Rescon Technologies


Lincus is a highly configurable integrated digital electronic and personal health record management and communications platform. It is a CE marked Class 1 medical device and achieved 100% on the DSPToolkit.


  • Modular and interoperable service that can integrate with existing systems
  • Observation and clinical notes frameworks including health equalities frameworks
  • Text, video, email and alert logged communications services
  • Multiple user types and highly configurable user interfaces
  • Multilanguage capabilities to allow rapid language conversion
  • Person/patient reported outcomes tools - evidence driven and published
  • IoT device connectivity connecting up to 300 different devices
  • Data aggregation, analytics, visualisation and reporting
  • Person held digital care record used for multiple health populations
  • Personalised educational and supportive digital content provision


  • Improved care delivery efficiency through cross service information sharing
  • Increased insight. Earlier and improved diagnoses, especially in vulnerable populations.
  • Behavioural change of service users and providers. NICE published.
  • Improved communication across services minimising double data entry
  • Video and text logged communications between users and providers
  • Audit including human resource data for CQC and other reviews
  • Connect with multiple devices and services through industry standard APIs
  • Single Sign on functionality across multiple systems (OAUTH2)
  • Deploy expertly reviewed educational content to service users and staff
  • Real time report generation with aggregation, analytics and report engine


£0.50 per person per month

Service documents

G-Cloud 11


Rescon Technologies

Tom Dawson

+44 7540 164 555

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints For optimum performance we require that organisations have up to date and manufacturer wholly supported browsers though can offer functionality for older versions if required.
System requirements
  • Up to date and manufacturer supported browsers
  • Robust internet connectivity for full service
  • Sufficient bandwidth for high quality multichannel video conferencing/consultation

User support

User support
Email or online ticketing support Email or online ticketing
Support response times For our base service:
Within 8 hours (during business hours) for issues classified as high priority
Within 48 hours for issues classified as medium priority
Within 5 working days for issues classified as low priority

For high priority service (available for extra cost) we can respond within 60 minutes 24/7
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Yes, at an extra cost
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing None
Onsite support Yes, at extra cost
Support levels Online training and support materials are provided as standard.

A technical account manager with both technical and service integration experience is provided as standard. The technical account manager has direct support from our development team and senior management.

We provide onsite configuration, training and support workshops ranging from £500 for half day workshops to £2500/day for dual specialist practitioner workshops.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Online training materials are provided as standard including user guides, help documentation, user walkthroughs, video guides and frequently asked questions which are regularly updated and can be easily accessed by users.

Workshops can be tailored to the needs of the organisation and scheduled as required. Engagement, training and follow-up workshops held on site include:
• One-day training
• Train the trainer
• Half-day workshops
• Dual specialist practitioner workshops
• Specialist configuration
• Workshop support
• User surgeries

Users are given access to a training environment on a demonstration site to enable ongoing training and testing of new developments within the organisation.

Ongoing support is provided through phone or email with coverage and response times detailed in the SLA. Remote assistance can be provided dependent on the priority of the support requested.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Our default is to provide the data in .csv format for each data field by formal request though we are happy to work with customers to provide the format best suited to their organisation. Data is delivered in a secure manner agreed by both parties.
End-of-contract process Depending on our role as either data controllers or data processors the costs differ.
As a data controller we provide the Lincus Personal Health Record (PHR) and hub for end users for life at no charge so there are no additional charges at the end of the contract.
If we are the data processor we then charge an additional reasonable fee to extract and deliver the data that depends on the complexity of the contract delivery and number of users.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There are two differences:
1.) The mobile device has the option of downloading the Lincus iOS and Android apps to allow for online and offline working. Our Lincus app is highly ranked on the NHS endorsed ORCHA health and social care review platform.
2.) The mobile browser service utilises a responsive user interface so the content is optimised for the screen size of the mobile device.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing We have completed testing with individuals with multiple and complex needs, visual impairment, hearing impairment and cognitive disabilities. We have tested screen reader technologies. We have tested integration of Amazon Alexa as an assistive adjunct to the platform.
What users can and can't do using the API Users can register; upload survey data, events, measurements, activity, nutrition and profile data. They can download survey configuration and personal data (same as upload). They can automatically sync data from wearables and other IoT enabled devices. Linked advocates with suitable permissions (social care, healthcare and mentors) can download and upload data for their assigned users. Password can be changed. It is possible to connect other services via OAuth and API calls. Users can join organisations.

For this to occur the organisation needs to be set up and assigned a token and access permissions from our team. There are separate access requirements for our test and production environments.
The can sign in, sign out (OAUTH2), pull or push data in standard formats. We utilise JSON restful API services.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The service can be configured/customised at a organisation and personal level. Every user has the ability to customise the service. End users for example have nine difference user interfaces they can use.
These have been codeveloped with multiple difference populations including people: with learning disabilities; at risk of homelessness; with long term conditions; who are pregnant; who are executives, administrators and athletes.
The system has personalised functions that respond to an individuals personal digital profile including the delivery of recommended content which has been expertly reviewed and digitally labelled. This includes content delivery for patients, those who are pregnant, clinicians and carers. There is provision for a content administrator function in the platform so organisation specific review content can be delivered preferentially to staff or service users within that organisation.
We have customisable alerts that can be configured with up to three variables by users, carers/clinicians or administrators, along with resolution criteria at an individual, group or organisation level.
The full extent of customisation is beyond the scope of this question or media. We typically run full day workshops which determine how an organisation would best want the solution configured or further developed for their needs including partner solution integration.


Independence of resources We utilise multiple cloud scaling technologies including elastic and responsive storage and analytics. As we deploy through AWS (or other cloud services as required including UKCloud) there is very little, if any, chance this service will be overwhelmed by demand.
From a service response perspective we have automated online training and support.
Our physical team have multiple roles in the organisation and all have service support training. We utilise <2% of staff time on direct service support leaving plenty of flexibility for upscaling. We have partners who can provide addition support if we meet capacity of direct physical support.


Service usage metrics Yes
Metrics types All digital engagement depending on configuration including login, survey use, event recording, advocate login and access.
All provided at individual and grouped levels.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can export their data via pdf as default. If they wish to extract their data in raw form we provide .csv files on request. Export can also occur if the service commissioned has connectivity through our APIs as part of the service package.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats PDF
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Picture files - PDF, PNG, etc
  • Open formats from wearables and other IoT enable devices

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability This is included with our SLA we guarantee 99.5% uptime and never a break in service of longer than 30 minutes with notice in writing before this occurs.
A refund system for not meeting guaranteed levels of availability can be included within our SLA on request.
Approach to resilience Available on request
Outage reporting Email alerts as standard with other options such as an API or dashboard configurable on request

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication We have multiple ways of authentication depending on the user type and the access needed. Our standard authentication is username and password paired with browser recognition. If the browser is not recognised then verification is required through email linkage. We have developed an OAuth2 authentication service as part of the NHS Diabetes Digital Coach Testbed.
Public keys and dedicated links are used for higher level developer access though we can configure and customise access solutions for any customer.
We are working with the NHS Digital citizen identity team to integrate their combined video, identity and additional documentation verification methods.
Access restrictions in management interfaces and support channels We utilise public key authentication, including by TLS client certification along with username and password.
Once authenticated check user is logged in on every page. Perform strict backend permissions checks, done on a per action basis, for every database request or entry. Log user out automatically after 15 minutes inactivity.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • NHS Digital Information Governance Toolkit Level 3
  • Cyberessentials
  • IASME Consortium

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyberessentials
NHS DSP Toolkit
Information security policies and processes Policies and processes developed in line with NHS Digital Information Governance Toolkit including:

• Information Governance Policy
• Confidentiality Policy
• Service Level Agreement
• Privacy Impact Assessment
• Change Control
• Network Security Policy
• Network Controls
• Information Handling Procedures
• Access Management Policy
• Mobile Computing and Home Working Policies
• System Security Policy
• Incident Reporting Policy
• Business Continuity Plan

Staff complete basic information governance training as part of their induction and ongoing self-directed study. Staff are required to report back on an annual basis with a synopsis of formal and self-directed information governance training.

We have quarterly information security meetings and between staff are required to report any protocol or any breaches to the Information Governance committee made up of:
Tom Dawson, IG lead
Adie Blanchard, Caldicott Guardian
Laura Gilbert, IT security lead
Chris Milner, Senior Information Responsible Officer

We complete regular internal audits and formal wash-ups after any protocol or real data breach.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach The service can be configured by organisations which is often determined through engagement and configuration workshops.

Change management is controlled and requires completion of Change Control and Privacy Impact Assessment documentation as required for all minor and major system changes. All changes must be authorised and follow a four stage system and component release protocol which includes information and clinical governance review. The release implementation is overseen by our release manager.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Employees complete horizon scanning for potential threats which are shared. We employ an independent contractor who specialises in threat discover and system administration patching which are scheduled and deployed after hours as soon as possible, ideally same day, as potential vulnerabilities are discovered.
We employ AppCheck penetration testing services completing penetration testing on all platforms (test, staging, development and production) at least every six months.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Employees complete formal testing on a daily basis for potential compromises. We employ an independent contractor who specialises in protective monitoring and system administration patching which are scheduled and deployed after hours as soon as possible, ideally same day, as potential compromises are discovered.
We respond to incidences according to our incident policy which involves contacting all stakeholders impacted including the data owner and information commissioners office (ICO). All compromises are logged and uploaded to the NHS Digital Information Governance Toolkit.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incident management and reporting policies in line with NHS Digital Information Governance Toolkit requirements. All incidents (actual or suspected) that may breach security, confidentiality of personal information or clinician/information governance must be reported to the Incident Manager who logs, investigates and documents the incident and provides feedback and actions required. Incidents identified as level 2 SIRI (serious incident requiring investigation) are reported to the Information Commissioners Office (ICO) and other boards such as the Department of Health. All incidents below level 2 SIRI are logged and investigated in house.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Health and Social Care Network (HSCN)


Price £0.50 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial We offer demonstration accounts. We are unable to offer free live accounts due to the requirements to have legal contracts in place between ourselves and the buyer.
Link to free trial

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑