Hospital Services Limited

HSL - Cloud Diagnostic Telemedicine Software

The HSL- Cloud Diagnostic Telemedicine Software is a specialised cloud based software subscription. The software enables the consultant to link with the patient in another healthcare/carehome setting and conduct a live consultation. Clinical data can be shared live and patient/healthcare can include any information relevant including scans or medical information.


  • Enables 100% live patient assessment from remote locations
  • Collaborative clinical telemedicine assessment tool for clinic and remote site
  • Cloud to Cloud HL7 Integration, no data stored
  • Cloud software to enable diagnostic medical information
  • Data in motion protected by TLS, at rest AES 256
  • Firewall traversal using STUN and UPnP so no firewall changes
  • Facility Management included
  • Comes enabled for general medical examination
  • Interactive patient examination workspace to view diagnostics and video conferencing
  • Seamless integration into existing workflow & EHR systems


  • Seamless connectivity
  • Live data and patient assessment
  • Service can often be used with standard medical devices
  • Supports remote camera control (if suitable camera connected)
  • Offers access to medical expertise quickly without need to travel
  • Improves the reach of scarce and speciality services
  • Solution successfully used in over 100 countries
  • Full support included for 3 years
  • Simple user interface which can be customised
  • Speeds up the decision making process


£641.00 per licence per month

  • Free trial available

Service documents

G-Cloud 11


Hospital Services Limited

Joanne Rix


Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to HSL Telemedicine Client App
HSL Cloud Connect
Cloud deployment model Public cloud
Service constraints Maintenance windows will adhere to the existing Change Management process with a 10-business day notification period. Emergency changes are managed as one-off scenarios and each organisation will be contacted by email and phone as soon as possible before the event. Where possible, maintenance will take place outside core business hours. This software solution requires mandatory training as specified in the HSL Client Support Services price list
System requirements
  • Supply of devices - Tablet, Smartphone, IPad, Medical Equipment
  • Supply of network
  • Bandwidth from 256 kbs - 2 mbs

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support requests will be acknowledged within 2 hours. The Support Operations Centre (SOC) is available 09.00am-17.00pm Monday to Friday (excluding UK public holidays). If the SOC is required outside of this window, arrangements can be made and priced depending on the requirement and application.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We adapt our support to the needs of the users and can offer most support levels requested by clients. We are able to provide first and second line support to our clients. We have provided both real-time telephone support and mail support. The costs of each of these models is tailored to the specific needs of our clients to ensure the right level of support is provided to the service in question. In all of our client engagements there will be a dedicated account manager and a cloud support engineer and technical account manager depending on the needs of the client which is identified during on boarding process.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Once an order for Cloud Telemedicine Service has been received, the order will be passed to your dedicated account manager who will then complete the following: Clarify the use of the service and the requirement with the buying organisation; Deployment options and timescales; Organisation Administration details; Individual user and device details; Training delivery and user documentation either on site or remotely.
Once the use of The Cloud Telemedicine Service has been activated, basic onboarding emails, followed up with review meetings between owners, users and HSL account managers to discuss and understand the features of the service and increase usage and adoption within your organisation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction There is no data to be extracted at the end of the contract, there is metadata that is created as part of the services and this is deleted in line with our retention policies. Further Information is available on request in relation to data extraction.
End-of-contract process 90 days prior to the end of the service term the customer will be informed of the termination of the service date by email, followed up by telephone. Offboarding will then be agreed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Based on simplicity, our solutions have been designed with the familiar interface for all desktop and mobile applications to ensures a seamless experience across all devices.
What users can and can't do using the API The API/HL7 /FHIR can be integrated into Health Information Technology systems to streamline telemedicine with your current workflow. Changes would be managed by our engineering team to provide the API coding required for integration and changes. We have a robust APR architecture for full integration and implementation.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Customisation is available integration API's. The software can be branded with Company logos. The customisation would be by HSL.


Independence of resources The services, when contracted, will be assured to give the capacity required, the services will not be affected by other service users. Capacity and resource planning is managed as part of our management procedures and monitoring processes.


Service usage metrics Yes
Metrics types Facility management provides enhanced user and system reporting capability allowing more detailed information regarding system and user utilisation that can be aggregated and compiled across to any other reporting platform. The reports can provide data on number of calls; number of users; length of calls; average wait time; connectivity rate.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Reseller providing extra features and support
Organisation whose services are being resold AGNES AMD

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach The service does not store data regarding participants beyond that which is necessary to uniquely identify them on the Services. Patient Health Information will be temporarily held for the life of the session in an encrypted format and erased immediately after the session ends. This allows healthcare organisations to store their PII in their own EMR to maintain consistent workflow.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The SLA for each main service elements: 1. Core services; components that are crucial to access the service: the calling network, endpoint registrations, the VMRs . Guaranteed uptime for this is 99.9%. 2. Secondary services; non-critical service items like the analytics. Guaranteed uptime for this is 99.5%. The customer will be entitled to a Service Credit for each Severity 1 – 3 Fault which is not rectified within the guaranteed resolution time. 1. The Service is down or there is a critical impact to business operation. No workaround exists. HSL will commit full-time resources to resolve the issue. 2. Operation of components of the HSL platform are severely degraded or business critical aspects of the End Users’ experience are negatively impacted by unacceptable performance. 3. A light degradation of service with medium to low impact on business operations. Single user is able to operate normally but with some inconvenience. For each fault affecting a Service which is not rectified within the resolution time, a Service Credit will be payable calculated as 3% of the monthly recurring charge per day for the relevant service and customer. One month’s credits can not exceed the monthly recurring charges for that month.
Approach to resilience The service consists of servers that have redundancy through a clustered server system of redundant Data Centres. The Data Centres can operate together or separately to create full redundancy, providing for a robust and high-availability call service. We test and monitor our resilience strategy within our business continuity, incident management, emergency and resilience planning, focusing on maximising availability and minimising incident occurrence as well as ensuring timely recovery. Further information is available on request.
Outage reporting Planned outages will be advised by email and/or telephone within 10 working days. Where possible these will take place out of core business hours. For any unexpected disruptions, we will advise the user by telephone followed up by email. This will detail the nature of the outage, what the incident is, the expected down time or alternative options and when we expect the service to be resumed. We will contact all users once throughout the outage with updates and confirm once normal service has been resumed. For any service outages, we will follow our incident management procedures detailed within our Business Continuity Plan. All incidents will be fully documented, reviewed and conclusive action be implemented where possible.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels As the onboarding process, we work with the organisation to look at the security requirements. Users are allocated appropriate levels of access to the service i.e administrative or user rights. Any changes after go live are subject to approval by the customers authorised administrator. All users of our service have access to support channels.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications HIPAA

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards HIPAA Compliant, the standard for sensitive patient data protection ensuring physical, network, and process security measures. We are in the process of gaining accreditation for ISO27001 and Cyber Essentials. All our policies and procedures are in line with the Information Security Management System but are not yet certified
Information security policies and processes The reporting structure consists of the ISM Team. The Management Team understands its accountability and champions it at every level throughout the business. The ISM Team ensures that the business is compliant with all applicable legislative, regulatory, security and corporate governance requirements and also with the client requirements. The ISM Team has nominated appropriate individuals to be responsible for the day to day implementation, maintenance testing and upkeep of the ISMS. Quarterly internal audits are conducted to exercise, review and ensure maintenance of both practices and procedures are followed and relevant. Business Continuity and Disaster Recovery Business; Impact Analysis Resilience strategy Technical Security Procedure – including access controls policy/technical security management policy/encryption Risk, Assessment Applicable legislation, Change Management Procedure, Communication Plan, Data Protection Policy, Improvement and Corrective Action, Information Classification, Information Security Management Procedure, Incident Reporting, Process Starters and Leavers, Procedure Statement of Applicability and Objectives & Measure Tracker

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All components of our services are tracked through their lifetime. Changes are assessed for potential security impact. Once we have identified the project, accountability is established. Process tracking describes how the configuration change is controlled and measured. The whole process is documented. The ISM team assign and document every aspect from identification, changes through to the tracking of accountability. The ISM Team, along with stakeholders, meet to discuss. The ISM Team set audits that cover all stages of the project. The final audit is documented and describes the full security and configuration on completion.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach The service consists of both in-house authored applications as well as those provided by vendors. Anti-virus and anti-malware detection software is always kept current. The service closely monitors the devices and resources which comprise the Service Network for unusual activity such as traffic spikes, gross changes in device registration counts, and suspicious access attempts. As security notifications from the vendors are disclosed to the technical escalation team (ISM) who assess the threat and level of exposure, and then takes appropriate action to remediation the issue within an appropriate time scale applicable to the threat following our ISM processes
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach The Service Network employs Intrusion Detection System (IDS) solutions as part of its strategy to secure its infrastructure. The data centre is closely and continually monitored by an Operations Team 24x7x365, including tracking of traffic volume, activity, and usage patterns. Trending patterns are logged and studied in addition suspicious changes to historic load patterns are tracked and scrutinised to identify potential issues and threats to the service. Logs are produced daily for every production device in the service with our operational team receiving automated notifications which will be actioned according in accordance with our ISM processes.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Reported by telephone/email to the SOC with escalation to the ISM Team. Service Incidents or reported weaknesses are tracked via the Improvement Log Report. The SOC will raise a security incident report (SIR) and update the security incident log (SIL) with information. The ISM Team will categorise and priorities the incident. A response will be given by phone/email after the category and priority has been established. An investigation is conducted and diagnosis agreed. The resolution and recovery phase is then instigated. Changes will engage the change control process. The conclusion will be updated on the SIR/SIL and stakeholders advised.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £641.00 per licence per month
Discount for educational organisations No
Free trial available Yes
Description of free trial We are able to offer a trial period of 3 months, however, extensions are possible dependent on the requirement. This trial period will give your organisation the opportunity to experience the Cloud Telemedicine Software and review the service first hand, with all the benefits and features of the service.

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑