SystemC Healthcare Limited

CareCentric

CareCentric Health Integration Exchange Platform provides: real-time, secure, unified shared care records via a Clinical Portal and Patient Portal; system integration/interoperability; IHE standards support; data capture forms for assessments, integrated care plans, End of Life; workflow; mobile solutions; Analytics and BI; innovative solutions for New Care Models of Care.

Features

  • Real-time shared record solutions, used by 50,000+ care professionals
  • Engaging and intuitive to use, with local configuration option
  • Browser and mobile access, including support for offline working
  • Seamless and secure navigation from local systems
  • Pre-configured data feeds available from leading care systems
  • Secure access, robust consent models and comprehensive audit trails
  • Simple creation of rule-based forms, including assessments and plans
  • Innovative use of wearable technologies/Apps/monitoring devices
  • Patient Portal enabling citizen engagement in their care
  • Proven business intelligence and reporting

Benefits

  • Safer, more targeted, coordinated and timely care across settings
  • Reductions in A&E attendances, unscheduled admissions and Length of Stay
  • Cost savings for unwarranted activities, e.g., appointments, admissions and tests
  • Improved communication and access to information for care professionals
  • Reduced clinical risk e.g. through more efficient medicines reconciliation
  • ‘Do once and share’: A reduction in duplication of effort
  • A reduction in the need for, and use of, paper
  • Improved management of complex and life-limiting conditions
  • Enablement of patient participation and engagement in their care
  • Better outcomes and improved quality of life

Pricing

£15000 per unit per month

  • Education pricing available

Service documents

G-Cloud 9

706663914236399

SystemC Healthcare Limited

Judi Holly

01622 691616

sales@systemc.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints The service is based upon a very 'open' software stack and deployment model. Specifically though;
- Browser access must be based on the approved list below
- Mobile device access must be based on supported mobile operating systems (IOS, Android as primary platforms)
- Mobile device management is not included - just the clinical applications
- The local deployment model *may* by constrained by local IG and security policies regarding presentation of secure information via N3 or public networks
System requirements
  • CareCentric is a browser based solution. Compatibility is as follows:
  • Web: IE8, IE9, IE10, IE11, Google Chrome (45.0.2454.101); Firefox (47.0.1)
  • Access to the web server via http/https
  • Mobile: Apple iPad 3 and above, iOS 8.1 and above
  • Android: 4.4 (KitKat) and above
  • Client Hardware: Multi-core CPU; Windows 7 or above; 2GB RAM
  • Servers: Number depends on size and scope of installation

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support is available on commencement of live service and we offer a variety of support packages. Each support package includes full details of call priority rankings and the corresponding response times agreed with the customer.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Options to suit customer's need. Typically 9 - 5.30pm. 24/7 or other daily times possible subject to agreed SLA and commercials. Costings depend on the number of product and user licences required. Support engineers are supplied as part of the Service Desk provision as specified under the Service Level T&Cs for each customer.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Graphnet training methodologies are based upon our 20 years of experience in supporting care providers in their implementation of our range of products. We have found that training users to adopt new working practices enabled by Graphnet products is a crucial aspect of the success of any transformational change within an organisation. The objectives for training will be to impart skills and knowledge highlighting how products can improve working practices to shape the way services are provided in the future.

Our preferred approach is to provide Train the Trainer training, so partners’ staff can then go on to deliver specialist training for end users. We will supply experienced, specialist resources, available throughout the life of the project, to support training activities. These resources can also support the partners in the development of training strategies and local training plans to ensure users are provided with appropriate training in new working practices.

All training courses usually take place on the customer’s site, however, other options/locations can be accommodated. Whilst traditional classroom training is preferred Graphnet are flexible in their approach and can support 1-1 delivery, distance learning and other aspects of blended learning.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Graphnet would expect to have included in the Contract with the customer a schedule setting out the parties’ obligation on “Exit”. This would include details of our obligations to transfer Authority Data in an agreed format.
End-of-contract process Graphnet would expect to have included in the Contract a schedule setting out the parties’ obligation on “Exit”, the schedule would typically include its obligations:
• to transfer Authority Data in an agreed format;
• the return, removal of any Authority provided software;
• the provision of other reasonable termination assistance at the Authority’s request at the Supplier’s standard rates (e.g. to assist with data migration to the replacement contractor’s system).
In addition, if necessary, a “read only licence” for historic data is possible.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service CareCentric uses native clients so that all the accessibility features of the device platform can be utilised, for example, if a platform supports voice dictation then voice can be used as an input medium in CareCentric, further enhancing usability and engagement with our solutions.

The solution is also configurable so groups of users can have a personalised workspace for each device type.
Accessibility standards None or don’t know
Description of accessibility CareCentric is designed to take account of W3C Web Content Accessibility Guidelines (WCAG) v2.0 in conjunction with the requirements of our health and social care customers. We develop an accessible, meaningful and intuitive system for all of our groups of users. In particular:
•Information tiles can be configured to present data in a variety of formats, font sizes etc. with a consistent and easy to read text spacing, and colour contrast
•CareCentric uses a standard CUI interface and users can interact with both keyboard and mouse, navigation is consistent throughout
•Headings and labels describing content and simple and unambiguous
Accessibility testing The solution has been designed taking into account the W3C Web Content Accessibility Guidelines (WCAG) v2.0 in conjunction with the requirements and needs of our broad range of health and social care customers. Our design and development approach is collaborative making use of Agile practices to ensure we develop an accessible, meaningful and intuitive system for all of our groups of users. In particular:
• Information tiles can be configured to present data in a variety of formats, font sizes etc.
• Tiles have a simple and clear layout, with a consistent and easy to read text spacing, and colour contrast
• CareCentric uses a standard CUI interface and users can interact with both keyboard and mouse, navigation is consistent throughout
• Headings and labels describing content and simple and unambiguous
• Our Patient portal has simplified views with information presented in a way consistent with non-clinical users
• Patient portal icons are intuitive and graphics are used where possible to simplify content meaning
It is important to note that browser based solutions inherit and, in some cases, are constrained by, features and capabilities inherent within the various infrastructures (browser and OS) the system works on.
API Yes
What users can and can't do using the API Third parties can embed CareCentric in their software in user and/or patient context sync. Conversely, CareCentric can launch third party software in user and/or patient context.
Third parties can surface data in CareCentric using the Highway data adapter layer.
Third parties can interact with CareCentric using a RESTful OpenAPI. The current API supports retrieval of patient lists, user authentication, patient consent, recording audit log entries, patient alerts, and patient record retrieval.
Potential integrators with our API can access the API documentation free of charge and also access the API free of charge. Our API access falls within the identified usage model due to the nature of the data being accessed, there would need to be identified access by this consuming system i.e. identified usage of the API
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Multiple system information contributed to the CareCentric shared care record is presented in accessible, intuitive and clinically meaningful views. Data is displayed in tile views grouped into, for example, Medications, Problems, Diagnoses and Procedures, Test Results, Current Problems, Recent consultations, Admissions, Summaries of any specialist care, e.g., Cancer, Mental Health and Social Care, and so on. Documents, which could include care plans made and discharge summaries issued are also available to view.

The structure and format of these views can be easily configured, for example, the tiles shown, the order in which they are shown, data available at the initial top tile level view and subsequently within the further drill-down level of detailed information. This means the solution can be configured to provide meaningful views of information tailored to suit different user requirements, for example, Emergency Care users typically require a view that includes medications, test results, recent activity and so on, but those involved in long term conditions often require care plan and or nursing notes to be presented on the first views and Social Care users will require the summary of social care information presented alongside other key care contacts and so on.

Scaling

Scaling
Independence of resources Availability is a key consideration in our comprehensive approach which covers the hardware platform, software design and associated processes which cover Support and Maintenance, Business Continuity and Disaster Recovery.
For a solution managed on the Authority’s site, we would work with customers to help ensure that the solution will be appropriately ‘sized’ to meet the numbers of registered users required and provide the required response times.
For a Hosted (fully manged off-site) solution our partner System C will provide a solution that has been sized appropriately for current and agreed future expansion requirements, with redundancy built in.

Analytics

Analytics
Service usage metrics Yes
Metrics types The metrics provides relate to;
- Number of user logins over time
- Number of repeat user accesses or users using the system more than once
- Number of patient records accessed
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Contributing systems flow agreed data to the CareCentric via CareCentric Highway, the integration engine, which is pre-configured to collect data from systems. Updates are performed in real-time and/or near real time via messaging (using recognised messaging standards), or via the upload of defined data extracts (CSV files for example).
Data from the system can be exported as defined data sets in CSV format etc. if required, subject to specific agreement as to the content of those datasets
CareCentric Highway follows the HL7 v3 CDA architecture. Messaging standards supported include: HL7 V2, V3, FHIR, NHS Digital MIMs, ITK, Edifact and others
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Service Level Agreements, including compensation arrangements, are flexible to meet our customer's individual requirements, budgets and priorities. Full details would be agreed as part of contract negotiations. It is normal for us to contract to a service the puts a meaningful element of the monthly service charge at risk if, for example, the agreed availabiltiy (such as 99.50%) is delivered
Approach to resilience Our Care Alliance partner, System C provide a resilient, robust secure and highly available hosting service. System C’s Data centres are certified to ISO27001, ISO9001, ISO14001, OHAS 18001, BS 25999-2 and PCI DSS standards. Full details regarding our service, including resilience, availability, security, business continuity and disaster recovery, will be made available on request.
Outage reporting All outages are recorded as part of the incident management process and should a problem be detected then the service desk will inform the customer as required.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels All CareCentric applications include an in-built system security model which allows management and control of access at user and group level using a full Role Based Access Control (RBAC) model. Permissions can be set by role, organisation, user group, patient group and in special sets. A sealed envelope module is built in, together with full audit trail functionality. The ability for the patient to access data in the Patient Portal is actioned using Microsoft Health Vault as the security and access control layer.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 15/07/15
What the ISO/IEC 27001 doesn’t cover The scope of the ISO/IEC 27001:2013 certification is limited to the information security management system (ISMS) supporting the management of the infrastructure and services platform used to support the service
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations
  • IG toolkit (NHS Digital ODS code 8GX89).
  • ISO9001:2008, (FS614373);
  • Data Protection Act 1998 (DPA) – registered number Z1045461
  • Level 3 compliance with NHS IGSoC

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards IG toolkit (NHS Digital ODS code 8GX89). ISO9001:2008, (FS614373); Data Protection Act 1998 (DPA) – registered number Z1045461. Level 3 compliance with NHS IGSoC
Information security policies and processes NHS Common User Interface patient banner compliance
Other SCCIs/ISNs applicable to shared care record solutions, including ISB 0129 and DSCN14-2009.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Graphnet follow a standard ITIL deployment methodology and use AGILE Design and Development practices for the iterative delivery of software releases which may include major or minor features / functions and any patches. We use JIRA case management system to log, track and manage change requests.

All Releases and changes are version controlled through our Change Management process. All patches are tested internally prior to deployment and are monitored for success. Customers are provided with Release Notes and are advised to carry out formal acceptance testing where any bugs may be identified prior to deploying to the LIVE environment.
Vulnerability management type Undisclosed
Vulnerability management approach The overall architecture of our solution is based on a modern, enterprise, n-tier architecture, designed to be secure and robust. It uses Windows Server 2012 and IIS hosting which employs a federated security model.
Security and integrity of Graphnet applications is tested at every major Release through formal penetration testing, carried out by an accredited independent Information Security practitioner to exacting criteria set by CREST and CHECK.
Our AGILE development approach enables rapid bug resolution and deployment of software updates.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The overall architecture of our solution is based on a modern, enterprise, n-tier architecture, designed to be secure and robust. It uses Windows Server 2012 and IIS hosting which employs a federated security model.
Security and integrity of Graphnet applications is tested at every major Release through formal penetration testing, carried out by an accredited independent Information Security practitioner to exacting criteria set by CREST and CHECK.
Our AGILE development approach enables rapid bug resolution and deployment of software updates.
Incident management type Supplier-defined controls
Incident management approach Incidents are formally managed through Graphnet's Support Desk, using an ITIL focused call logging application to record, track and manage issues through all stages of the incident lifecycle. The Service Desk is briefed on the service responses agreed through the customer contracts and use the incident logging application to monitor incidents’ service level response times.
Problems are identified through incident reviews and managed through diagnosis, resolution and planned changes. These reviews of issues attempt to identify trends/ recurrent issues; when identified, these undergo a root cause analysis and recommendations are made for changes to the product based on the analysis.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)

Pricing

Pricing
Price £15000 per unit per month
Discount for educational organisations Yes
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑