BridgeHead Software Limited

BridgeHead HealthStore® Independent Clinical Archive (ICA)

Looking to retire/replace legacy clinical or business applications? Or implement a Vendor Neutral Archive (VNA) for medical image management? Or offer your clinicians a 360-degree patient view directly through your EPR? BridgeHead’s HealthStore® Independent Clinical Archive (ICA) helps hospitals to extract, consolidate, store, protect and share patient and administrative information.

Features

  • Single, standards-based repository for ALL clinical and non-clinical data
  • Supports healthcare data standards: DICOM, HL7, XDS; and unstructured data
  • Integrates with EPRs, clinical portals and integration engines
  • Full featured vendor neutral archive (VNA) and viewing capabilities
  • Extracts and ingests data from legacy/replaced applications
  • Content can be accessed by the original or other applications
  • Supports distributed architectures: multi-tenant, multi-domain and multi-site
  • Full meta-data (e.g. demographic updates, IOCM) and Information Lifecycle Management
  • Flexible deployment options: Cloud, hybrid or on-premise
  • Provides full auditing & reporting for governance & compliance

Benefits

  • Consolidates, stores and protects ALL of your healthcare data
  • Provides clinicians a 360-degree patient view and powers MDT collaboration
  • Reduced clinical workflow with 'in-context' patient history via the EPR
  • Enables decommissioning of legacy applications saving cost and improving security
  • Removes departmental/application silos and enables digital transformation initiatives
  • Improves patient data quality by enforcing open healthcare data standards
  • Simplifies future application & storage migrations with minimal disruption
  • Removes the burden of analytics/secondary use from primary applications
  • Excellent delivery track record with referenceable NHS customers
  • British company with global presence and over 1,200+ healthcare customers

Pricing

£3094 per unit per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

8 3 7 9 2 4 3 5 5 1 5 4 6 3 4

Contact

BridgeHead Software Limited

Tony Tomkys

01372 221950

tony.tomkys@bridgeheadsoftware.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
None
System requirements
  • Responsible for internal equipment
  • Responsible for the network connectivity to the cloud

User support

Email or online ticketing support
Email or online ticketing
Support response times
Depending on the severity of the support issue, we aim to respond to questions within one hour for severity 1 issues, to within 8 hours for severity 4 issues. BridgeHead's Technical Support Service is available 24 hours per day, 7 days per week.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
BridgeHead Software has a global, dedicated team of technical support and engineering specialists who provide the highest quality support to our customers. Our objective is to provide your healthcare organization with the expertise and support you need to ensure you are receiving the maximum benefit from your investment in our software and to help you consolidate, store, protect and share your clinical and non-clinical data. BridgeHead offers three levels of support geared towards the needs of our healthcare customers: Standard Support (8x5); Premium Support (24x7); Platinum Support (24x7 with HDM Managed Service). Support services are delivered via a multi-point support structure and can be tailored to meet the needs of our customers. Technical Account Managers (TAM) – Perform proactive technical outreach to our customers to gain a better understanding of your overall environment and future objectives. Technical Support Engineers (TSE) – Ensure the timely resolution of any difficulties, problems or challenges you encounter in the installation or use of our solutions. BridgeHead TSEs provide a comprehensive knowledge of the BridgeHead suite of products. The TSE also brings best practice and a wealth of knowledge in the utilization and how these products best perform in your technical environment.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
BridgeHead’s HealthStore is delivered through BridgeHead’s Project Teams. Our installation services focus on system design, setup and configuration. Through initial scoping and project discovery activities, our staff work with our customers to determine the most effective and efficient configuration of HealthStore to meet the project objectives.

Our experience has shown that where training is included early in the project lifecycle, the customer can play a more informed and active role in the design phase of the implementation. It also reduces the amount of knowledge transfer that is required, meaning that the customer gets more value from BridgeHead’s Professional Services.

BridgeHead offers a variety of training and education programs to ensure you are realising the full value of your HealthStore investment. Our training is built to develop your skills while enabling you to meet your objectives in deploying HealthStore, e.g. designing a strategy for sharing patient data.
BridgeHead provides a number of formats and styles to meet your needs:
Traditional Classroom
Instructor-led eLearning
Self-paced Learning.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
BridgeHead is a passionate supporter of open standards and believes this is the underlying mechanism to avoid ‘vendor lock-in’ – and this includes BridgeHead’s HealthStore. In case a customer may no longer wish to use the product, as part of our contract’s standard ‘exit provisions’, BridgeHead would provide support to a 3rd party, such as another VNA/ICA vendor, to assist in migrating the data out of HealthStore. As HealthStore is standards-based, and ingests content in its native format, BridgeHead is able to offer that data back in its native format. As the content has not been tampered with or obscured in any way, it can be easily migrated out of HealthStore, if needed.
End-of-contract process
BridgeHead is a passionate supporter of open standards and believes this is the underlying mechanism to avoid ‘vendor lock-in’ – and this includes BridgeHead’s HealthStore. In case a customer may no longer wish to use the product, as part of our contract’s standard ‘exit provisions’, BridgeHead would provide support to a 3rd party, such as another VNA/ICA vendor, to assist in migrating the data out of HealthStore. As HealthStore is standards-based, and ingests content in its native format, BridgeHead is able to offer that data back in its native format. As the content has not been tampered with or obscured in any way, it can be easily migrated out of HealthStore, if needed.

Alternatively, if a customer chooses to continue with the BridgeHead solution, then a contract extension will be available subject to the T&Cs of the G Cloud Framework.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • Windows
  • Windows Phone
Designed for use on mobile devices
No
Service interface
No
API
No
Customisation available
No

Scaling

Independence of resources
The solution will be hosted in an elastic scalable private cloud that will ensure minimum levels of performance and response times (agreed in the SLAs)

Analytics

Service usage metrics
Yes
Metrics types
BridgeHead provide analytics and metrics for the underlying cloud platform, in terms of resource utilisation.

BridgeHead provide analytics and metrics for the BridgeHead software, in varying levels of granularity with regards to different types of data protected and volume of data.
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
BridgeHead is a passionate supporter of open standards and believes this is the underlying mechanism to avoid ‘vendor lock-in’ – and this includes BridgeHead’s HealthStore. In case a customer may no longer wish to use the product, as part of our contract’s standard ‘exit provisions’, BridgeHead would provide support to a 3rd party, such as another VNA/ICA vendor, to assist in migrating the data out of HealthStore. As HealthStore is standards-based, and ingests content in its native format, BridgeHead is able to offer that data back in its native format.
Data export formats
Other
Other data export formats
  • Native File Formats
  • Dcm
Data import formats
Other
Other data import formats
  • Native File Formats
  • .dcm

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The BridgeHead team is dedicated to maintaining a 99.9% availability of the HealthStore hosted software solution. BridgeHead provides a warm site presence at geographically separated hosting facilities in conjunction with our partner, Redcentric in the UK.
BridgeHead customers may obtain service credits if BridgeHead fails to meet any of the service commitments described in the service definition document, specifically the approved Service Level Agreements.
The structure of the service credits would be open to negotiation at the contract stage to ensure the customer’s HealthStore deployment aligns with the rest of their enterprise.
Approach to resilience
This information is available on request.
Outage reporting
The system has inbuilt reporting which generates notifications to a monitoring system and also specified inboxes.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
All BridgeHead staff with direct access to Patient Identifiable data will have been through the Disclosure Barring Service (DBS).

User access to the BridgeHead solution is managed via LDAP. All activity is full audited. Security and access controls of the BridgeHead solution is fully compliant with the XDS framework.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QAS International
ISO/IEC 27001 accreditation date
30/04/2019
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO Accreditations

• ISO9001: for Quality Assurance
• ISO27001: for Data Security
• ISO14001: for Environmental Responsibilities.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
BridgeHead also operates a formal Change Management process in line with ITIL and can work with a healthcare organisation’s CCN process, if different. This ensures any major system updates that the customer approves for install will be carried out during an agreed maintenance window. BridgeHead will work with all vendors to ensure the upgrade runs without incident, including upgrading the non-production environment before the production environment
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The following processes are followed based on industry best practices:

Vulnerability assessment
Vulnerability monitoring
Vulnerability mitigation prioritisation
Vulnerability tracking
Vulnerability mitigation timescales
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The system generates regular status reports and e-mails them. The content, frequency, and destination are all configurable, allowing BridgeHead and the hospital to monitor availability and performance. BridgeHead software also integrates with third party support and monitoring software. Scheduled jobs that generate reports can also be configured to meet the hospitals requirements.

The BridgeHead solution provides a full alerting and reporting mechanism. Alerts can be set up to alert key people when events are raised. Examples could be, when a malformed DICOM object has been received OR when a monitored disk area has reached a percentage of available space.
Incident management type
Supplier-defined controls
Incident management approach
BridgeHead will provide customers with a single contact number, email address and portal link for the Service Desk (upon Service initiation), for co-ordination of all incident activity.

BridgeHead operates its service to a very high standard in line with and comparable to ITIL standards. BridgeHead have selected ISO as its chosen standards for service delivery and are fully certified for ISO9001, ISO14001 and ISO27001. These standards cover the delivery of BridgeHead's support and maintenance activities.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£3094 per unit per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A PoC version of the software is available which will allow a buyer to identify if the product supports their business, IT and clinical requirements. All details of the PoC will be agreed with the buyer to ensure the PoC is tailored correctly to meet these requirements.

Service documents

Return to top ↑