Electronic Patient Record Solution
PatientSource is a clinician-designed Electronic Medical Record solution for hospitals and community care.
Features:
Case Notes
PAS
Observations
ePrescribing
Investigations
Electronic Discharge
Auditing
Bed Management
Patient Direct
Health IoT
Health Artificial Intelligence
Health Machine Learning
Health Automation
Health Integration
Integration Engine
Instant Clinical Messaging
Health Clinical Consulting
Health Strategy
Features
- Designed by doctors Built by the people from the NHS!
- Tablet-compatible - Take it right up to the bedside
- Works on tablets, laptops, desktops without needing installation.
- Cloud-based Massively reliable, automatically backed up.
- Powered by AI Artifical Intelligence to assist diagnosis.
- Excellent value Built on modern, battle-hardened Open Source components.
- Modular - Take just the parts that you need.
- Patient portal - Patients can review their record from home.
- Per user, per month subscription pricing.
- Single Clinical user interface - Integrates other solutions.
Benefits
- Front-line staff find it really easy to use.
- Empowers the keeping of contemporaneous clinical notes.
- Minimal IT Team intervention required. Quick to install.
- Never worry about running the infrastructure yourself again.
- AI: detect deterioration and forecast resource usage.
- Low cost, high value. No hidden licence fees.
- It will interoperate with other clinical and information systems.
- Patients and carers engaged and empowered in self care.
- No capital, low risk only expand if solution is right.
- Reduce clinical risk. Ease of training. Information always available.
Pricing
£10 to £120 a person a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 10
Service ID
6 3 7 2 9 2 9 7 3 8 4 3 5 3 5
Contact
PatientSource Ltd
Lee Francis
Telephone: 01223851273
Email: sales@patientsource.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- Our services are designed to be ultimately flexible and mould to the customers needs. No constraints apply when using any of our cloud deployment configurations. On-site server deployments may have variations in the SLA.
- System requirements
-
- Customer has to run a modern internet browser.
- Robust and comprehensive Wi Fi coverage for handheld device use.
- Robust and comprehensive Information Governance framework and training.
- Resilient connection to the internet with sufficient bandwidth.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
With it being a clinical application we have tiered incident response times which can be set to the individual customer requirements.
24/7 - 365 Service desk provided by our partners - P1 incident response times available.
Response times are not different at weekends. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.0 A
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
PatientSource specialises in highly functional and cutting edge clinical software.
We utilise partners who are experts in their field of Service Management and support.
Our partners include:
Capita
Insight
TrustMarque
PA Consulting
PatientSource will act as a strategic partner to customers, helping them assess each partner and their support offerings against the PatientSource modular functionality they are taking and any future road map considerations for the best fit.
Pricing is very flexible and tuned to the unique characteristics of the PatientSource modular solutions and incident report times selected.
If a customer has a preference for a support provider we are not currently partnered with, or they are already in contract with a service provider, PatientSource is open to considering extending the partnership scheme to the entity, providing they meet our exacting standards. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
PatientSource take a consultative approach, from first engagement, we host as many conference calls and in person meetings to describe and demonstrate the full range of PatientSource modules.
Alignment is made to the customers aspirations, including any potential 3rd party vendors to complement PatientSource functionality. This will also include future road map considerations.
A high-level functional description is created, reviewed and approved by all parties forming a key component of the Prince 2 – Project Initiation Document.
Iterative agile cycles of customisation and any bespoke coding are undertaken before a production version of PatientSource is offered for end user acceptance testing.
PatientSource can train end users directly, or a more efficient way is for Train the Trainer sessions to empower the organisation for self-sufficiency in the future.
Comprehensive end user focused training documentation, videos, blogs, messages from the customer senior management team are produced and shared online and whichever mediums work for the organisation in question.
PatientSource provides floorwalking and after care support, end user positive experience is paramount. - Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- Other
- Other documentation formats
- Anything the customer requires, we are very flexible.
- End-of-contract data extraction
-
PatientSource features a database extraction layer – Relevant patient information fields can be uploaded to a customer data warehouse, noting of course that the data schema and PatientSource IP must be protected.
Patient data can be exported to PDF enabling the customer to host in an EDM solution.
A one-off fee at the end of the contract will provision a read only “static” copy of PatientSource, the configuration and patient data held as per the day of contract expiry. This can take the form of a “mothballed” instance on the Microsoft Azure cloud, consuming only storage resources (payable by the customer) or a look up read only version, consuming both compute and storage. - End-of-contract process
-
PatientSource will provide an automated PDF extract of each patient registered in the customers PatientSource instance within the price of the contract.
PatientSource will provision access to the database abstraction layer within the price of the contract. PatientSource will assist the customers information team in designing an interface and export routine for a reasonable time and materials charge.
PatientSource will provision a stand alone, read only “snapshot” version of the solution as it was presented on the final day of the customer contract. This will attract a charge for the provision and a monthly storage and compute charge for the hosting on the public cloud.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
PatientSource intelligently renders to the mobile device screen size automatically.
PatientSource features stylus support, enabling signatures and annotations on clinical sketches. - Accessibility standards
- WCAG 2.0 A
- Accessibility testing
- We had a range of testers with assistive needs during our 4 year iterative development cycle inputting into the design of PatientSource.
- API
- Yes
- What users can and can't do using the API
-
We have HL7 interfaces which will work with many third party clinical systems.
Where we need to come up with something new, PatientSource Ltd employs some of the brightest software engineers who all graduated from the University of Cambridge. Our teams regularly undertake systems integration work for clients to get PatientSource talking to your third party systems.
Examples of interfaces we have achieved in real clinical environments:
TIE / interoperability platforms (such as Mirth, Ensemble and Rhapsody)
Automatic importing of blood test results the moment the results are announced by blood analysers.
Real-time operating on top of legacy Patient Administration Systems and Patient Master Index systems.
Automatic exporting of PatientSource data securely into a legacy PDF archiving system.
We don’t usually need the third party vendor’s assistance to do this, just API schema or permission to probe the third party system for tap points. - API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- ODF
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Firstly PatientSource is modular and within those modules, access provisioned to individuals within the organisation, this "system level" customisation ensures high value, a customer only ever pays for what they use, rather than one small team needing a specific module and it having to be licenced for the whole organisation.
PatientSource features a form builder with intelligent fields. Customers can (with a small amount of training) replicate their paper forms digitally.
Customers can design completely new clinical pathways once empowered with the convenience of digital forms.
Automatic alerts for monitoring thresholds can be individualised to the customers needs. PatientSource will come setup with national metrics, the National Early Warning Score for example, the customer can tweak as required.
There is an admin console featuring a powerful and comprehensive customisation tool.
Scaling
- Independence of resources
-
PatientSource scales through partners, utilising companies whose sole focus is service management or deployment to deliver to our clients.
We maintain multiple partners offering similar services ensuring we a myriad of options and are not reliant on a single supplier.
We can mandate quality metrics, swop personnel out if there are any issues holding the company contractually to account.
For the nucleus of PatientSource services, cutting edge clinical software, we maintain a collective of Cambridge educated software developers who represent the best of the “Gig Economy” working flexible contracts, bringing in experiences and ideals from other sectors in-between PatientSource contracts.
Analytics
- Service usage metrics
- Yes
- Metrics types
- PatientSource provides the facility to write custom queries to the data to populate useful dashboards to help inform care and organisational management.
- Reporting types
-
- API access
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data can be exported through a number of channels including automatic periodic export to connected systems or manual export of selected data. Formats include database extraction in SQL, CSV, or rendering as PDF.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- SQL
- Data import formats
-
- CSV
- ODF
- Other
- Other data import formats
-
- Images (JPG, GIF, PNG, etc.)
- Word DOC
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- PatientSource can be hosted within a private or public cloud. Public cloud availability terms, SLAs and financial guarantees are flowed down through the customer contract.
- Approach to resilience
-
PatientSource can be hosted within a private or public cloud.
Public cloud availability terms, SLAs and financial guarantees are flowed down through the customer contract.
Resilience levels are dependent on the selected host supplier. - Outage reporting
- Email alerts and an API can be used to report service outages
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Username or password
- Access restrictions in management interfaces and support channels
- PatientSource provides a granular permissions matrix that can be applied on both a user group or individual level ensuring appropriate access to interfaces.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Certified International Systems Ltd.
- ISO/IEC 27001 accreditation date
- 08/03/2018
- What the ISO/IEC 27001 doesn’t cover
- Devices, servers and networks physically maintained and controlled by clients.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- CSA CCM version 3.0
- ISO/IEC 27001
- Information security policies and processes
-
The PatientSource architecture has security and confidentiality “designed in”. We employ a security architecture following the best practice recommended by Bruce Schneier.
We are ISO27001 certified. All patient data is encrypted at rest, and in transit.
Relevant certifications:
● ISB 0129 (Clinical Safety) compliant
● ISO 9001
● ISO 14001
● ISO 27001
● MHRA Class I product
● NHS Digital certified Clinical Safety Officer
● NHS Digital Information Governance Toolkit, level 3
Dr Michael Brooks is the certified Clinical Safety Officer and responsible for compliance and auditing against policies and standards.
Dr Philip Ashworth is the Data Protection Officer, policies state that any suspected breaches should be reported to him immediately.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- PatientSource implements a full audit trail for all access and changes. Any configuration changes are logged and security validation is carried out with a combination of periodic manual testing against current standards and a library of unit tests. Possible security impacts identified are then reported and resolved appropriately.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- PatientSource implements a full audit trail for all access and changes. Any configuration changes are logged and security validation is carried out with a combination of periodic manual testing against current standards and a library of unit tests. Possible security impacts identified are then reported and resolved appropriately (critical patches are usually applied within 48 hours but in no event longer than 14 days).
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- PatientSource implements a full audit trail for all data access and changes. All access to data are logged and suspicious connections can be automatically identified, terminated and reported. Incidents are responded to as soon as they are identified.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Processes follow the ISO 27035:2016 standard and are documented and regularly audited as part of our ISO 27001 audited ISMS.
Users can report events either directly via email/telephone or using our online reporting tools.
Incident reports are typically delivered via email/phone depending on severity and urgency.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- New NHS Network (N3)
- Joint Academic Network (JANET)
- Scottish Wide Area Network (SWAN)
Pricing
- Price
- £10 to £120 a person a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
-
Includes PAS, eNotation, eObservations for up to three months depending on size and type of organisation.
Exclusions that may incur additional charge:
Form configuration or observation chart customisation, enhanced support (out of office hours), staff account management, onsite staff training, integration with third party systems.