Panacea by knok healthcare, an integrated care video platform (video consultation, telemedicine)

Healthcare for Everyone, Everywhere.

Knok is a global leader in Telehealth software. We partner with leading Hospitals, Healthcare organisations and Insurers to improve every aspect of patient care by delivering Panacea, a user-friendly platform for doctors and patients.


  • Works in any internet connected device with a modern web-browser
  • Simple and effective User Experience
  • Customise the User Interface with your brand image
  • Patient can join a video appointment in 2 clicks
  • Patients and Health Clinicians can share files securely
  • HIPAA and GDPR compliant
  • Secure login with 2-Factor Authentication
  • Measure your Patients NPS score


  • Unlimited time video consultations
  • Your patients don’t need to download any App
  • Allow your Doctors to work remotely from any location
  • Expand your geographical area reach
  • Eliminate your patients travel time to the consultation
  • Continuously engage with your Patients, even if they are travelling
  • Tailor made training for your Medical and Administrative staff
  • Integrates with existing Management Software via APIs


£0.30 a person a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

8 2 8 2 8 8 1 0 9 1 6 1 8 7 4


Telephone: +351936075702

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Users require a supported web browser and minimum specification devices:
- Laptop/smartphone with microphone and camera
- Web browser that supports WebRTC technology
System requirements
  • Desktop or smartphone with internet access, camera and microphone
  • Google Chrome web browser version 77+
  • Safari web browser 12.2+
  • Microsoft Edge web browser (18+ on Windows / 79 OSX)
  • Firefox web browser 69+

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times are less than 1 hour
User can manage status and priority of support tickets
Phone support
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat available via web browser on the video consultation window.
Web chat accessibility testing
Clinical user testing
Onsite support
Yes, at extra cost
Support levels
Email support:
Response time within 1 hour

Online real time support for doctors and admin staff:
Real-time chat support directly accessible via web

Dedicated Customer Success:
Continuously point of contact to ensure the successful implementation of the system and compliance with best practices for video consultations
Support available to third parties

Onboarding and offboarding

Getting started
Online training and user manuals (doctors and administrative staff)

Videos explaining how the platform works.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data owned by the client can be extracted into a file format as agreed with knok healthcare according to GDPR compliant processes.
End-of-contract process
All data will be transfered to the clients' preferred systems in a GDPR compliant manner.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Same functionality. Changes in layout due to the screen constraints.
Service interface
Description of service interface
Administration online platform - Panacea Managers. Custom access levels to view and/or edit doctor, patient and consultation information.
Accessibility standards
None or don’t know
Description of accessibility
A formal accessibility assessment has not been conducted on the most recent version of the back-office site. It employs components that have accessibility support as outline in 9.2: Web content requirements.
Accessibility testing
Clinical patients in GP video consultations
What users can and can't do using the API
Client can access via API all functionalities available in Panacea . The only exclusion is the video technology which must be implemented by the client via an SDK (under development).

Main resources:
- doctors
- patients
- appointments (includes scheduling)
- electronic health record
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
White-label: Brand the user interface with custom logo and colours.
Communications: Personalise Email and SMS sender information.
Tone of voice: Email notifications templates


Independence of resources
Auto-scaling mechanisms based on resource utilization.

Video consultation streaming is Peer to Peer and does not add load to central resources.

Continuous monitoring and alerting system.


Service usage metrics
Metrics types
All metrics related to:
- appointments
- patients
- doctors
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Data can be exported via CSV and Excel files. Alternatively we provide it in JSON format when accessed via API.
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.5% +
Approach to resilience
Knok's cloud provider has extensive resilience and disaster recovery procedures.

Auto-scaling and high-availability features enabled to ensure horizontal scaling and redundancy.

More information is available on request.
Outage reporting
Error messages available in real-time for the users.
Email alerts.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
All access points have enforced 2 factor authentication.

User roles that guarantee different access levels to the system.

Direct access to support the databases and infrastructure is limited to a very small team who have been issued a named account and connect in directly to the datacentres using two-factor authentication. All the actions performed are audited.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Security Governance is the responsibility of the CTO. It is implemented in all development and operational processes.

Regular Security Audits are conducted across Development and Operations functions, and the hosted Service Interface.
Information security policies and processes
A comprehensive set of policies covering implementation and management controls across the following aspects.
- Access and Authorisation Control
- Network and Data Encryption
- Network Ingress/Egress
- Centralised Event Logging and Alerting
- Systems Hardening
- Data Protection and Retention
- Intrusion Protection/Detection
- Malware and Virus Protection
- Patch Management
- Vulnerability Assessment
- Incident Management
- Solution and Systems Development

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Development lifecycle takes into account:
- code review processes that require unit and integration tests to be included
- Continuous integration (with regression testing taken into account)
- Continuous deployment
- QA process
- Continuous monitoring of application and system logs with alert system
- System to manage issues that includes technical manager evaluation regarding security, functionality relevance and backup plan
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential threats detection:
- Integrated in the development lifecycle
- Automated tool that detects vulnerabilities both on the code to be deployed and on dependent libraries
- Regular penetration tests performed by specialised security team

Patch deployment:
- Security vulnerabilities detected are prioritised according to degrees of severity (low, medium, high, very high). Both high and very high are given maximum priority in the development lifecyle which means they will be deployed on the next release.

Information regarding potential threats gathered from automated script (checks public CVE archives) and client reported vulnerabilities.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises detection system:
Continuous monitoring software that detects patterns of user suspected activity via access and error logs
- Alerts sent via email and SMS to security manager that initiates investigation
- Security incidents are rated according to severity.
- Development team deployed when incident if incident is rated high
Incident management type
Supplier-defined controls
Incident management approach
- User reported incidents via our support team
- Continuous monitoring system with alerts for user suspected activity
- Identification of potential threat with a development team being deployed to investigate
- Audit, access and error logs available to help on the investigation
- While being investigated, the client will be informed of an incident under investigation
- Development fixes cause of incident
- CTO reviews incident report and shares it with the client
- Incident report added to knowledge base and CTO implements new security controls if required (staff or infrastructure)

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£0.30 a person a year
Discount for educational organisations
Free trial available
Description of free trial
3 months access to all features

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.