BridgeHead Software Limited

BridgeHead HealthStore® Independent Clinical Archive (ICA)

Looking to retire/replace legacy clinical or business applications? Or implement a Vendor Neutral Archive (VNA) for medical image management? Or offer your clinicians a 360-degree patient view directly through your EPR? BridgeHead’s HealthStore® Independent Clinical Archive (ICA) helps hospitals to extract, consolidate, store, protect and share patient and administrative information.

Features

  • Single, standards-based repository for ALL clinical and non-clinical data
  • Supports healthcare data standards: DICOM, HL7, XDS; and unstructured data
  • Integrates with EPRs, clinical portals and integration engines
  • Full featured vendor neutral archive (VNA) and viewing capabilities
  • Extracts and ingests data from legacy/replaced applications
  • Content can be accessed by the original or other applications
  • Supports distributed architectures: multi-tenant, multi-domain and multi-site
  • Full meta-data (e.g. demographic updates, IOCM) and Information Lifecycle Management
  • Flexible deployment options: Cloud, hybrid or on-premise
  • Provides full auditing & reporting for governance & compliance

Benefits

  • Consolidates, stores and protects ALL of your healthcare data
  • Provides clinicians a 360-degree patient view and powers MDT collaboration
  • Reduced clinical workflow with 'in-context' patient history via the EPR
  • Enables decommissioning of legacy applications saving cost and improving security
  • Removes departmental/application silos and enables digital transformation initiatives
  • Improves patient data quality by enforcing open healthcare data standards
  • Simplifies future application & storage migrations with minimal disruption
  • Removes the burden of analytics/secondary use from primary applications
  • Excellent delivery track record with referenceable NHS customers
  • British company with global presence and over 1,200+ healthcare customers

Pricing

£3094 per unit per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11

837924355154634

BridgeHead Software Limited

Tony Tomkys

01372 221950

tony.tomkys@bridgeheadsoftware.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints None
System requirements
  • Responsible for internal equipment
  • Responsible for the network connectivity to the cloud

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Depending on the severity of the support issue, we aim to respond to questions within one hour for severity 1 issues, to within 8 hours for severity 4 issues. BridgeHead's Technical Support Service is available 24 hours per day, 7 days per week.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels BridgeHead Software has a global, dedicated team of technical support and engineering specialists who provide the highest quality support to our customers. Our objective is to provide your healthcare organization with the expertise and support you need to ensure you are receiving the maximum benefit from your investment in our software and to help you consolidate, store, protect and share your clinical and non-clinical data. BridgeHead offers three levels of support geared towards the needs of our healthcare customers: Standard Support (8x5); Premium Support (24x7); Platinum Support (24x7 with HDM Managed Service). Support services are delivered via a multi-point support structure and can be tailored to meet the needs of our customers. Technical Account Managers (TAM) – Perform proactive technical outreach to our customers to gain a better understanding of your overall environment and future objectives. Technical Support Engineers (TSE) – Ensure the timely resolution of any difficulties, problems or challenges you encounter in the installation or use of our solutions. BridgeHead TSEs provide a comprehensive knowledge of the BridgeHead suite of products. The TSE also brings best practice and a wealth of knowledge in the utilization and how these products best perform in your technical environment.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started BridgeHead’s HealthStore is delivered through BridgeHead’s Project Teams. Our installation services focus on system design, setup and configuration. Through initial scoping and project discovery activities, our staff work with our customers to determine the most effective and efficient configuration of HealthStore to meet the project objectives.

Our experience has shown that where training is included early in the project lifecycle, the customer can play a more informed and active role in the design phase of the implementation. It also reduces the amount of knowledge transfer that is required, meaning that the customer gets more value from BridgeHead’s Professional Services.

BridgeHead offers a variety of training and education programs to ensure you are realising the full value of your HealthStore investment. Our training is built to develop your skills while enabling you to meet your objectives in deploying HealthStore, e.g. designing a strategy for sharing patient data.
BridgeHead provides a number of formats and styles to meet your needs:
Traditional Classroom
Instructor-led eLearning
Self-paced Learning.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction BridgeHead is a passionate supporter of open standards and believes this is the underlying mechanism to avoid ‘vendor lock-in’ – and this includes BridgeHead’s HealthStore. In case a customer may no longer wish to use the product, as part of our contract’s standard ‘exit provisions’, BridgeHead would provide support to a 3rd party, such as another VNA/ICA vendor, to assist in migrating the data out of HealthStore. As HealthStore is standards-based, and ingests content in its native format, BridgeHead is able to offer that data back in its native format. As the content has not been tampered with or obscured in any way, it can be easily migrated out of HealthStore, if needed.
End-of-contract process BridgeHead is a passionate supporter of open standards and believes this is the underlying mechanism to avoid ‘vendor lock-in’ – and this includes BridgeHead’s HealthStore. In case a customer may no longer wish to use the product, as part of our contract’s standard ‘exit provisions’, BridgeHead would provide support to a 3rd party, such as another VNA/ICA vendor, to assist in migrating the data out of HealthStore. As HealthStore is standards-based, and ingests content in its native format, BridgeHead is able to offer that data back in its native format. As the content has not been tampered with or obscured in any way, it can be easily migrated out of HealthStore, if needed.

Alternatively, if a customer chooses to continue with the BridgeHead solution, then a contract extension will be available subject to the T&Cs of the G Cloud Framework.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • Windows
  • Windows Phone
Designed for use on mobile devices No
API No
Customisation available No

Scaling

Scaling
Independence of resources The solution will be hosted in an elastic scalable private cloud that will ensure minimum levels of performance and response times (agreed in the SLAs)

Analytics

Analytics
Service usage metrics Yes
Metrics types BridgeHead provide analytics and metrics for the underlying cloud platform, in terms of resource utilisation.

BridgeHead provide analytics and metrics for the BridgeHead software, in varying levels of granularity with regards to different types of data protected and volume of data.
Reporting types Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach BridgeHead is a passionate supporter of open standards and believes this is the underlying mechanism to avoid ‘vendor lock-in’ – and this includes BridgeHead’s HealthStore. In case a customer may no longer wish to use the product, as part of our contract’s standard ‘exit provisions’, BridgeHead would provide support to a 3rd party, such as another VNA/ICA vendor, to assist in migrating the data out of HealthStore. As HealthStore is standards-based, and ingests content in its native format, BridgeHead is able to offer that data back in its native format.
Data export formats Other
Other data export formats
  • Native File Formats
  • Dcm
Data import formats Other
Other data import formats
  • Native File Formats
  • .dcm

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The BridgeHead team is dedicated to maintaining a 99.9% availability of the HealthStore hosted software solution. BridgeHead provides a warm site presence at geographically separated hosting facilities in conjunction with our partner, Redcentric in the UK.
BridgeHead customers may obtain service credits if BridgeHead fails to meet any of the service commitments described in the service definition document, specifically the approved Service Level Agreements.
The structure of the service credits would be open to negotiation at the contract stage to ensure the customer’s HealthStore deployment aligns with the rest of their enterprise.
Approach to resilience This information is available on request.
Outage reporting The system has inbuilt reporting which generates notifications to a monitoring system and also specified inboxes.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels All BridgeHead staff with direct access to Patient Identifiable data will have been through the Disclosure Barring Service (DBS).

User access to the BridgeHead solution is managed via LDAP. All activity is full audited. Security and access controls of the BridgeHead solution is fully compliant with the XDS framework.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QAS International
ISO/IEC 27001 accreditation date 30/04/2019
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISO Accreditations

• ISO9001: for Quality Assurance
• ISO27001: for Data Security
• ISO14001: for Environmental Responsibilities.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach BridgeHead also operates a formal Change Management process in line with ITIL and can work with a healthcare organisation’s CCN process, if different. This ensures any major system updates that the customer approves for install will be carried out during an agreed maintenance window. BridgeHead will work with all vendors to ensure the upgrade runs without incident, including upgrading the non-production environment before the production environment
Vulnerability management type Supplier-defined controls
Vulnerability management approach The following processes are followed based on industry best practices:

Vulnerability assessment
Vulnerability monitoring
Vulnerability mitigation prioritisation
Vulnerability tracking
Vulnerability mitigation timescales
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach The system generates regular status reports and e-mails them. The content, frequency, and destination are all configurable, allowing BridgeHead and the hospital to monitor availability and performance. BridgeHead software also integrates with third party support and monitoring software. Scheduled jobs that generate reports can also be configured to meet the hospitals requirements.

The BridgeHead solution provides a full alerting and reporting mechanism. Alerts can be set up to alert key people when events are raised. Examples could be, when a malformed DICOM object has been received OR when a monitored disk area has reached a percentage of available space.
Incident management type Supplier-defined controls
Incident management approach BridgeHead will provide customers with a single contact number, email address and portal link for the Service Desk (upon Service initiation), for co-ordination of all incident activity.

BridgeHead operates its service to a very high standard in line with and comparable to ITIL standards. BridgeHead have selected ISO as its chosen standards for service delivery and are fully certified for ISO9001, ISO14001 and ISO27001. These standards cover the delivery of BridgeHead's support and maintenance activities.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £3094 per unit per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A PoC version of the software is available which will allow a buyer to identify if the product supports their business, IT and clinical requirements. All details of the PoC will be agreed with the buyer to ensure the PoC is tailored correctly to meet these requirements.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑