Rapid Electronic Patient Record - Telemedicine
A Cloud based fully automated electronic patient record (ePR) for ambulances, civilian and military pre hospital care. Telemedicine real time vital sign data transmission and video conferencing including augmented reality (AR).Optional mass casualty management and safeguarding module. Real time data visibility and data export to 3rd party systems using FHIR
Features
- Real Time Data Visibility
- Remote Access
- Configurable EPR to Service Needs
- Real Time Analytics
- Wireless Vital Sign Transmission
- Remote Device Management
- 3rd Party Software Integration
- Hi Definition Video Conferencing
- Decision Support with algorithms
- KPI Reporting Analytics
Benefits
- Real Time Data Visibility from Multiple Devices and Multiple Locations
- Instant Communication for Ease of Access and Safety
- Instant Alerting to Receiving Hospitals with GIS Tracking
- Proven Clinical Decision Support with Algorithms to Detect Deterioration
- Reduce Unnecessary Transfers and Diversions
- Audit of Patient Journey for Enhanced Governance
- Safe Guarding Module
- Mass Casualty Management Module including Integrated Hospital Status
- Increased Service Provision, Efficiency and Safety
- Medication Management using Bar Codes
Pricing
£1,000 to £3,000 a device a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
6 5 0 5 6 4 7 7 9 1 4 1 3 3 2
Contact
Blackspace Technology Ltd
Dr David Morgan
Telephone: +447836648923
Email: david.morgan@blackspacetechnology.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Existing Digital Healthcare Systems
- Cloud deployment model
- Hybrid cloud
- Service constraints
- No - Cross Platform Road Map - currently available on Android due to ESN Device Road Map but will also be able to be deployed on Windows and IOS devices in the near future if required
- System requirements
- No specific requirements needed
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Level 2: 24/7
Level 3: 9-5 (UK Time) Monday to Friday (Except Bank Holidays) - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- None
- Onsite support
- Yes, at extra cost
- Support levels
-
Level 2: 24/7
Level 3: See below
Questions are answered within one working day. Our standard support service is available Monday-Friday 9am to 5pm. Additional 24/7 support is available upon request for Priority One issues. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
BST provide a comprehensive deployment process to ensure that users are well supported to start using our service. The process includes all aspects of service setup including service operational pathway definition, reporting requirement definition and a structured project implementation plan to ensure buy-in from your key stakeholders.
Implementation of this plan includes support from our implementation managers providing electronic materials and onsite or online training along with customisable user documentation to meet your needs. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- The BST project close procedure includes details of how data shall be provided to users when a contract ends. All data is hosted in an Microsoft Azure SQL database enabling BST to be flexible to meet our customers data extraction needs.
- End-of-contract process
- The BST project close procedure details what happens at the end of a contract, including any equipment collection, Cloud service shutdown and data delivery anddeletion. These elements are included within the solution cost.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- MacOS
- Windows
- Windows Phone
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- None - service designed to work on both
- Service interface
- Yes
- Description of service interface
-
The service is a Web API interface which uses the http(s) protocol. At present the API has
many things in common with the RESTful paradigm. We are in the process of making the
interface RESTful. - Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- The UI and UX of the solution has been tested by users at a Hereward Disability College in Coventry with users of assistive technology. The user interfaces have been modified to be compliant with the users feedback and needs.
- API
- Yes
- What users can and can't do using the API
-
BST offers the opportunity to provide integration subject to specification at both basic and detailed levels; by way of example the following data fields have been used successfully in existing integration projects: BST to partner systems - Patient measurements (including EPR format and vital sign data) - Patient alerts (including health and non-health alerts)
Alert outcomes (actions and responses to alerts captured by the clinical/technical teams) - Included all messages and updates captured on BST application - Patient status changes(including online / offline / discharged from service messaging) Partner systems to BST -
Patient demographic information (create and update information) Currently users can also make changes to their profile information and passwords but this will be expanded in the future to other functionality in response to client feedback and needs.
We are using Microsoft InTune or Google Play Store to provide per-device configuration. We can integrate with any Mobile Device Management system available. There is an internal Web Based API which our Web App uses to configure and interrogate our service. We will be providing an external version of this in the near future. - API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
The BST Cloud solution is designed to be configured to meet the operational needs of the service delivering pre hospital care and telemedicine. Key aspects of the solution including patient grouping, alerts, alert outcomes, monitoring configuration, data fields, user interface and work-flow can all be configured within our system. Users can make changes to their profile - username, reset passwords etc. We can also configure security providers, languages/internationalisation Our implementation plan includes working through the
Configuration Checklist to capture and implement core solution configuration. Further in-life configuration can be performed by an appropriately authorised MDM administrator such as
user interface and data fields including algorithms.
Scaling
- Independence of resources
-
Microsoft Azure uses Multi Tenancy to avoid such problems. AutoScale is
a built-in feature of Cloud Services, Mobile Services, Virtual Machines and
Websites that helps applications perform their best when demand
changes. Of course, performance means different things for different
applications. AutoScale can scale the service by any of these – or by a
custom metric that you define.
Analytics
- Service usage metrics
- Yes
- Metrics types
- A wide-range of operational metrics are available for our service including: system availability, system utilisation, data usage, alerts by patient and monitoring clinician, alert outcome tracking and benefits realisation, Service and National KPIs
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- User data can be exported using the integrated facilities via the Cloud and/or by contacting our customer support team.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- HTML5
- FHIR
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- HTML5
- FHIR
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
Using Microsoft Azure Cloud Hosting allows 99.9% financially
backed SLA:
http://microsoftvolumelicensing.com/DocumentSearch.aspx?
Mode=3&DocumentTypeId=37 - Approach to resilience
-
Microsoft Azure Data Centre resilience is fully compliant with Gov.UK
and is available on request. - Outage reporting
-
Currently make available a public dashboard as well as our current
email alerts. In the future it will be available by an API if required by clients
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Access restrictions in management interfaces and support channels
- Users need to have 2 factor authentication before they are allowed access to management interfaces and support channels to report faults or request changes to the service.These may be conducted through an encrypted service management web portal, or through support channels such as email.Any management changes that have a security impact are performed over secure and authenticated channels and are subject to an audit trail.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- MTCS Accreditation Body - Microsoft Azure Accredited
- ISO/IEC 27001 accreditation date
- 8/4/2018 Microsoft Azure
- What the ISO/IEC 27001 doesn’t cover
-
Please see
https://abox.com/PDFM/Microsoft%20Azure%20Compliance%20Offerings.pdf - ISO 28000:2007 certification
- Yes
- Who accredited the ISO 28000:2007
- MTCS Accreditation Body - Microsoft Azure Accredited
- ISO 28000:2007 accreditation date
- 18/5/18 Microsoft Azure
- What the ISO 28000:2007 doesn’t cover
-
Please see
https://abox.com/PDFM/Microsoft%20Azure%20Compliance%20Offerings.pdf - CSA STAR certification
- Yes
- CSA STAR accreditation date
- 24/10/2018 - Microsoft Azure Accredited
- CSA STAR certification level
- Level 5: CSA STAR Continuous Monitoring
- What the CSA STAR doesn’t cover
-
Please see
https://abox.com/PDFM/Microsoft%20Azure%20Compliance%20Offerings.pdf - PCI certification
- Yes
- Who accredited the PCI DSS certification
- MTCS Accreditation Body - Microsoft Azure Accredited
- PCI DSS accreditation date
- 07/03/2018 Microsoft Azure
- What the PCI DSS doesn’t cover
-
Please see
https://abox.com/PDFM/Microsoft%20Azure%20Compliance%20Offerings.pdf - Other security certifications
- Yes
- Any other security certifications
-
- Cyber Essentials - Microsoft Azure (BST inprocess)
- ISO 20071:2013 - Microsoft Azure (BST in process)
- ISO 27017:2015 - Microsoft Azure Cloud Hosting
- ISO 27018; 2014 - Microsoft Azure Cloud Hosting
- NHS IG Tool Kit - Microsoft Azure
- CSA Star Accreditation and Attestation - Microsoft Azure
- UK National Cyber Security Centre (NCSC) 14 - Microsoft Azure
- UK PASF - Microsoft Azure
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- CSA CCM version 3.0
- Information security policies and processes
-
BST's Microsoft Azure Cloud infrastructure has fully accredited Security
Standards:
https://www.microsoft.com/enus/trustcenter/compliance/complianceofferings
BST are working towards gaining ISO/IEC 27001 accreditation. Within our Information Security Management System we include the following policies:
Information Security Management Policy; Mobile Devices Computing and
Access Policy; Internet Usage Policy; Email Usage Policy; Remote Access
Teleworking Policy; Secure development policy; Secure Records Disposal
Policy; Clean Desk Policy; Data Protection Policy; BAU Firewall Rules
Policy; Information Security Policy; Information Security Incident
Management Policy.
Reporting is completed by our IT Director to the board of directors and policy compliance is ensured through our ongoing monthly audit programme, defined in line with our ISO-27001 accreditation (in
process).
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- All service components are managed in line with the best-practice put forwards by ITIL. All changes are recorded and approved by the Change Control Board prior to implementation and service component registers are regularly updated and distributed. Changes are assessed for potential security impact in line with our Secure Software Design Lifecycle and verified by our System Test team as well as being assessed by our regular application security and penetration testing at least every 6 months.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Potential threats to our services are assessed in line with the Risk Management policy defined within our Information Security Management System. Patch management is managed by our Microsoft Azure Cloud Partner in line with their procedures and policies. Threats warnings are obtained from our partner organisations such as Microsoft, Google and NHS Digital
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Protective monitoring is included as part of the fully managed service we procure from our Microsoft Azure partner and is managed in line with their policies and procedures as a Tier III facility provider. The Microsoft Azure has standard response times for potential compromise and response to incidents.
https://azure.microsoft.com/en-gb/support/plans/response/ - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
BST in partnership with Microsoft Azure provides pre-defined processes for common events through our knowledge base solution and has an electronic tracking system to enable users to report incidents. Security incidents may include, but are not limited to: e-mail viruses, malware, worms, denial of service attacks, unauthorized access, other type of unauthorized, or unlawful activity involving computer networks or data
processing equipment. Our process consists of the following: Identification, containment, eradication, recovery, lessons learned, and communication. Incident reporting is managed in line with our standard processes and reviewed at the regular management team review as defined in our policy.
https://blogs.technet.microsoft.com/yuridiogenes/2018/04/12/incident-managementimplementation-guidance-for-azure-and-office365/
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- Police National Network (PNN)
- NHS Network (N3)
Pricing
- Price
- £1,000 to £3,000 a device a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
-
Access to device(s) and Cloud services for a limited time depending on
scope of project Not included - T&E, specific configuration, data charges
and access to Cloud reporting