Electronic Patient Record System

Helastel's Electronic Patient Record System is a secure, centralised, cloud-based system, compliant with NHS information governance standards and integrated with data sources and applications. The resulting patient information is the single, trusted, unified record, continually synchronised in real-time and available via mobile or desktop devices.


  • Complies with NHS Information Governance (IG) standards
  • Access from fixed or mobile devices
  • Medical Device integration
  • Configurable graphical user interface
  • Off-line synchronisation
  • Data transformation
  • Data validation
  • Reporting


  • Enables Paperless 2020 and Integrated Care Systems
  • Creates single trusted record from multiple systems
  • Patient access their own medical information while protecting privacy
  • Accessible by clinicians and patients in home or care settings
  • Visibility and Accountability through the audit trail
  • Flexibility for future development


£10000 per instance per year

Service documents


G-Cloud 11

Service ID

7 9 0 6 5 5 9 9 7 1 2 3 9 9 9



Rob Fox



Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Typically, constraints are limited to the use of approved browsers. If there are any additional constraints as a result of the client's particular configuration or requirements, these will be fully documented as part of the contractual process.
System requirements
Browser: IE10+, Chrome, Edge or Firefox

User support

Email or online ticketing support
Email or online ticketing
Support response times
Depending on service level agreement chosen, minimum response time: 15 minutes.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat is available via our online in-house support system, Intelastel.
Web chat accessibility testing
All of our accessibility testing is done in-house and by individuals who are utilising accessibility tools defined by our clients.
Onsite support
Yes, at extra cost
Support levels
Helastel bespoke support packages to customer requirements. However, typically Helastel will respond to critical issues within one hour and non-critical issues within one business day.

Support costs will be agreed as part of the contract between Helastel and the client.

Support is provided via telephone or email to the helpdesk portal. On site support is available at extra cost and Helastel provide a named Service Delivery Manager (SDM) for all customers where a Service Level Agreement is in place. The SDM will be responsible for providing regular reporting and feedback to customers on service delivery, ongoing issues and performance against SLA's.
Support available to third parties

Onboarding and offboarding

Getting started
Helastel can provide onsite training or online training depending upon the client's requirements, Documentation is not normally provided unless agreed as part of the contract negotiations.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Multiple formats available for export; Helastel will export data in a format specified by the client, for example CSV. To manage change control, SQL files can be provided and version control applied. Helastel will work with the client to agree a convenient schedule for export of files.
End-of-contract process
Helastel systems are capable of a complete export of all data and associated information in open formats to allow portability to other systems.

Multiple formats available for export; Helastel will export data in a format specified by the client, for example CSV. To manage change control, SQL files can be provided and version control applied. Helastel will work with the client to agree a convenient schedule for export of files.

Helastel offers options for end-of-contract support; these and their associated costs will normally be agreed between Helastel and the client as part of the contract negotiations.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
In general, there are no functional differences between mobile and desktop services. However, in some cases functionality might vary depending upon the configuration of the system.
Service interface
Description of service interface
Each customer has a customised web-based interface that allows for:
- Interface for general system
- Customer portals
- System administration
- Role-based service interfaces
- Internal interface
- Service Interface
- Inbound/outbound services
- Communications forum

It also offers a comprehensive API for integration into other systems.
Accessibility standards
None or don’t know
Description of accessibility
We have experience developing across key WCAG requirements such as:
- Navigation by keyboard
- Screen reader compatibility
- Clarity of information presentation
- Options for text contrast and scaling
- Clearly defined personas to ensure proper representation of users when defining acceptance criteria
- Well thought out UX
Accessibility testing
- Screen reader / keyboard navigation
- User Acceptance Testing with wide demographic user groups (age / IT literacy)
What users can and can't do using the API
The system API supports all functions of the full web application.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
In general, authorised system administrators may customise the service by editing, granting or removing user access permissions. Other service customisations may be allowed, but these would be agreed and implemented as part of a set of specific requirements for a particular client or deployment


Independence of resources
Helastel uses dedicated server(s) per client


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Helastel systems enable users to export their data using CSV, TSV, XLS, XLSX and ODF formats.
Data export formats
Other data export formats
  • CSV
  • TSV
  • XLS
  • XLSX
  • ODF
Data import formats
Other data import formats
  • CSV
  • TSV
  • XLS
  • XLSX
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Helastel's service level agreement is 99.9% of uptime. We will respond to critical hosting issues within one hour and to non critical issues within one business day.
Approach to resilience
Helastel hosting services are supported from a Tier 3 and Tier 2+ datacentres, certified to ISO 27001 and operates virtualised platforms. The datacentre provides full Business Continuity, back-up and data security. There is N+1 redundancy on power and data connections. The datacentres are based within the UK; all data are stored within the UK and fall within UKL data protection legislation.
Outage reporting
All outages are reported via email alerts.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Restrictions are managed through user permissions and user and/or administration roles and privileges
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Approachable Certification
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Helastel are accredited for the provision of a software consultancy including design, engineering, infrastructure and support services.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • Cyber Essentials
  • Information Governance (IG) Level 2

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Information Governance (IG) Level 2
Information security policies and processes
Helastel follows its internal Information Security Policy, Information Security Incident Management Procedure, Information Security Management Report and Information Governance Policy. Helastel complies with the NHS Information Governance (IG) standard. All of Helastel's internal information security policies are accredited to ISO 27001 and 9001 accreditation. All incidents and issues are reported to Helastel's Information Governance Lead.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Helastel uses source control with revision history. All changes are fully tested and verified before before deployment to a live environment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Helastel uses a combination of Information Governance compliance, external penetration testing, best-practice design, best-practice configuration, validation, use of up-to-date components and thorough testing to ensure that its systems are not vulnerable to the OWASP top ten.The time taken to deploy patches where vulnerabilities are detected depends on the type and severity. For example, potential loss of sensitive data would be a priority issue and would receive immediate attention; where there was a minor issue with very little chance of a system being compromised, the fix might wait until the nest software release.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Helastel employs active monitoring of the system and identifies any suspicious behaviour outside normal usage. Such threats are investigated immediately and responded to within the timeframes stipulated within the Service Level Agreement.
Incident management type
Supplier-defined controls
Incident management approach
Helastel's Information Security Incident Management Procedure defines what may constitute an incident, how it is to be reported and actions to be taken. Broadly, all incidents and security breaches are forwarded to the Information Governance (IG) Lead, who logs the incident on Helastel’s risk register, investigates and documents the incident using the Information Security Incident Report, and provides feedback. All incidents are monitored to identify recurring or high-impact incidents. Helastel requires that information security incidents are reported as soon as possible. All security incidents are prioritised by the IG Lead in order of seriousness.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)


£10000 per instance per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑