OpenEyes Electronic Medical Records for Ophthalmology

OpenEyes EMR provides Electronic Medical Records for Ophthalmology. Designed with eminent ophthalmologists from across the community: Cataract, Glaucoma, MR, AMD, VR, Emergency, Paediatrics etc.. Best-of-breed anatomical diagrams and forms allow EMR management whilst delivering care. Community optometrists and hospital outcomes drive progression dashboards, surgical audit, and RCOphth NOD Cataract Audit.


  • Record Examinations: patient history, finding, diagnosis, clinical management, and more
  • Record Operation Notes: including procedures, protocol used, agents, complication, etc.
  • Automatic Letter Correspondence Generation, Transmission to GP and Hospital EDRMS
  • Operations Listing and Scheduling
  • Medications and Prescribing
  • Virtual Clinic
  • Demographics and Clinic Lists: PAS Integration
  • Ophthalmic Device Integration: IOL Biometry, Visual Fields, Fundus Camera, OCT
  • RCOphth National Ophthalmology Database Cataract Audit
  • Structured Clinical Coded Data / Health Informatics


  • Patient records always available (no more missing paper notes)
  • All clinical information in one place
  • No duplication (no need to copy information between paper forms)
  • Dashboards provide concise view of patient condition and treatment plan
  • Data analytics, reporting, and extracts
  • Highly configurable to meet the needs of the Trust


£1000 to £2500 per instance per month

  • Free trial available

Service documents

G-Cloud 11



Jason Brown

020 7043 2002


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Configuration / Implementation / Integration / Training / Go-live Floor Walkers
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints Customers are required to upgrade to the current production version within six months of release. Minimum 2-years support contract required before go-live.
System requirements
  • Runs either in NHS Cloud (we host) or Hospital VM
  • Accessed from PC/Mobile Device using browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Initial response within 2 hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We can provide 2nd and 3rd line support withing with the Trusts Service Desk, or additionally we can provide 1st line support if needed (at extra cost). 8am-6pm M-F support typically costs between £1000-2500 depending on level of service required. Our Service Manager provides a monthly service report and holds monthly service review meetings with the customer. We follow ITIL Service Management processes.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Base service onboarding includes software installation, integration with active directory (LDAP), receiving patient and list update integration (HL7 ADT), system configuration guides, and user guides. Some supporting video clips will also be provided.

Additional onboarding services can be provided against our standard rate card, including:
- Pathway mapping ("as is" and digital "to be")
- Implementation
- Configuration
- Integration
- User Training
- Train-the-trainer Training
- Online Training Documentation
- Go-live Desk Notes
- Go-live Floor Walkers
- Ongoing Application Support and Maintenance

See price book for more details.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction We provide a complete and open copy of the database to the customer at the end of the contract (via IG safe channels), in database export or SQL script format.

Other export formats or data migration services are available if required, upon request, charged against our standard rate card.
End-of-contract process We provide a complete and open copy of the database to the customer at the end of the contract (via IG safe channels), in database export or SQL script format.

Other export formats or data migration services are available if required, upon request, charged against our standard rate card.

Using the service

Using the service
Web browser interface Yes
Supported browsers Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The application is designed to run in a web browser (Chrome/Edge), and also for use with pen and touch screen input mobile devices supporting Chrome browser.
Accessibility standards None or don’t know
Description of accessibility All non-text content that is presented to the user has a text alternative that serves the equivalent purpose. Compatible with all desktop text to speech technology.
Accessibility testing Tested application with Dragon text-to-speech for dictation.
What users can and can't do using the API Integrate with PAS, medical devices, OpenEyes Community Optom Portal, Document Management Systems, Hospital Acute EMR Systems, and many other services

Support Interoperability Standards include:
HL7, FHIR, DICOM, XML, REST, and others as required.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation OpenEyes is highly customisable, and all aspects can be tailored to meet the operational and clinical needs of the Trust.

Authorised end-users can customise the application using the administration screens, including reference data, workflow, user RBAC, medicines formulary.

Any other aspect of the application can be configured by AB EHR Digital upon request.


Independence of resources Servers sized for 5 years expansion usage. Dedicated server for live environments.


Service usage metrics Yes
Metrics types Service usage metrics collected in the application and in the web server and database tier.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach OpenEyes comes with inbuilt report and data extract tools. Extract tools are provided for the RCOphth National Ophthalmology Database Cataract Audit, and other dataset exchange programmes.

It can also be integrated with the Trusts existing data warehouse or Business Intelligence reporting solutions.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks N3 / HSCN connection or encrypted connection with secure NHS cloud data centre.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Secure closed network with Trust's hospital infrastructure or in secure NHS cloud data centre.

Availability and resilience

Availability and resilience
Guaranteed availability Subject to local Trust's VM infrastructure, or if hosted in NHS cloud, as per agreed SLAs,
Approach to resilience If hosted in NHS Cloud, Multiple Data Centres, UPS, Generators, Multiple National Grid Feeds, SAN Disk replication, Fire protection, and more.
Outage reporting P1 and P2 incidents, direct call to Trust's nominated contact points, including regular updates.

All included in monthly service report.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Integration with Trusts Active Directory/LDAP Authentication services.
Access restrictions in management interfaces and support channels The application has local Role Base Access Controls (RBAC) assign to authenticated users, to control access to application data and functions.
Access restriction testing frequency At least once a year
Management access authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards ISO/IEC 27001 documentation and processes in place. Accreditation planned Q3-2017.
Information security policies and processes We have a local Information Security Management System (ISMS) documentation in place have policies and procedures to support this. We are working towards ISO 27001 accreditation, planned for Q3-2017.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Software is managed in GitHub and Development and Fix tickets managed in Jira. Formal software release configuration management processes are used. Releases are tracked from development, through system test and user acceptance testing environments, where sign off is required by the customer before being released to live. We use a mixture of both automated testing tools and manual testing scripts.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Server stack software is upgraded regularly as part of our standard support and maintenance service, e.g. Operating system, web server and data base security patches applied. A security review is performed annually, or sooner if required and any risks/issued mitigated, and an action plan formulated. Application fixes from service management and bug fix procedures are usually deployed in a quarterly maintenance release, unless a more urgent release or hot fix is required (always by agreement with the customer).
Protective monitoring type Supplier-defined controls
Protective monitoring approach Automated monitoring tools look at system and application logs, server metrics, including CPU, Disk, Memory, and Network utilisation. Triggered incident tickets are automatically created in our service management tool for action by support engineers. Other checks are performed by service desk personnel on a daily basis.
Incident management type Supplier-defined controls
Incident management approach We have full ITIL service management processes including, but not limited to
Incident management procedures, problem management, route cause analysis, bug fix procedures, release management processes.

Users report incidents to our service desk, via our support portal, email, or telephone. Incidents are tracked through 1st, 2nd, and 3rd line support escalation as required. A monthly service report is produced and this is reviewed in monthly service review meetings with our service manager and the Trust/customer.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)


Price £1000 to £2500 per instance per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Access to trial system available upon request. Only for use with test patient data for IG reasons.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Terms and conditions
Service documents
Return to top ↑