PatientSource Ltd

Electronic Patient Record Solution

PatientSource is a clinician-designed Electronic Medical Record solution for hospitals and community care.

Features:
Case Notes
PAS
Observations
ePrescribing
Investigations
Electronic Discharge
Auditing
Bed Management
Patient Direct
Health IoT
Health Artificial Intelligence
Health Machine Learning
Health Automation
Health Integration
Integration Engine
Instant Clinical Messaging
Health Clinical Consulting
Health Strategy

Features

  • Designed by doctors Built by the people from the NHS!
  • Tablet-compatible - Take it right up to the bedside
  • Works on tablets, laptops, desktops without needing installation.
  • Cloud-based Massively reliable, automatically backed up.
  • Powered by AI Artifical Intelligence to assist diagnosis.
  • Excellent value Built on modern, battle-hardened Open Source components.
  • Modular - Take just the parts that you need.
  • Patient portal - Patients can review their record from home.
  • Per user, per month subscription pricing.
  • Single Clinical user interface - Integrates other solutions.

Benefits

  • Front-line staff find it really easy to use.
  • Empowers the keeping of contemporaneous clinical notes.
  • Minimal IT Team intervention required. Quick to install.
  • Never worry about running the infrastructure yourself again.
  • AI: detect deterioration and forecast resource usage.
  • Low cost, high value. No hidden licence fees.
  • It will interoperate with other clinical and information systems.
  • Patients and carers engaged and empowered in self care.
  • No capital, low risk only expand if solution is right.
  • Reduce clinical risk. Ease of training. Information always available.

Pricing

£10 to £120 per person per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10

637292973843535

PatientSource Ltd

Dr Michael Brooks

01223851273

sales@patientsource.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Our services are designed to be ultimately flexible and mould to the customers needs. No constraints apply when using any of our cloud deployment configurations. On-site server deployments may have variations in the SLA.
System requirements
  • Customer has to run a modern internet browser.
  • Robust and comprehensive Wi Fi coverage for handheld device use.
  • Robust and comprehensive Information Governance framework and training.
  • Resilient connection to the internet with sufficient bandwidth.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times With it being a clinical application we have tiered incident response times which can be set to the individual customer requirements.

24/7 - 365 Service desk provided by our partners - P1 incident response times available.

Response times are not different at weekends.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 A
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels PatientSource specialises in highly functional and cutting edge clinical software.

We utilise partners who are experts in their field of Service Management and support.

Our partners include:
Capita
Insight
TrustMarque
PA Consulting

PatientSource will act as a strategic partner to customers, helping them assess each partner and their support offerings against the PatientSource modular functionality they are taking and any future road map considerations for the best fit.

Pricing is very flexible and tuned to the unique characteristics of the PatientSource modular solutions and incident report times selected.

If a customer has a preference for a support provider we are not currently partnered with, or they are already in contract with a service provider, PatientSource is open to considering extending the partnership scheme to the entity, providing they meet our exacting standards.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started PatientSource take a consultative approach, from first engagement, we host as many conference calls and in person meetings to describe and demonstrate the full range of PatientSource modules.

Alignment is made to the customers aspirations, including any potential 3rd party vendors to complement PatientSource functionality. This will also include future road map considerations.

A high-level functional description is created, reviewed and approved by all parties forming a key component of the Prince 2 – Project Initiation Document.

Iterative agile cycles of customisation and any bespoke coding are undertaken before a production version of PatientSource is offered for end user acceptance testing.

PatientSource can train end users directly, or a more efficient way is for Train the Trainer sessions to empower the organisation for self-sufficiency in the future.

Comprehensive end user focused training documentation, videos, blogs, messages from the customer senior management team are produced and shared online and whichever mediums work for the organisation in question.

PatientSource provides floorwalking and after care support, end user positive experience is paramount.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats Anything the customer requires, we are very flexible.
End-of-contract data extraction PatientSource features a database extraction layer – Relevant patient information fields can be uploaded to a customer data warehouse, noting of course that the data schema and PatientSource IP must be protected.

Patient data can be exported to PDF enabling the customer to host in an EDM solution.

A one-off fee at the end of the contract will provision a read only “static” copy of PatientSource, the configuration and patient data held as per the day of contract expiry. This can take the form of a “mothballed” instance on the Microsoft Azure cloud, consuming only storage resources (payable by the customer) or a look up read only version, consuming both compute and storage.
End-of-contract process PatientSource will provide an automated PDF extract of each patient registered in the customers PatientSource instance within the price of the contract.

PatientSource will provision access to the database abstraction layer within the price of the contract. PatientSource will assist the customers information team in designing an interface and export routine for a reasonable time and materials charge.

PatientSource will provision a stand alone, read only “snapshot” version of the solution as it was presented on the final day of the customer contract. This will attract a charge for the provision and a monthly storage and compute charge for the hosting on the public cloud.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service PatientSource intelligently renders to the mobile device screen size automatically.

PatientSource features stylus support, enabling signatures and annotations on clinical sketches.
Accessibility standards WCAG 2.0 A
Accessibility testing We had a range of testers with assistive needs during our 4 year iterative development cycle inputting into the design of PatientSource.
API Yes
What users can and can't do using the API We have HL7 interfaces which will work with many third party clinical systems.

Where we need to come up with something new, PatientSource Ltd employs some of the brightest software engineers who all graduated from the University of Cambridge. Our teams regularly undertake systems integration work for clients to get PatientSource talking to your third party systems.

Examples of interfaces we have achieved in real clinical environments:
TIE / interoperability platforms (such as Mirth, Ensemble and Rhapsody)

Automatic importing of blood test results the moment the results are announced by blood analysers.

Real-time operating on top of legacy Patient Administration Systems and Patient Master Index systems.

Automatic exporting of PatientSource data securely into a legacy PDF archiving system.

We don’t usually need the third party vendor’s assistance to do this, just API schema or permission to probe the third party system for tap points.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Firstly PatientSource is modular and within those modules, access provisioned to individuals within the organisation, this "system level" customisation ensures high value, a customer only ever pays for what they use, rather than one small team needing a specific module and it having to be licenced for the whole organisation.

PatientSource features a form builder with intelligent fields. Customers can (with a small amount of training) replicate their paper forms digitally.

Customers can design completely new clinical pathways once empowered with the convenience of digital forms.

Automatic alerts for monitoring thresholds can be individualised to the customers needs. PatientSource will come setup with national metrics, the National Early Warning Score for example, the customer can tweak as required.

There is an admin console featuring a powerful and comprehensive customisation tool.

Scaling

Scaling
Independence of resources PatientSource scales through partners, utilising companies whose sole focus is service management or deployment to deliver to our clients.
We maintain multiple partners offering similar services ensuring we a myriad of options and are not reliant on a single supplier.
We can mandate quality metrics, swop personnel out if there are any issues holding the company contractually to account.

For the nucleus of PatientSource services, cutting edge clinical software, we maintain a collective of Cambridge educated software developers who represent the best of the “Gig Economy” working flexible contracts, bringing in experiences and ideals from other sectors in-between PatientSource contracts.

Analytics

Analytics
Service usage metrics Yes
Metrics types PatientSource provides the facility to write custom queries to the data to populate useful dashboards to help inform care and organisational management.
Reporting types
  • API access
  • Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported through a number of channels including automatic periodic export to connected systems or manual export of selected data. Formats include database extraction in SQL, CSV, or rendering as PDF.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • SQL
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Images (JPG, GIF, PNG, etc.)
  • PDF
  • Word DOC

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability PatientSource can be hosted within a private or public cloud. Public cloud availability terms, SLAs and financial guarantees are flowed down through the customer contract.
Approach to resilience PatientSource can be hosted within a private or public cloud.

Public cloud availability terms, SLAs and financial guarantees are flowed down through the customer contract.

Resilience levels are dependent on the selected host supplier.
Outage reporting Email alerts and an API can be used to report service outages

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels PatientSource provides a granular permissions matrix that can be applied on both a user group or individual level ensuring appropriate access to interfaces.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Certified International Systems Ltd.
ISO/IEC 27001 accreditation date 08/03/2018
What the ISO/IEC 27001 doesn’t cover Devices, servers and networks physically maintained and controlled by clients.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes The PatientSource architecture has security and confidentiality “designed in”. We employ a security architecture following the best practice recommended by Bruce Schneier.

We are ISO27001 certified. All patient data is encrypted at rest, and in transit.

Relevant certifications:

● ISB 0129 (Clinical Safety) compliant
● ISO 9001
● ISO 14001
● ISO 27001
● MHRA Class I product
● NHS Digital certified Clinical Safety Officer
● NHS Digital Information Governance Toolkit, level 3

Dr Michael Brooks is the certified Clinical Safety Officer and responsible for compliance and auditing against policies and standards.

Dr Philip Ashworth is the Data Protection Officer, policies state that any suspected breaches should be reported to him immediately.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach PatientSource implements a full audit trail for all access and changes. Any configuration changes are logged and security validation is carried out with a combination of periodic manual testing against current standards and a library of unit tests. Possible security impacts identified are then reported and resolved appropriately.
Vulnerability management type Supplier-defined controls
Vulnerability management approach PatientSource implements a full audit trail for all access and changes. Any configuration changes are logged and security validation is carried out with a combination of periodic manual testing against current standards and a library of unit tests. Possible security impacts identified are then reported and resolved appropriately (critical patches are usually applied within 48 hours but in no event longer than 14 days).
Protective monitoring type Supplier-defined controls
Protective monitoring approach PatientSource implements a full audit trail for all data access and changes. All access to data are logged and suspicious connections can be automatically identified, terminated and reported. Incidents are responded to as soon as they are identified.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Processes follow the ISO 27035:2016 standard and are documented and regularly audited as part of our ISO 27001 audited ISMS.
Users can report events either directly via email/telephone or using our online reporting tools.
Incident reports are typically delivered via email/phone depending on severity and urgency.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • New NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)

Pricing

Pricing
Price £10 to £120 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Includes PAS, eNotation, eObservations for up to three months depending on size and type of organisation.

Exclusions that may incur additional charge:
Form configuration or observation chart customisation, enhanced support (out of office hours), staff account management, onsite staff training, integration with third party systems.

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑