NHS North of England Commissioning Support Unit (Hosted by NHS England)

RAIDR

RAIDR is a business intelligence tool used by CCG, CSU and GP Practice staff and Acute Care. It provides healthcare professionals with a single portal for all their information needs, e.g. inpatient, outpatient and A&E activity, prescribing, finance and contracting, urgent care and primary care data quality and risk stratification.

Features

  • Risk stratification and data quality
  • Training included
  • Service level activity and budget monitoring
  • Drill down to patient level
  • Prescribing data and prescribing safety
  • Quality indicator performance
  • Quality Outcomes Framework (QOF) reporting and optimising
  • No software installation required
  • Wide range of data sets available
  • Multiple risk tools

Benefits

  • Improve data quality and consistency
  • Deliver reliable data and accurate information
  • Drives efficiency
  • More effective case management
  • National and local peer comparators
  • Rapid implementation
  • Achieve high quality cost effective care
  • Identify areas for concern and exemplars for best practice
  • Supports GMC / PMS contract

Pricing

£0.19 per unit per year

Service documents

G-Cloud 9

849406537571274

NHS North of England Commissioning Support Unit (Hosted by NHS England)

Valerie Maddison

0191 2172760

valerie.maddison@nhs.net

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints RAIDR service provision may be forcibly terminated where underlying data systems which input into the RAIDR System are discontinued or undergo change such that the RAIDR System is no longer capable of accepting, or permitted to accept those feeds, and this materially affects RAIDR’s effectiveness and value.

Examples include but are not limited to:
• The terms on which MiQuest software is made available (third party software which enables data extraction from the customer’s IT system for the purpose of provision of the Primary Care Dashboard), change to make it uneconomical, incompatible or unsuitable for use with the RAIDR System.
System requirements
  • New NHS Networks (N3)
  • Internet 10+ (or any modern browser)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 1 business hour
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Service support comprises :
Customers can access technical support services and also help and advice for non-technical ad-hoc queries and ‘how to’ guidance.
• information and advice by telephone (between the hours of 8.30 a.m. and 5.00 p.m. Monday through Friday, excluding bank and other public holidays), e-mail or by such other means as NECS deems appropriate from time to time to advise on the use of the RAIDR System;
• the creation and release to the Customer from time to time, at NECS’ sole discretion, of fixes and improvements to the RAIDR System.
Technical support services shall be provided in accordance with the following protocol:-
"Major Fault" - NECS shall as soon as reasonably practicable but in any event within 1 working day of such agreement, supply instructions to the Customer which are intended to circumvent the fault;
"Important Fault" - NECS shall, as soon as reasonably practicable, but in any event within 2 working days of such agreement, supply instructions intended to enable the Customer to circumvent the fault;
"Minor Fault" - NECS shall use its reasonable endeavours to supply instructions to the Customer which are intended to circumvent the fault within 5 working days of such agreement.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started System implementation typically takes 90 days from start to ‘go live’, detailed plans are drawn up with each customer to meet their specific needs.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats MS Word
End-of-contract data extraction Data is permanently deleted from the source file location via CPA Foundation-grade erasure product and destruction certificates are provided.
End-of-contract process User access accounts are disabled and data destroyed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility RAIDR is a web application. RAIDR supports a variety of screen reading and screen magnification software tools which enable visually and mobility impaired users to easily access and navigate RAIDR.
Accessibility testing RAIDR is a web application. We have not undertaken any interface testing with users of assistive technology.
API No
Customisation available Yes
Description of customisation Customer can customise how the data they require is shown i.e. graphs and tables can be set to only disappear data between selected date ranges.

Development and requests for change are reviewed and prioritised by the RAIDR User Group.

Scaling

Scaling
Independence of resources Services are load balanced between multiple servers which can be scaled out on demand.

Analytics

Analytics
Service usage metrics Yes
Metrics types User access statistics by user and organisation
Reporting types Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Access to data is by designated staff and is restricted /only available to those who need to process the data.
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Download to CSV or PDF
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats
  • CSV
  • Other
Other data import formats SQL Server data backup file

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks Access to the service is protected by authentication of all users who access it.
Data protection within supplier network Other
Other protection within supplier network All data is backed up on a regular schedule.

Availability and resilience

Availability and resilience
Guaranteed availability 99%, assured by contractual commitment
Approach to resilience Services are all run on multiple servers and include multiple levels of redundancy.
Outage reporting Our IT Service Desk have a process by which the affected users are identified, notified via e-mail and updated.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication User access to the service is controlled by Microsoft Active Directory.
Access restrictions in management interfaces and support channels Management access to the service is controlled by Microsoft Active Directory
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach Security governance approach includes:
• IG Toolkit Level 2 Compliance
• Information Security Management Plans which are developed practice based experience.
• Cyber Essentials Plus – NECS will continue to seek further accreditation to gain compliance against the Cyber Essentials Plus scheme.
• ISEM (Information Assurance for Small & Medium sized Enterprises) - The IASME standard, based on ISO27001, has developed to create a cyber security standard recognised by the UK Government.
• ISO27001 – NECS is aligned with the ISO27001 internationally recognised, gold standard, and Information Security standards.
Information security policies and processes There is an Information & Cyber Security Strategy and Plan, managed through an IT Security Team with access to the wider IT teams. This is managed by our Infrastructure Security Manager. She reports into the Head of Infrastructure who reports to the Business Information Services Director.

NECS’ develop Information Security Management Plans which are developed using the valuable practice based experience. The key strategic information security principles that underpin information security management at NECS are considered in any service provided by NECS.

NECS adhere to NHS England Policies and all NECS procedures are based on ITIL good practice.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach There is an ITIL based Change Advisory Board (CAB) that manages the processes in accordance with the NECS Procedures.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The system is regularly penetration tested for vulnerabilities in coding and security. It is fully protected by Microsoft Update Service and Sophos Threat Management. Both these products are automated and fully managed. We subscribe to Microsoft Technet Technical Security Bulletins and Sophos RSS feeds for regular updates.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We proactively monitoring against known baselines using PRTG, Solarwinds. The baseline is regularly reviewed. Sophos identifies immediate firewall breaches. Any breaches or changes to the baseline are dealt with immediately, within business hours, by a dedicated team.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach The management of Incidents follows the standards set out by ITIL and defined in our own Incident and Problem Management Policy. Users report incidents via the Service Desk either via Telephone. Each incident is given a unique reference number and a priority which defines the length of time allowed to resolve the incident. Incidents are analysed to look for common trends by reviewing the types of incidents logged and trying to identify root causes. We report each month to our customers on the number of Incidents logged and our performance in terms of meeting the fix time.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)

Pricing

Pricing
Price £0.19 per unit per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑