Epro EDM offers full interoperability as part of the Epro family removing the cost of interface-development for a solution that facilitates a paperless/light NHS, enabling hospitals to: scan, index, and archive existing paper records. Epro's interface is secure, browser-based and can be used on any mobile-device.
- Document scanning support
- Epers - Epro paper forms
- Epro scan tool for mobiles
- Text content indexing
- Optical character recognition
- Save money on printing, storage and administration of paper records
- Reduce risk on errors with accessible, legible and accurate information
- Greater access to information improves clinical decision making
- Increase staff satisfaction by reducing stress
£1 to £100 per user per month
0117 379 0066
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||
Epro Scrik - Digital Dictation/Speech Recognition.
Epro Clinik - Clinical Workflow including: lab results, drawing, noting.
Epro Systemik - Reports, templates, including SSRS and templates editor
Epro Tablik - Layered clinical modules connecting and displaying patient information, enhancing workflows, increasing patient safety
ePMA - Including dm+d and allergies integration
|Cloud deployment model||Private cloud|
|Service constraints||There are no constraints associated with the services. However we would draw attention to the "Support Levels" section for our Helpdesk support opening days and times.|
|System requirements||Glass Client|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Epro will respond via the customer care portal to contact the customer within the following times of an incident being reported to the Supplier Helpdesk. For P1 issues, additional contact to the person logging the issue, and/or a named system administrator shall be made via phone or email.
P1 - 30 mins during core hours
Major - 3 working hours
Routine - Within one working day
Minor - 5 working days
Support is not provided during weekends unless an Out of hours support contract has been agreed.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Epro will provide support services via the customer portal, email or telephone for: routine operational maintenance and outage/change; notifications, enhancement requests, non-critical technical/functional enquiries, support contract enquiries, third line support.
Epro provides a technical account manager for each implementation and two comprehensive support packages are offered:
(1) 8am - 5.30pm Monday to Friday support which is priced at 20% of licence fee, or (2) 24/7 support, which is priced at £200 per hour, when used, plus a 20% uplift on standard support costs.
|Support available to third parties||No|
Onboarding and offboarding
|Getting started||Online and on-site training and documentation is provided. Epro provide full project management presence in form of a Prince II-qualified project manager, product specialist and project team throughout the implementation to the point of Pilot close. We recommend the Trust provide at least one FTE project management / change management resource. We provide a wide variety of training which includes: on-site training, web training, eLearning, train the trainer as well as continuous refresher courses, walkthrough documents, video help and online material, which is accessible on epro.com. In our training sessions, we aim to focus on: the transfer of skills, knowledge and capabilities that enable the Trust to perform as much in-house training as possible. Our regular training approach is therefore centred on internal Trust trainers and super users with regular staff being trained during the pilot and rollout period by in house trainers. It is expected that the Trust will deliver all training to new standard users via its own IT Trainers, who will have been trained by the supplier. Supplier training staff may observe training sessions at the start to support the Trust’s IT trainers and enhance supplier awareness of issues which users find difficult.|
|Other documentation formats||
|End-of-contract data extraction||This is all dependent on the integrations required and requesting throughout the project. In some cases, the TIE (Trust Integration Engine) or Trust Portal may receive copies of the documentation from day one. All data stored within Epro is retained in perpetuity with the exception of 1. Copies of inbound HL7 messages – culled after 1 year 2. PowerSearch access audit data – culled after 6 months 3. Dictation voice files – culled after 1 year only if transcribed. The reason for culling these two has been to maintain reasonable database size and performance. To date this has been the only data it has been necessary to cull. The data can be moved to a separate archive database if this is the preference of the trust. We have had discussions with trusts in the past regarding destruction / archiving of data, but none has been able to reach agreement as to how to interpret the guidelines on health record destruction. This guidance offers a range of periods ranging from 7 – 20+ years depending on circumstances. We are happy to re-open discussions at implementing this functionality should consensus on guideline implementation emerge (from within one or multiple trusts).|
Subject to further discussion, we can deliver a service credit regime agreement with regular review meetings to assess performance against SLAs as agreed above.
At the end of the contract, Epro will work with the Trust and new supplier to ensure a seamless and timely handover and integration of the service. We recognise the importance of our systems and will ensure patient safety and clinical experience is always at the forefront of everything we do.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
The mobile service enables a better user interface that adapts to the screen size, position and layout to enable a better view, scrolling down list view to the desktop version. Overall, this automatic resizing provides for an enhanced user experience when using the mobile application. The functionality is identical between mobile and desktop devices.
Epro also supports s a mobile offline working application, which allows the user to dictate patient correspondence whilst not connected to the Trust server and the letters with synchronise with the patient record once the user connects back onto the Trust network.
|What users can and can't do using the API||
As part of the Epro deployment, an API user will usually be created, with a windows username like ‘eproapiuser’ or a custom NT login name provided by the Trust. This user will have access to call Epro’s API services, but the user will not be able to log into the Epro application interactively.
Epro supports sending and receiving Discharge Summaries and letters in this fashion. The standard for the CDA messages which Epro supports and is fully compliant with ITK 2.0.1, and you can access all the documentation for ITK via. TRUD. We offer a SOAP web service implementation for two of the ITK correspondence bundles (Non-Coded CDA and Discharge).
Generally, Epro’s API services must be called by an authenticated user. Integrated Windows authentication is the preferred method, although basic/anonymous authentication may also be possible in some circumstances.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
Epro is a modular clinical IT solution, with over 30 separate clinical modules. Clients can procure one or many of these modules depending on their exact clinical estate requirements and Epro will seamlessly integrate these modules using the appropriate messaging standards.
Various features and core data sets can be customised to local standards and processes and this granular level of customisation is maintained by local administrators.
In addition, custom functionality can be developed on a bespoke basis, but there would be additional costs for this.
|Independence of resources||
Epro has increased it's user base in the last 12 months by over 10,000 users. We have a customer guarantee and SLA that protects existing and new accounts which enables scaling at pace.
Performance is reported on and balanced to ensure system performance is at its best.
|Service usage metrics||Yes|
|Metrics types||We provide a variety of reports dependent on the solution, usually around: performance, user activity, tasks etc.|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||Physical access control, complying with CSA CCM v3.0|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Epro does not have any front-end accessible export tools, but we can provide customised data export facilities on request. Data is held in SQL format and this is accessible directly by customer IT teams where that is held on their own servers, although we do not recommend this.|
|Data export formats||
|Other data export formats||SQL|
|Data import formats||
|Other data import formats||SQL views (preferred)|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||Epro doesn't have a standard SLA governing uptime but we are happy to come to a separate arrangement with buyers on this where required.|
|Approach to resilience||
The service provider commits to a Service Level Agreement (SLA)
Contractual commitments or Service Level Agreements (SLAs) are used by the service provider to make commitments about the level of service availability.
(Full system architecture is commercially sensitive but documentation is available on request)
|Outage reporting||Any unplanned outages are communicated via Email and Support Portal alerts to nominated contacts.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Some interfaces are restricted to mangers or other agreed personnel with the right permissions for example the JIRA system. The support channel is usually restricted to users / stakeholders who are given access. Direct number and emails are also available.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Information security policies and processes||
All patient information may be exported for Subject Access Requests. Patient information may be corrected if inaccurate.
We believe Epro’s security design to form an appropriate balance between restriction of information and appropriate information availability. We continue to advise trusts against such practices as the sharing of passwords, setting up of shared logins and not using ‘Go to’ accounts for locums etc.
No Epro data is housed or processed outside the EU.
Epro is compliant with the HSCIC IGT. We have completed and published the NHS IGT ( Assessment Ref ASS/232116) assessment 14.1 (2017-2018) with a final score of 91% and level three on 12 out of 16 requirements and level 2 in the remaining 4 requirements.
Epro maintains an active safety culture fully compliant with ISB 0129 and publishes a formal Safety Case document.
Further information is available on our customer portal at safety.epro.com, including online access to hazard logs and incident logs.
In the interests of transparency, incident reports are shared between all customers. An illustration of a partial extract of the incident log is attached in the supporting documents section
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Epro maintains a number of testing and staging environments which code is stringently tested before being deployed.
New deployments are accompanied by release notes which are distributed to clients registered at the levels appropriate to the individual trust.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Epro undertakes regular Pen Testing, if threats are identified patches are deployed immediately once a fix is found and tested.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Epro is able to identity compromises with ease. The system is logged and can be analysed.
Epro responds by taking a clone of the machine and then isolates to minimise impact in the service.
Response times are defined as ASAP
|Incident management type||Supplier-defined controls|
|Incident management approach||
Users can report incidents by submitting: emails, JIRA tickets and calls.
We have a full technical support help desk which tickets are created and manged on severity in line with our SLAs.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£1 to £100 per user per month|
|Discount for educational organisations||No|
|Free trial available||No|