC 27001 accreditation date 24/02/2017
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations NHS IG Toolkit accredited

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Follow ISO27001 w annual re-certification. Reporting to Operations Director.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Formal change management process in place - through our methodology, psMethodology. Each change has an associated ticket number. Any change goes through a formal change impact assessment covering both functional and nonfunctional requirements, including security and clinical assurance
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We have an internal audit programme, which is used to monitor and manage our service delivery. Patches are typically deployed monthly or ad hoc for critical patches.

We have an alerting process with our hosting provider. We also subscribe to various alerting services.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We use real-time monitoring tools - in addition to internal audits. This is part of our ISO27001 processes. Issues are classified in terms of severity.

Also see SLAs.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach As part of our ISO27001 we have a formal incident management process. This is reviewed and tested annually. Users can report incidents our support portal. Incident reports are provided to named contacts with in a customer.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.83 to £1.75 per unit
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑