First Databank Europe Limited


OptimiseRx supports Clinical Commissioning Groups and Commissioning Support Units in delivering their medicines optimisation strategy by providing healthcare professionals with evidence based alerts and prompts in the form of actionable reference messages, at the point of care, relating to best practice, safety and cost.


  • Timely, informed decision making during the prescribing workflow
  • Prescribing guidance that is trusted, and acted upon
  • Clinically relevant prescribing guidance specific to the patient's medical record
  • Help GPs to implement standards of prescribing safety and quality
  • Ability to request localisation of profile messages (authored by FDB)
  • Web-based reporting functionality
  • Web-based content management portal


  • Instantly translate prescribing guidance into clinical actions
  • Unique prescribing data insights to make informed prescribing decisions
  • Guiding prescribers to the most effective evidenced based therapies
  • Messages are optimised to maximise potential savings
  • Messages are patient specific to help minimise alert fatigue


£0.31 to £0.34 per person per year

Service documents

G-Cloud 9


First Databank Europe Limited

Simon Radcliffe


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints FDB and its hosting provider shall use commercially reasonable endeavours to schedule downtime during the hours of 9pm and 7am so as to minimise impact on the sevices.
System requirements
  • Valid licence with vendor clinical system
  • Licence in place with FDB
  • N3/HSCN connectivity required by Buyers.
  • Internet connection compatible with IE9 and above

User support

User support
Email or online ticketing support Email or online ticketing
Support response times FDB’s customer service department will be available during the Contracted Support Hours, being 9.00am to 5.30pm (GMT) Monday to Friday, excluding public holidays in England, and a response will be provided within 8 hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Dedicated Account Manager who can provide access to our technical and content team as required.
In addition, our customer service department will be available to support email and telephone enquiries. On receipt of the query from the Licensee, FDB will acknowledge via email to the Licensee the receipt of the query, and it will be logged and assigned with a unique reference number. FDB shall ensure that a log is maintained in respect to each query raised by the Licensee. Whenever so requested by Licensee, acting reasonably at all times, and during Contracted Support Hours, FDB shall provide an update report from the log with respect to any Licensee related queries.
SLA incorporated as part of the Terms and Conditions for further information.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite training on the use of the FDB OptimiseRx portal to manage the messages and use the reporting capabilities is provided to the CCG/CSU medicines management teams in the set-up period, as well as discussing the need for any localised guidance.
On site demonstrations of how FDB OptimiseRx is implemented within the clinical software, and any necessary training, can be provided for GPs and practice staff.
User guides, FAQs and associated training materials are available for download from the FDB OptimiseRx portal.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction OptimiseRx data is fully integrated with the GP clinical system, and a data extract is not required.
End-of-contract process FDB OptimiseRx is an integral modular component of prescribing systems and can be instantly de-activated by removal of the license key.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility No accessibility options
Accessibility testing None
What users can and can't do using the API The API is integrated within the vendor's clinical system and the system is activated from within the vendor's clinical system. Users will be unable to make changes or set up through the API.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Users can manage their content profile via a web portal. Users can request localised messages to be authored by FDB, who will then add these messages to the CCG portal, to enable, once checked.


Independence of resources Service monitoring and capacity planning is undertaken routinely by FDB.


Service usage metrics Yes
Metrics types Please refer to the Service Definition for reports available within OptimiseRx
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Reports can be exported in CSV or PDF format.
Data export formats CSV
Data import formats Other
Other data import formats None

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network The environment is protected behind firewall security, and data is accessible by authorised personnel only.

Availability and resilience

Availability and resilience
Guaranteed availability FDB shall use reasonable efforts to ensure that the service will have a minimum uptime percentage of 99.99% at all times during the service provision time (excluding scheduled downtime and the duration of any force majeure event) in any month. Uptime is calculated on a monthly basis over each discrete calendar month by FDB.
Approach to resilience Available on request
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels Username and password restricts access to the buyer portal profile.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BUREAU VERITAS
ISO/IEC 27001 accreditation date Every year between December 2007 - December 2016 (current)
What the ISO/IEC 27001 doesn’t cover Applies to our hosting provider, and their Data Centre information security management system
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We are compliant with IG, and all employees are required to complete refresher training no less than annually.
We have a Business Systems Manager who is responsible for all policies and processes across the business, together with accreditation through NICE, and ISO.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All code is source controlled.
Any changes to the services would be tested in accordance with in-house QA standards (as accredited by NICE) prior to implementation.
Vulnerability management type Supplier-defined controls
Vulnerability management approach FDB continuely monitor for any potential threats to our services, and if a threat were detected we would take immediate action to neutralise such threat. FDB use automatically updated anti-virus end point protection software to ensure that services are secure. Software patching is carried out on a scheduled basis (if required).
Protective monitoring type Supplier-defined controls
Protective monitoring approach FDB continuely monitor for any potential compromises to our services, and if a compromise were detected we would take immediate action to neutralise such compromise. FDB use automatically updated anti-virus end point protection software to ensure that services are secure. Software patching is carried out on a scheduled basis (if required).
Incident management type Supplier-defined controls
Incident management approach Users will report incidents by telephone or email to our customer services team. This incident would then be managed in accordance with our in-house policy to undertake a clinical risk assessment and root cause analysis, and any resolution would be conveyed by email. Incident report are not provided, however, users can request an update through customer services.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)


Price £0.31 to £0.34 per person per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑