Rescon Technologies


Lincus is a highly configurable integrated digital electronic and personal health record management and communications platform. It is a CE marked Class 1 medical device and achieved 100% on the DSPToolkit.


  • Modular and interoperable service that can integrate with existing systems
  • Observation and clinical notes frameworks including health equalities frameworks
  • Text, video, email and alert logged communications services
  • Multiple user types and highly configurable user interfaces
  • Multilanguage capabilities to allow rapid language conversion
  • Person/patient reported outcomes tools - evidence driven and published
  • IoT device connectivity connecting up to 300 different devices
  • Data aggregation, analytics, visualisation and reporting
  • Person held digital care record used for multiple health populations
  • Personalised educational and supportive digital content provision


  • Improved care delivery efficiency through cross service information sharing
  • Increased insight. Earlier and improved diagnoses, especially in vulnerable populations.
  • Behavioural change of service users and providers. NICE published.
  • Improved communication across services minimising double data entry
  • Video and text logged communications between users and providers
  • Audit including human resource data for CQC and other reviews
  • Connect with multiple devices and services through industry standard APIs
  • Single Sign on functionality across multiple systems (OAUTH2)
  • Deploy expertly reviewed educational content to service users and staff
  • Real time report generation with aggregation, analytics and report engine


£0.50 per person per month

Service documents


G-Cloud 11

Service ID

7 9 1 0 5 1 6 9 4 3 8 2 5 6 0


Rescon Technologies

Richard Leighton


Service scope

Software add-on or extension
Cloud deployment model
Hybrid cloud
Service constraints
For optimum performance we require that organisations have up to date and manufacturer wholly supported browsers though can offer functionality for older versions if required.
System requirements
  • Up to date and manufacturer supported browsers
  • Robust internet connectivity for full service
  • Sufficient bandwidth for high quality multichannel video conferencing/consultation

User support

Email or online ticketing support
Email or online ticketing
Support response times
For our base service:
Within 8 hours (during business hours) for issues classified as high priority
Within 48 hours for issues classified as medium priority
Within 5 working days for issues classified as low priority

For high priority service (available for extra cost) we can respond within 60 minutes 24/7
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Onsite support
Yes, at extra cost
Support levels
Online training and support materials are provided as standard.

A technical account manager with both technical and service integration experience is provided as standard. The technical account manager has direct support from our development team and senior management.

We provide onsite configuration, training and support workshops ranging from £500 for half day workshops to £2500/day for dual specialist practitioner workshops.
Support available to third parties

Onboarding and offboarding

Getting started
Online training materials are provided as standard including user guides, help documentation, user walkthroughs, video guides and frequently asked questions which are regularly updated and can be easily accessed by users.

Workshops can be tailored to the needs of the organisation and scheduled as required. Engagement, training and follow-up workshops held on site include:
• One-day training
• Train the trainer
• Half-day workshops
• Dual specialist practitioner workshops
• Specialist configuration
• Workshop support
• User surgeries

Users are given access to a training environment on a demonstration site to enable ongoing training and testing of new developments within the organisation.

Ongoing support is provided through phone or email with coverage and response times detailed in the SLA. Remote assistance can be provided dependent on the priority of the support requested.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Our default is to provide the data in .csv format for each data field by formal request though we are happy to work with customers to provide the format best suited to their organisation. Data is delivered in a secure manner agreed by both parties.
End-of-contract process
Depending on our role as either data controllers or data processors the costs differ.
As a data controller we provide the Lincus Personal Health Record (PHR) and hub for end users for life at no charge so there are no additional charges at the end of the contract.
If we are the data processor we then charge an additional reasonable fee to extract and deliver the data that depends on the complexity of the contract delivery and number of users.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
There are two differences:
1.) The mobile device has the option of downloading the Lincus iOS and Android apps to allow for online and offline working. Our Lincus app is highly ranked on the NHS endorsed ORCHA health and social care review platform.
2.) The mobile browser service utilises a responsive user interface so the content is optimised for the screen size of the mobile device.
Service interface
Description of service interface
We have multiple interfaces for interaction with the service for end-users, care professionals, administrators and technologists. The end-user and care professional interfaces are highly configurable.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We have completed testing with individuals with multiple and complex needs, visual impairment, hearing impairment and cognitive disabilities. We have tested screen reader technologies. We have tested integration of Amazon Alexa as an assistive adjunct to the platform.
What users can and can't do using the API
Users can register; upload survey data, events, measurements, activity, nutrition and profile data. They can download survey configuration and personal data (same as upload). They can automatically sync data from wearables and other IoT enabled devices. Linked advocates with suitable permissions (social care, healthcare and mentors) can download and upload data for their assigned users. Password can be changed. It is possible to connect other services via OAuth and API calls. Users can join organisations.

For this to occur the organisation needs to be set up and assigned a token and access permissions from our team. There are separate access requirements for our test and production environments.
The can sign in, sign out (OAUTH2), pull or push data in standard formats. We utilise JSON restful API services.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
The service can be configured/customised at a organisation and personal level. Every user has the ability to customise the service. End users for example have nine difference user interfaces they can use.
These have been codeveloped with multiple difference populations including people: with learning disabilities; at risk of homelessness; with long term conditions; who are pregnant; who are executives, administrators and athletes.
The system has personalised functions that respond to an individuals personal digital profile including the delivery of recommended content which has been expertly reviewed and digitally labelled. This includes content delivery for patients, those who are pregnant, clinicians and carers. There is provision for a content administrator function in the platform so organisation specific review content can be delivered preferentially to staff or service users within that organisation.
We have customisable alerts that can be configured with up to three variables by users, carers/clinicians or administrators, along with resolution criteria at an individual, group or organisation level.
The full extent of customisation is beyond the scope of this question or media. We typically run full day workshops which determine how an organisation would best want the solution configured or further developed for their needs including partner solution integration.


Independence of resources
We utilise multiple cloud scaling technologies including elastic and responsive storage and analytics. As we deploy through AWS (or other cloud services as required including UKCloud) there is very little, if any, chance this service will be overwhelmed by demand.
From a service response perspective we have automated online training and support.
Our physical team have multiple roles in the organisation and all have service support training. We utilise <2% of staff time on direct service support leaving plenty of flexibility for upscaling. We have partners who can provide addition support if we meet capacity of direct physical support.


Service usage metrics
Metrics types
All digital engagement depending on configuration including login, survey use, event recording, advocate login and access.
All provided at individual and grouped levels.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export their data via pdf as default. If they wish to extract their data in raw form we provide .csv files on request. Export can also occur if the service commissioned has connectivity through our APIs as part of the service package.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Picture files - PDF, PNG, etc
  • Open formats from wearables and other IoT enable devices

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
This is included with our SLA we guarantee 99.5% uptime and never a break in service of longer than 30 minutes with notice in writing before this occurs.
A refund system for not meeting guaranteed levels of availability can be included within our SLA on request.
Approach to resilience
Available on request
Outage reporting
Email alerts as standard with other options such as an API or dashboard configurable on request

Identity and authentication

User authentication needed
User authentication
  • Username or password
  • Other
Other user authentication
We have multiple ways of authentication depending on the user type and the access needed. Our standard authentication is username and password paired with browser recognition. If the browser is not recognised then verification is required through email linkage. We have developed an OAuth2 authentication service as part of the NHS Diabetes Digital Coach Testbed.
Public keys and dedicated links are used for higher level developer access though we can configure and customise access solutions for any customer.
We are working with the NHS Digital citizen identity team to integrate their combined video, identity and additional documentation verification methods.
Access restrictions in management interfaces and support channels
We utilise public key authentication, including by TLS client certification along with username and password.
Once authenticated check user is logged in on every page. Perform strict backend permissions checks, done on a per action basis, for every database request or entry. Log user out automatically after 15 minutes inactivity.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • NHS Digital Information Governance Toolkit Level 3
  • Cyberessentials
  • IASME Consortium

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
NHS DSP Toolkit
Information security policies and processes
Policies and processes developed in line with NHS Digital Information Governance Toolkit including:

• Information Governance Policy
• Confidentiality Policy
• Service Level Agreement
• Privacy Impact Assessment
• Change Control
• Network Security Policy
• Network Controls
• Information Handling Procedures
• Access Management Policy
• Mobile Computing and Home Working Policies
• System Security Policy
• Incident Reporting Policy
• Business Continuity Plan

Staff complete basic information governance training as part of their induction and ongoing self-directed study. Staff are required to report back on an annual basis with a synopsis of formal and self-directed information governance training.

We have quarterly information security meetings and between staff are required to report any protocol or any breaches to the Information Governance committee made up of:
Tom Dawson, IG lead
Adie Blanchard, Caldicott Guardian
Laura Gilbert, IT security lead
Chris Milner, Senior Information Responsible Officer

We complete regular internal audits and formal wash-ups after any protocol or real data breach.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
The service can be configured by organisations which is often determined through engagement and configuration workshops.

Change management is controlled and requires completion of Change Control and Privacy Impact Assessment documentation as required for all minor and major system changes. All changes must be authorised and follow a four stage system and component release protocol which includes information and clinical governance review. The release implementation is overseen by our release manager.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Employees complete horizon scanning for potential threats which are shared. We employ an independent contractor who specialises in threat discover and system administration patching which are scheduled and deployed after hours as soon as possible, ideally same day, as potential vulnerabilities are discovered.
We employ AppCheck penetration testing services completing penetration testing on all platforms (test, staging, development and production) at least every six months.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Employees complete formal testing on a daily basis for potential compromises. We employ an independent contractor who specialises in protective monitoring and system administration patching which are scheduled and deployed after hours as soon as possible, ideally same day, as potential compromises are discovered.
We respond to incidences according to our incident policy which involves contacting all stakeholders impacted including the data owner and information commissioners office (ICO). All compromises are logged and uploaded to the NHS Digital Information Governance Toolkit.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incident management and reporting policies in line with NHS Digital Information Governance Toolkit requirements. All incidents (actual or suspected) that may breach security, confidentiality of personal information or clinician/information governance must be reported to the Incident Manager who logs, investigates and documents the incident and provides feedback and actions required. Incidents identified as level 2 SIRI (serious incident requiring investigation) are reported to the Information Commissioners Office (ICO) and other boards such as the Department of Health. All incidents below level 2 SIRI are logged and investigated in house.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
Health and Social Care Network (HSCN)


£0.50 per person per month
Discount for educational organisations
Free trial available
Description of free trial
We offer demonstration accounts. We are unable to offer free live accounts due to the requirements to have legal contracts in place between ourselves and the buyer.
Link to free trial

Service documents

Return to top ↑