PINGA, Order Comms, HIS, Integrated Care Software, Electronic Health Records
Sorsix has built and maintains a modular electronic public health systems in the Republic of Macedonia and the Republic of Serbia. Over 10m people have integrated Healthcare delivered via the Sorsix Pinga platform, a nation-scale EHR and outpatient management system. Waiting lists have been abolished in these countries with Pinga.
Features
- Realtime Modular National and Small scale EHR for Integrated Healthcare
- Clinical workflow and management system full stack API
- ePrescription
- Enterprise Scheduling, Local and National Waiting list management module
- Medical Diary and Doctor’s Record, HIS (ward and surgery)
- Diabetes Module, Maternity Module
- LIS, RIS & PACS
- Billing, Real-time Epidemiology & Data Analytics
- Patient portal web & mobile, Preventative Screening Modules
- Immunology & Scheduled checkups
Benefits
- Single Platform Integrated Digital Care
- Shared Care Record for 10m patients
- Managed Expert services in Healthcare
- Managed Development Intergration
- Single Platform EHR
- Healthcare Data analytics
- Managed and Turnkey outsourcing
- Experience Team running 2 national EHR's & Software Integrating
- National EHR Platform for Serbia 7.2 million users
- National EHR Platform for Macedonia 2.3 million users
Pricing
£1.00 to £1.50 a user a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 10
Service ID
8 4 4 5 3 4 9 8 0 5 5 5 0 3 5
Contact
Sorsix Health UK & Ireland
<removed>
Telephone: <removed>
Email: <removed>@ca957055-5c06-4e78-b5e5-54ee13d6bce9.com
Service scope
- Service constraints
- None it is flexible and modular, own hosted on network VPN or physical location or remotely hosted
- System requirements
- None
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Within 5 minutes
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.0 AAA
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- WCAG 2.0 AAA
- Web chat accessibility testing
- We manage the National Patient record in Serbia and Macedonia and provide assisted web chat for various Assistive technology service users through our 'my Doctor' service
- Onsite support
- Yes, at extra cost
- Support levels
- TBD By Client
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Onsite training, online training, shadowing and user documentation.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- Other
- Other documentation formats
-
- Webinars
- Shadowing and behavior development
- End-of-contract data extraction
-
The Database is open source Postgres SQL.
The Data belongs to the customer. - End-of-contract process
- A Managed Service Transition occurs at the end of any contract, scope is to be determined by the client
Using the service
- Web browser interface
- Yes
- Using the web interface
- Sorsix's Pinga provides a full API for Service Users and over 400 applications are already integrated.
- Web interface accessibility standard
- WCAG 2.0 AAA
- Web interface accessibility testing
- Extensive Testing in Serbia as a National Platform. Further details on request.
- API
- Yes
- What users can and can't do using the API
-
Over 400 Third party Healthcare (such as diagnostics) and Civic applications (such as exchequer payment platforms) are integrated with Pinga via our API which receives on average about 100 million requests per day.
See Serbia dashboard live.
https://live.mojdoktor.gov.rs/en
See Macedonia Live
https://livedashboard.zdravstvo.gov.mk/en - API automation tools
-
- Ansible
- Chef
- OpenStack
- SaltStack
- Terraform
- Puppet
- Other
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- ODF
- Other
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Using the command line interface
- TBD by client need
Scaling
- Scaling available
- Yes
- Scaling type
- Automatic
- Independence of resources
- TBD by Client
- Usage notifications
- Yes
- Usage reporting
-
- API
- SMS
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Other
- Other metrics
-
- Patient Data level Epidemiology
- Individual clinician bahaviour records
- Pharmaceutical Record and effectiveness
- Service Effectiveness
- Pay for Performance Metrics for Consultants & GP's
- Reporting types
-
- API access
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
- All records
- Backup controls
- TBD by Client
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
-
- Users can recover backups themselves, for example through a web interface
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
- Private network or public sector network
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
- TB Confirmed
- Approach to resilience
- TB Confirmed
- Outage reporting
- TB Confirmed
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- TB Confirmed
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
- Dedicated device over multiple services or networks
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- TB Confirmed
- ISO/IEC 27001 accreditation date
- TB Confirmed
- What the ISO/IEC 27001 doesn’t cover
- TB Confirmed
- ISO 28000:2007 certification
- Yes
- Who accredited the ISO 28000:2007
- TB Confirmed
- ISO 28000:2007 accreditation date
- TB Confirmed
- What the ISO 28000:2007 doesn’t cover
- TB Confirmed
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- TB Confirmed
- CSA STAR certification level
- Level 3: CSA STAR Certification
- What the CSA STAR doesn’t cover
- TB Confirmed
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Yes
- PCI DSS accreditation date
- TB Confirmed
- What the PCI DSS doesn’t cover
- TB Confirmed
- Other security certifications
- Yes
- Any other security certifications
-
- TB Confirmed
- TB Confirmed
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- CSA CCM version 3.0
- ISO/IEC 27001
- Information security policies and processes
- TB Confirmed
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- TB Confirmed
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- TB Confirmed
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- TB Confirmed
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- TB Confirmed
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- VMware
- How shared infrastructure is kept separate
- TB Confirmed
Energy efficiency
- Energy-efficient datacentres
- Yes
Pricing
- Price
- £1.00 to £1.50 a user a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- As per user requirements
- Link to free trial
- TB Confirmed