Kainos Software Ltd

Shared Care Record (SCR) and Interoperability Platform

The platform is a Clinical Portal for users to access patient information in a structured manner, replacing paper-based medical records and
need for multiple logins.​
​It provides a blended view of patient information from different systems, across one/many organisations, providing a Single View of the Patient across the region.​

Features

  • Integration Framework to aggregate and normalise data from disparate sources.​
  • Patient Centric Clinical Portal for simple access to aggregated data.​
  • Single Sign-on and Context Launch from other Clinical Systems.​
  • Role based access and configuration.​
  • Data Analytics capability to support secondary use purposes.​
  • Enabled for Artificial Intelligence (AI) with AI service capabilities.​
  • Interoperability using InterOpen Care Connect FHIR profiles.​
  • Amazon Web Services hosted internet facing Platform as a Service(PaaS).​
  • Fully Managed Service to ISO 270001 accreditation.​
  • Fast, Agile, Service-Led engagement, optimised around change management/digital transformation.​

Benefits

  • Reduced time, effort, resources required to chase missing information.​
  • Better informed decisions leading to earlier diagnosis and treatment.​
  • Better informed treatment plan leading to better patient outcomes.​
  • Enhanced patient safety e.g. improved medication management.​
  • Leverage existing assets available within the system.​
  • Incremental, fast, service design led, Agile delivery with minimal disruption.​
  • Tailored capabilities to maximise return on investment.​
  • Fully managed service using enterprise AWS capabilities for business continuity.​
  • Securely managed internet facing service. No local servers/maintenance required.​
  • AI normalisation /Data normalisation capabilities can assist in further transformation.​

Pricing

£302,000 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at presales@kainos.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

8 8 4 3 2 7 6 1 8 7 1 5 3 7 0

Contact

Kainos Software Ltd Nicola Keaney
Telephone: 028 9057 1100
Email: presales@kainos.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Details of the Kainos Evolve SCR service are included in the attached service definition document and T&Cs.
System requirements
None.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our standard support response times range from 30 minutes to 5 days depending on the incident categorisation and prioritisation as defined in a tailored service level agreement (SLA) per service.
The tailored SLA also defines the agreed hours of support service availability which can range from 24x7 to weekdays 09:00 to 17:00.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
For many of our support clients we configure private chat groups to allow the client real-time access to the support team.
However, we have not performed any web chat testing with assistive technology users.
Web chat accessibility testing
For many of our support clients we configure private chat groups to allow the client real-time access to the support team.
However, we have not performed any web chat testing with assistive technology users.
Onsite support
Yes, at extra cost
Support levels
Our mature cloud support service blends continued service improvement with defect resolution, to ensure user needs, business goals and performance targets are realised and user satisfaction is maximised.
We offer a range of support levels which are aligned to client’s support requirements and defined in a tailored service level agreement. Our support methodology is based on the rigour of ITIL and the flexibility of Agile principles and a Dev Ops culture. This blend results in a robust break-fix service and pragmatic service targets which are ITIL-aligned and underpinned by our ISO 9000, ISO 20000 and ISO 27001 accreditation.
Support is included as part of the service cost.
A typical support team is led by a technical account manager who is responsible for day-to-day support and allocation of support requests to multiple cloud support engineers. This approach provides a resilient support service with sufficient cover to ensure all support requests are managed in an effective and efficient manner.
Support available to third parties
No

Onboarding and offboarding

Getting started
The system has been designed to be intuitive to use. During delivery, training material will be created against user stories which can be imported into a customer based knowledge base system which can then be accessed from within the platform.
Formal solution training is provided by Kainos with train the trainer approach to end-user training provided by the customer project team.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Kainos shall make the Evolve API's available to provide the Customer with the capability to extract data from within Evolve. Medical data is stored in a FHIR standard format providing a simple and future-proofed way to extract data from Evolve into another system.
End-of-contract process
Exit management costs are excluded for the contract and can be scoped on a customer by customer basis.
After the end of the contract, the Evolve service will be provisioned for a period of one month to enable the Customer to extract the required data from Evolve. Following extraction of the data, Kainos will permanently remove all data held for the Customer within 90 days.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The Evolve SCR solution leverages NHS Smartcards to provide fast, just in time provisioning and authentication of users. While the Evolve platform has been designed to work on a range of mobile devices, if NHS Smartcards are used for authentication the SCR solution is currently only supported on Windows Desktops in line with support for NHS Smartcards.
Service interface
Yes
Description of service interface
The service interface is restricted to permitted users and allows users to do administration functions around users management, setup, configuration, monitoring of interfaces etc.
Accessibility standards
None or don’t know
Description of accessibility
During the development of Kainos Evolve SCR, the user voice was the focus of the User Stories used to design the solution. This solution design is user-centric to drive through the importance of ease of use, and to allow users to quickly and easily find the information they need.
Kainos Evolve SCR has been developed using HTML5 using a responsive web design approach, to provide an optimal viewing and interaction experience – easy reading and navigation with a minimum of resizing, panning and scrolling across a wide range of mobile devices e.g. iOS, Android and Windows.
Accessibility testing
Kainos has a team of highly experience usability experts who have conducted extensive usability testing with a wide range of end users including users of assistive technology.
The user interface of Evolve SCR is built in line with WGAC 2.1 accessibility standards and makes content more accessible to a wider range of people with disabilities, including accommodations for blindness and low vision, deafness, hearing loss etc.

Evolve has a team of dedicated user experience designers whose role it is to perform user research and design the UI of the application to be clean and intuitive to use while taking into account industry guidelines regarding clinical safety and accessible.

The National Patient Safety Agency (NPSA) guidelines document regarding safe on-screen display of medication information is one such standard whose principles are considered as part of all screens that are included within the Evolve platform. Examples of principles that are adhered to include consistent use of abbreviated units of measure across the platform (e.g. mL, mmol) and using national standard drug names.
API
Yes
What users can and can't do using the API
The API capability is principally designed to allow the exchange of data using standards such as HL7v2 or FHIR. Kainos has a number of interfaces and API's developed and is able to create specific solutions against clients' requirements.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
• What - A high level of configurability allows individual customers to customise to their own specific requirements and to introduce functionality at a rate that suits them.
A range of configuration options are provided including; users, roles, permissions, configuration of views (i.e. what data is displayed and where), look and feel of the clinical portal, data sources, data mapping and integrations, exclusion codes and alerts etc.
Users can create their own ad-hoc care recipient lists.
Customers can create eforms and workflow which includes tasks and notifications.
• How - Out-of-the-box and customised templates within the solution provide a highly flexible customisation approach. A web based administration console is provided to enable suitably privileged users to configure the solution.
• Who - Business users can customise Kainos Evolve SCR, programming skills are not required. Widgets are provided out of the box, they can also be customised or created by administrators using available data sets.

Scaling

Independence of resources
Evolve SCR runs on a multi-tenant, cloud-hosted platform, and as such, a key requirement is that the solution fully supports demands of multiple concurrent deployments.

Analytics

Service usage metrics
Yes
Metrics types
• Service availability
• Patient access
• User activity.
All delivered via a mix of graphical reports and dashboards.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
Less than once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Kainos shall make the Evolve API's available to provide the Customer with the capability to extract data from within Evolve. Medical data is stored in a FHIR standard format providing a simple and future-proofed way to extract data from Evolve into another system.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • FHIR
  • HL7
  • PDF
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • FHIR
  • HL7
  • PDF

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The Evolve architecture is designed for continuous operation, and a target availability level of better than 99.9% is anticipated (excluding planned maintenance). Planned maintenance episodes are minimised as much as possible and are only required in exceptional circumstances – non-disruptive approaches to software release, patching, database maintenance are used to maximise the availability of the solution.
Resilience techniques such as load balancing/service discovery, replication of data and duplication of server roles are employed to minimise the impact of component failure. Extensive monitoring and alerting tooling is deployed at all tiers; this enables issues to be quickly identified and addressed, often without end-user impact.
Approach to resilience
Available on request.
Outage reporting
• Public Dashboard
• API
• Email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
Access is controlled via Multi-Factor Authentication for the background cloud infrastructure and by username and password from whitelisted IP addresses for the web administration portal.
Access restrictions in management interfaces and support channels
Access is controlled via Multi-Factor Authentication for the background cloud infrastructure and by username and password from whitelisted IP addresses for the web administration portal.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
11/02/2020
What the ISO/IEC 27001 doesn’t cover
Information security outside of the design, development, testing and support of IT solutions.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Data Security and Protection Toolkit (NHS IG Toolkit)
  • Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Security Management System. Staff are briefed on policies and processes via awareness training and must adhere to these at all times.
As an ISO27001 certified company Information Security is an important consideration for Kainos; in line with our responsibilities it is our policy to ensure that:
• Information will be protected against unauthorised access.
• Confidentiality of information will be assured.
• Integrity of information will be maintained.
• Regulatory and legislative requirements will be met.
• Business continuity plans will be produced, maintained and tested.
• Information security training will be available to all staff.
• All breaches of information security, actual or suspected, will be reported to, and investigated by the Kainos Information Security Manager and communicated appropriately to customers.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Kainos has an established configuration and change management approach in line with our ISO 20000 service management process.
This includes versioning of components, management of code and configuration using source control, code reviews and adoption of secure software development practices, including security risk reviews prior to launch. Developer access to production environments is via explicit access system requests, subject to owner review and authorisation.
All production environment changes are reviewed, tested and approved.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our operational management team monitor metrics from our vulnerability management software in addition to the service provided from our hosting provider.
• Maintain a list of assets that are assessed against industry notifications
• Manage subscriptions to vulnerability notification services
• Regular use of vulnerability scanning software
• Use of external managed security services that assess threat vectors and provide proactive advice/intelligence
• Regular internal and independent testing of infrastructure and applications
• Operate an internal security working group that proactively publishes information about vulnerabilities and best practices.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
• Use of specialist intrusion detection systems
• Regular security testing and baselined results
• Proactive analysis of security and system event data
• Response to an incident is dependent on perceived impact, threat, and exposure – it could range from no Response being necessary through to full incident Response involving senior Business individuals and law enforcement agencies
• Security incident management process is implemented
• Security-related incidents assessed and responded to in line with support processes.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
• Pre-defined processes -Kainos Support Services is certified by the British Standards Institute as operating an IT Service Management System that complies with the requirements of ISO 20000. We have an established incident management process as part of ISO 20000.
• Reporting Incidents -Users can report incidents directly via our dedicated Service Desk, by email or online via the Kainos Incident Management System (KIM).
• Incident Reports -Kainos produces timely, reliable, accurate reports for informed decision making, effective communication and quality management. Kainos provides the client with formal monthly reporting detailing performance against the SLA and agreed Key Performance Indicators(KPI).

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Pricing

Price
£302,000 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at presales@kainos.com. Tell them what format you need. It will help if you say what assistive technology you use.