G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with Clinithink are still valid.
Clinithink

CLiX ENRICH for Clinical Trials - Patient Matching

For Healthcare providers who work in clinical research CLiX ENRICH is a data insights AI empowered tool which quickly searched through unstructured medical records and finds patients who meet the criteria for a clinical trial. Anonymised data shared with the Clinithink Exchange by patients to save and improve the lives.

Features

  • Automates and accelerates pre-screening eligible patients.
  • Feasibility assessment accurately est potential patient population.
  • Automated method to monitor/analyse risk for pharmacovigilance.
  • Real time access to unstructured clinical data
  • Out of the box via an intuitive user interface
  • Supported by a customised query writing service
  • Option join Clinithink Exchange network to share anonymised aggregate data

Benefits

  • 10X more eligible candidates in a fraction of the time.
  • Automates and accelerates pre-screening eligible patients.
  • Facility enabled proactive monitoring of drugs post approval.
  • Feasibility and suitability for efficient and competitive assessment for trials.
  • Search large numbers of patients records quickly to find patients.
  • Patient Matching

Pricing

£40,000.00 a licence

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at anne.quirk@clinithink.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

6 1 5 6 4 3 1 3 6 9 5 4 4 8 6

Contact

Clinithink Anne Quirk
Telephone: 07889663055
Email: anne.quirk@clinithink.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
Private cloud component runs on Windows Server 2012 R2 64-bit or higher and a minimum of 8 cores, 16GB memory and 250GB SSD.
System requirements
  • Microsoft Windows Server 2012 R2 64-bit
  • Hardware 8 core, 16GB 250GB SSD
  • SFTP access for CLiX ENRICH download
  • VPN access for installation and support
  • TLS enabled for access to Clinithink Exchange
  • Signed SSL certificate

User support

Email or online ticketing support
Email or online ticketing
Support response times
9:00-17:00 Monday to Friday support response. Tickets can be logged at any time.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Client support is provided at no extra cost, and is included in standard terms and conditions of contract. For Severity 1 issues customers may contact support via the support telephone number. For Severity 2,3,4,5 issues customers may contact Support via the Clinithink Support Portal as well as emails via 'support@clinithink.com'. When an issue is reported by a customer, the Support team will respond to the customer within the time designated by the SLA identified in the customer's contract. All clients will be provided an Account Manager and a Support Lead. Support is provided 9:00-17:00 UK Monday to Friday excluding public holidays.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Onsite training, online training and user documentation are all provided.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Standard functionality within the solution enables customer data to be extracted via either a SQL database or csv format file extraction.
End-of-contract process
At the end of the contract user accounts for the customer site would be disabled and any private cloud components of the solution would also be disabled. Customer data both in terms of input and results can be extracted from the solution as part of standard functionality.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Firefox
  • Chrome
Application to install
Yes
Compatible operating systems
Windows
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
1
Accessibility standards
None or don’t know
Description of accessibility
All non-text content has a text alternative. There is no audio or video content. Colour is not used as the only visual means of conveying information. Contrast is user controllable. All system features are operable through the keyboard. All pages have titles. All headings and labels describe a topic or purpose. Focus is visible. The content is only available in English. All navigation and components are operated consistently. Errors are described fully.
Accessibility testing
Implementations of the CLiX ENRICH undertaken to date have not involved engagement with users of assistive technology.
API
Yes
What users can and can't do using the API
Documented APIs are available which allow integration between CLiX ENRICH and other local systems. APIs provide access to clinical natural language processing and analysis capabilities, as well as the ability to load clinical narrative documentation into the system. All system set up and configuration processes are undertaken directly through the system's user interface.
API documentation
Yes
API documentation formats
Other
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Single tenant hosting provision.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data is made available via APIs and or ETL, as well as SQLite database or csv file extractions.
Data export formats
  • CSV
  • Other
Other data export formats
SQLite
Data import formats
  • CSV
  • Other
Other data import formats
  • HL7
  • Alternative formats supported through Mirth Connect

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The SLA provided for the service is availability between 9:00 and 17:00 Monday through Friday, excluding public holidays.
Approach to resilience
This information is available upon request.
Outage reporting
Email alerts will be sent to all registered users.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Management interfaces and support channels are restricted through the use of usernames and passwords with additional capabilities requiring dual factor VPN access.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
HIPAA

Security governance

Named board-level person responsible for service security
No
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
HIPAA
Information security policies and processes
Clinithink has an Information Security Policy and an IT Code of Practice which are reviewed by each employee as part of induction and signed as reviewed before any access is granted to Clinithink systems. The Clinithink HIPAA Manual sets out policies and procedures relating to technical, physical and administrative controls in support of the HIPAA legislation. As part of HIPAA and annual risk assessment is undertaken and reviewed covering physical, technical and administrative safeguards. All employees undergo compulsory HIPAA training as part of induction and annual HIPAA refresher training. HIPAA compliance is backed off to a HIPAA compliant hosting partner armor.com Clinithink has an appointed Privacy and Security Officer.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our hosting provider Armor employs CSA CCM configuration and change management covering the data centre, associated IaaS and SaaS capabilities. Clinithink layers on top of this change control to manage the change of services provided to Clinithink customers.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Threats at the hosting level are assessed on an ongoing and pro-active basis by our hosting partner Armor conforming to CSA CCM v3/SSAE-16. The exact details are subject to non disclosure. Threat testing is undertaken regularly in relation to the Clinithink product components of the service. Issues identified are mitigated inline with their severity and impact. Monthly vulnerability testing of the overall service take place utilising industry standard independent cyber risk management software.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Protective monitoring of the service is provided by our hosting partner Armor. Full details of this are subject to non disclosure.
Incident management type
Supplier-defined controls
Incident management approach
An incident can pertain to a number of areas across the service. Incidents from our customers will be raised with the Clinithink Support team through phone, portal or email and logged on our industry standard system. Common FAQs are available through this system also. Should an incident relate to the hosting then it can be escalated to Armor.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£40,000.00 a licence
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at anne.quirk@clinithink.com. Tell them what format you need. It will help if you say what assistive technology you use.