Looking to retire/replace legacy clinical or business applications? Or implement a Vendor Neutral Archive (VNA) for medical image management? Or offer your clinicians a 360-degree patient view directly through your EPR? BridgeHead’s HealthStore® Independent Clinical Archive (ICA) helps hospitals to extract, consolidate, store, protect and share patient and administrative information.
- Single, standards-based repository for ALL clinical and non-clinical data
- Supports healthcare data standards: DICOM, HL7, XDS; and unstructured data
- Integrates with EPRs, clinical portals and integration engines
- Full featured vendor neutral archive (VNA) and viewing capabilities
- Extracts and ingests data from legacy/replaced applications
- Content can be accessed by the original or other applications
- Supports distributed architectures: multi-tenant, multi-domain and multi-site
- Full meta-data (e.g. demographic updates, IOCM) and Information Lifecycle Management
- Flexible deployment options: Cloud, hybrid or on-premise
- Provides full auditing & reporting for governance & compliance
- Consolidates, stores and protects ALL of your healthcare data
- Provides clinicians a 360-degree patient view and powers MDT collaboration
- Reduced clinical workflow with 'in-context' patient history via the EPR
- Enables decommissioning of legacy applications saving cost and improving security
- Removes departmental/application silos and enables digital transformation initiatives
- Improves patient data quality by enforcing open healthcare data standards
- Simplifies future application & storage migrations with minimal disruption
- Removes the burden of analytics/secondary use from primary applications
- Excellent delivery track record with referenceable NHS customers
- British company with global presence and over 1,200+ healthcare customers
£3094 per unit per month
- Education pricing available
- Free trial available
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
BridgeHead Software Limited
|Software add-on or extension||No|
|Cloud deployment model||
|Email or online ticketing support||Email or online ticketing|
|Support response times||Depending on the severity of the support issue, we aim to respond to questions within one hour for severity 1 issues, to within 8 hours for severity 4 issues. BridgeHead's Technical Support Service is available 24 hours per day, 7 days per week.|
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Onsite support|
|Support levels||BridgeHead Software has a global, dedicated team of technical support and engineering specialists who provide the highest quality support to our customers. Our objective is to provide your healthcare organization with the expertise and support you need to ensure you are receiving the maximum benefit from your investment in our software and to help you consolidate, store, protect and share your clinical and non-clinical data. BridgeHead offers three levels of support geared towards the needs of our healthcare customers: Standard Support (8x5); Premium Support (24x7); Platinum Support (24x7 with HDM Managed Service). Support services are delivered via a multi-point support structure and can be tailored to meet the needs of our customers. Technical Account Managers (TAM) – Perform proactive technical outreach to our customers to gain a better understanding of your overall environment and future objectives. Technical Support Engineers (TSE) – Ensure the timely resolution of any difficulties, problems or challenges you encounter in the installation or use of our solutions. BridgeHead TSEs provide a comprehensive knowledge of the BridgeHead suite of products. The TSE also brings best practice and a wealth of knowledge in the utilization and how these products best perform in your technical environment.|
|Support available to third parties||Yes|
Onboarding and offboarding
BridgeHead’s HealthStore is delivered through BridgeHead’s Project Teams. Our installation services focus on system design, setup and configuration. Through initial scoping and project discovery activities, our staff work with our customers to determine the most effective and efficient configuration of HealthStore to meet the project objectives.
Our experience has shown that where training is included early in the project lifecycle, the customer can play a more informed and active role in the design phase of the implementation. It also reduces the amount of knowledge transfer that is required, meaning that the customer gets more value from BridgeHead’s Professional Services.
BridgeHead offers a variety of training and education programs to ensure you are realising the full value of your HealthStore investment. Our training is built to develop your skills while enabling you to meet your objectives in deploying HealthStore, e.g. designing a strategy for sharing patient data.
BridgeHead provides a number of formats and styles to meet your needs:
|End-of-contract data extraction||BridgeHead is a passionate supporter of open standards and believes this is the underlying mechanism to avoid ‘vendor lock-in’ – and this includes BridgeHead’s HealthStore. In case a customer may no longer wish to use the product, as part of our contract’s standard ‘exit provisions’, BridgeHead would provide support to a 3rd party, such as another VNA/ICA vendor, to assist in migrating the data out of HealthStore. As HealthStore is standards-based, and ingests content in its native format, BridgeHead is able to offer that data back in its native format. As the content has not been tampered with or obscured in any way, it can be easily migrated out of HealthStore, if needed.|
BridgeHead is a passionate supporter of open standards and believes this is the underlying mechanism to avoid ‘vendor lock-in’ – and this includes BridgeHead’s HealthStore. In case a customer may no longer wish to use the product, as part of our contract’s standard ‘exit provisions’, BridgeHead would provide support to a 3rd party, such as another VNA/ICA vendor, to assist in migrating the data out of HealthStore. As HealthStore is standards-based, and ingests content in its native format, BridgeHead is able to offer that data back in its native format. As the content has not been tampered with or obscured in any way, it can be easily migrated out of HealthStore, if needed.
Alternatively, if a customer chooses to continue with the BridgeHead solution, then a contract extension will be available subject to the T&Cs of the G Cloud Framework.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||No|
|Independence of resources||The solution will be hosted in an elastic scalable private cloud that will ensure minimum levels of performance and response times (agreed in the SLAs)|
|Service usage metrics||Yes|
BridgeHead provide analytics and metrics for the underlying cloud platform, in terms of resource utilisation.
BridgeHead provide analytics and metrics for the BridgeHead software, in varying levels of granularity with regards to different types of data protected and volume of data.
|Reporting types||Regular reports|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||BridgeHead is a passionate supporter of open standards and believes this is the underlying mechanism to avoid ‘vendor lock-in’ – and this includes BridgeHead’s HealthStore. In case a customer may no longer wish to use the product, as part of our contract’s standard ‘exit provisions’, BridgeHead would provide support to a 3rd party, such as another VNA/ICA vendor, to assist in migrating the data out of HealthStore. As HealthStore is standards-based, and ingests content in its native format, BridgeHead is able to offer that data back in its native format.|
|Data export formats||Other|
|Other data export formats||
|Data import formats||Other|
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
The BridgeHead team is dedicated to maintaining a 99.9% availability of the HealthStore hosted software solution. BridgeHead provides a warm site presence at geographically separated hosting facilities in conjunction with our partner, Redcentric in the UK.
BridgeHead customers may obtain service credits if BridgeHead fails to meet any of the service commitments described in the service definition document, specifically the approved Service Level Agreements.
The structure of the service credits would be open to negotiation at the contract stage to ensure the customer’s HealthStore deployment aligns with the rest of their enterprise.
|Approach to resilience||This information is available on request.|
|Outage reporting||The system has inbuilt reporting which generates notifications to a monitoring system and also specified inboxes.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
All BridgeHead staff with direct access to Patient Identifiable data will have been through the Disclosure Barring Service (DBS).
User access to the BridgeHead solution is managed via LDAP. All activity is full audited. Security and access controls of the BridgeHead solution is fully compliant with the XDS framework.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users receive audit information on a regular basis|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users receive audit information on a regular basis|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||QAS International|
|ISO/IEC 27001 accreditation date||30/04/2019|
|What the ISO/IEC 27001 doesn’t cover||N/A|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
• ISO9001: for Quality Assurance
• ISO27001: for Data Security
• ISO14001: for Environmental Responsibilities.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||BridgeHead also operates a formal Change Management process in line with ITIL and can work with a healthcare organisation’s CCN process, if different. This ensures any major system updates that the customer approves for install will be carried out during an agreed maintenance window. BridgeHead will work with all vendors to ensure the upgrade runs without incident, including upgrading the non-production environment before the production environment|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
The following processes are followed based on industry best practices:
Vulnerability mitigation prioritisation
Vulnerability mitigation timescales
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
The system generates regular status reports and e-mails them. The content, frequency, and destination are all configurable, allowing BridgeHead and the hospital to monitor availability and performance. BridgeHead software also integrates with third party support and monitoring software. Scheduled jobs that generate reports can also be configured to meet the hospitals requirements.
The BridgeHead solution provides a full alerting and reporting mechanism. Alerts can be set up to alert key people when events are raised. Examples could be, when a malformed DICOM object has been received OR when a monitored disk area has reached a percentage of available space.
|Incident management type||Supplier-defined controls|
|Incident management approach||
BridgeHead will provide customers with a single contact number, email address and portal link for the Service Desk (upon Service initiation), for co-ordination of all incident activity.
BridgeHead operates its service to a very high standard in line with and comparable to ITIL standards. BridgeHead have selected ISO as its chosen standards for service delivery and are fully certified for ISO9001, ISO14001 and ISO27001. These standards cover the delivery of BridgeHead's support and maintenance activities.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£3094 per unit per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||A PoC version of the software is available which will allow a buyer to identify if the product supports their business, IT and clinical requirements. All details of the PoC will be agreed with the buyer to ensure the PoC is tailored correctly to meet these requirements.|