MediViewer Cloud is an Electronic Document Management solution built specifically for healthcare providers and designed around the needs of healthcare professionals. This end-to-end solution optimises every aspect of the digitisation of paper clinical content and then by providing fast, intuitive and secure access to electronic patient records from any device.
- Fully mobile, touchscreen enabled ready to use on any device
- User configurable rules to recognise un-barcoded documents utilising OCR
- Documentation within an episodic context, featuring complete attendance history
- Representation of document taxonomies to enable intelligent selection
- Scanning and intelligent metadata indexing process (archive and day forward)
- Intelligent metadata tagging provides a cost-efficient alternative to manual identification
- A browser-based interface making it accessible from anywhere at anytime
- Supports multiple file types including text, audio, video and image
- Includes role-based access control and supports content lifecycle management
- Automated document classification in realtime through unique Smartindexing technology
- MediViewer's unique architecture and implementation approach enables rapid deployment
- Intuitive user interface ensure a high rate of user adoption
- Simple, fast access to all archived medical records
- Support for efficient and effective integrated care
- Designed to integrate ensuring seamless interoperability with other systems
- Access from any device over low bandwith promote remote connectivity
- Built-in OCR allows re-classification of already scanned documents effciently
- Consistent user interface across mobile, laptop and desktop simplifies training
- Full auditability and end-to-end control drives BS10008 compliance
- Accepts scanned and electronic documents to complete the paperless experience
£134000 per licence per year
0203 053 8599
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||MediViewer EDM (Electronic Document Management) can be implemented as a standalone solution or typically as a module of the EPR (Electronic Patient Record) or the PAS (Patient Administration System). MediViewer EDM is integrated to the EPR/PAS via an HL7 data feed and User Interface Integration with single sign on.|
|Cloud deployment model||Public cloud|
MediViewer Cloud can be deployed to any NHS approved cloud platform whether that be hosted by a third party provider or sit within a private cloud environment hosted by the Trust. MediViewer Cloud comes with a fully managed service with no known constraints.
IMMJ's partner, UKCloud, provides the hosting service for the MediViewer Cloud Public Cloud offering.
|Email or online ticketing support||Email or online ticketing|
|Support response times||The service level agreements will differ from customer to customer. Our typical response times depend on the severity of the support request as triaged by 1st line support. Due to the critical nature of MediViewer, 24/7 support is available on request based on the support agreement in place.|
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support available to third parties||Yes|
Onboarding and offboarding
The intuitive design of the MediViewer™ application negates the need for extensive end user training. However, it is recognised that training will be required relating to changes to existing hospital processes. If training can be arranged by staff groups then we recommend one hour per session to cover specific MediViewer functionality and process changes.
We recommend the following methods of training carried out on-site:
• Classroom based sessions
• Ward/Department based training (where staff cannot be released)
• 1:1 training for Consultants
The ongoing training requirement once fully live should be handed over to BAU training team. IMMJ systems will provide a training resource to deliver ‘Train the Trainer’ training to enable the hospital resource(s) to provide training to all appropriate hospital staff. Depending on the chosen IMMJ consultancy model, the IMMJ implementation team will either train Consultants within the early adopter specialty or all Consultants for the duration of the deployment.
Additional IMMJ will provide:
• Training environment;
• Comprehensive On-line Help;
• Role specific process guides;
• Best Practices Guides - one-page quick glance documents that take users through specific functions, such as "changing user password", or "printing a form", etc.
• E-learning modules.
|End-of-contract data extraction||
IMMJ Systems do not charge for data repatriation and there is no cost for data transit over the internet or download from N3 if the application is being provided as part of a hosted solution. At the point of service termination, the Client is required to have the capability, resources and skills to extract and securely remove their own data set. Data can be extracted either from within the Virtual Machine, for example copying data over virtual networks or the entire VM can be exported as a VMDK or OVF.
As part of this operation the Trust would work with IMMJ Systems to spec up the required encrypted data store, which we would be more than happy to support.
Once IMMJ Systems has been formally notified that a service has been terminated, any residual customer data or configurations which remain will be securely and permanently erased. Any data or materials which cannot be deleted or exported will be returned to the customer.
|End-of-contract process||We will return all your data and materials which cannot be deleted or exported by you, and securely destroy all copies of your data on your written instruction. We will not penalise you for terminating your contract with us unless specifically stated in the Service Definition. We will also return all of your confidential information, unless there is a legal requirement that we keep it.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Both services are identical. This was a major consideration during the design phase to ensure that MediViewer had a single user interface with full functionality whether accessed via a tablet, laptop or desktop. This greatly simplifies the user training as there is only a single user interface to be trained on.|
|Accessibility standards||WCAG 2.0 A|
|Accessibility testing||Perform both manual and automated testing with Google ADT and other toolkits|
|What users can and can't do using the API||
IMMJ Systems have experience of establishing a live feed from the Hospital EPR that can include the following information:
• Patient demographics
• Patient Alerts
• Patient merges (will also trigger movement of scanned documents)
• Inpatient stays and movements
• A & E attendances
• Outpatient appointments
• Reference types, such as specialties, wards and clinics
In order for MediViewer to be updated it can receive and process HL7 messages (or similar) from the Hospital interface engine and interface with API endpoints within MediViewer to update the internal MediViewer reference tables. We have experience of working with HL7 v 2.3, 2.4 and 2.5; the translation layer in our HL7 interface is scriptable allowing ready customisation to site specific requirements. MediViewer will process the following ADT messages from the EPR; A01, A02, A03, A04, A05, A08, A11, A12, A13, A28, A31, A38, A40.
|API documentation formats||Other|
|API sandbox or test environment||Yes|
|Description of customisation||
MediViewer is highly customisable and provides many functions to the System Administrator that gives overall control of the application to the user.
Any user with the correct role can carry out customisations.
The User Interface is customisable to allow the user to decide on their default view of the patient records.
All other customisations take place via the Administration and Advanced Administration Modules.
At project start the EDMS Customisation specialist will work with the Trust to define the security model and create the initial model within MediViewer based on agreed profiles.
Smart indexing identification rules for specific types of document that will form the core of any taxonomy come standard. The joint project team will carry out investigative work in the early stages of the project to setup the additional Hospital specific business rules for recognition with the smart indexing function.
HL7 and ADT feds are also customisation and the schema-less design of MediViewer allows any number of fields to be rendered within the interface.
IMMJ will take responsibility for customising MediViewer working with the joint project team. Thereafter Systems Administrator will be trained to ensure that skills are retained in-house without requiring any specific development skills.
|Independence of resources||In order to guarantee that users are not affected by the demands from other users, we map dedicated GPU resources to a customers account. On the core platform, we use resource reservations and shares such as internet bandwidth shaping. In addition, the capacity planning team ensure that usage in terms of all resources are constantly monitored and increased accordingly relating to user demand.|
|Service usage metrics||Yes|
An Admin user is able to add additional metrics from with the Admin Module that allow for surfacing almost any measurable metric from MediViewer.
These are standard.
Volume of records
Transactions per record
Transaction per patient
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Other data at rest protection approach||Customers are encouraged to protect their own data using encryption technologies where only they have the decryption key. In this way, our customers are assured that their data can never be accessed by a third party.|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Export patient information: an authorised user can select part or all of a patient’s record for the creation of an encrypted PDF. Typically, this will be in response to a request for patient documents for tertiary care or in response to a Subject Access Request.
Audit Log: MediViewer provides the ability to either display or export to CSV the results of an interactive query which can report against user, date and transaction type.
|Data export formats||
|Other data export formats||Encrypted PDF/A|
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Other protection between networks||
"We offer the choice of connecting:
• Via the internet using additional encryption such as TLS 1.2
• IPSec VPN tunnels
• Via private networks such as leased lines or MPLS
• Via public sector networks such as PSN, N3, Janet
|Data protection within supplier network||
|Other protection within supplier network||We use dedicated CAS-T circuits between each of our sites to ensure the protection of customer data in-flight. We additionally encrypt this data within our Elevated OFFICIAL platform. All data flows are also subject to our protective monitoring service.|
Availability and resilience
|Approach to resilience||Our service is deployed across a number of sites, regions and zones. Each zone is designed to eliminate single points of failure (such as power, network and hardware). Customers should note that GPU's present a single point of failure for a single VM instance, and that customers are encouraged to ensure their solution spans multiple sites, regions or zones to ensure service continuity should a failure occur.|
|Outage reporting||All outages will be reported via the Service Status page and the notifications service within the UKCloud Portal. Outages are identified as Planned maintenance, Emergency maintenance, and platform issues. In addition, the designated Technical Account Manager will proactively contact customers as appropriate.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
The level of access that a user has, and the activities they can perform within MediViewer are governed by the following access control mechanisms:
1. Access control to function by authorised user role;
2. Access control to specific document sets.
Access rights are restricted according to the role of a user. Although the creation of AD (Active Directory) roles are performed by AD administrators, MediViewer implements an ABAC (Attribute based access control) system that assigns authorization tickets (to access specific functionality) to users based on their attributes (such as AD group membership).
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||LRQA|
|ISO/IEC 27001 accreditation date||8th May 2012|
|What the ISO/IEC 27001 doesn’t cover||
All above certifications covered by our partner UKCloud.
|ISO 28000:2007 certification||No|
|CSA STAR certification||Yes|
|CSA STAR accreditation date||28th October 2016|
|CSA STAR certification level||Level 1: CSA STAR Self-Assessment|
|What the CSA STAR doesn’t cover||
All above certifications covered by our partner UKCloud.
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||CSA STAR, ISO27001, ISO27017, ISO27018 and ISO20000|
|Information security policies and processes||UKCloud has a number of inter-connected governance frameworks in place which control both how the Company operates and the manner in which it delivers cloud services to its customers. These have been independently assessed and certified against ISO20000, ISO27001, ISO27017 and ISO27018 by LRQA, a UKAS accredited audit body. The Company is governed by an integrated suite of information security policies. Under the top level Information Security Policy itself are second-level documents with specific focus on Acceptable Use, Antivirus Protection, Asset Management, Business Continuity Management, Data Protection, Password Management, Personnel Management, Supply Chain Management and many others.|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||UKCloud has documented configuration and change management policies and processes, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 standard. Formal configuration management activities, including record management and asset reporting, are monitored and validated constantly, and any identified discrepancies promptly escalated for investigation. A robust, established process for the formal submission of change requests is mandated prior to review and approval of the daily Change Advisory Board, which is attended by a quorum of operational and technical management personnel.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||UKCloud has a documented vulnerability management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. Where technically possible, real-time updates and status reports are identified and sourced from credible vendor sources, which cover a significant proportion of UKCloud’s asset population. For other systems and software, assigned personnel have responsibility for regularly reviewing technical forums and specialist groups to promptly identify and evaluate any emerging patches or updates which require our attention.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Following best practice from the National Cyber Security Centre, UKCloud protects both its Assured and Elevated platforms with 24x7 enhanced protective monitoring services, vulnerability scanning and assessment. Our approach to protective monitoring at minimum meets the Protective Monitoring Controls (PMC 1-12) outlined in NCSC document GPG13 (Protective Monitoring for HMG ICT Systems). It includes checks against systems events (SIEM) and network traffic analysis, including time sources, cross-boundary traffic, suspicious activities at a boundary, network connections and status of backups. Any alerts generated are logged and investigated 24x7.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||UKCloud has a documented incident management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. This activity is responsible for the progression of alerts generated by automated monitoring systems, issues identified by UKCloud personnel, and incidents identified and reported to UKCloud by its customers and partners. All incidents are promptly reported into a central ticketing system, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Connected networks||New NHS Network (N3)|
|Price||£134000 per licence per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
Proof of Concept
Jointly identify the best specialty or clinic for the trial.
Provide all relevant project documentation.
Classification schema design, back and day forward scanning.
Limited HL7/ADT integration with the Trust PAS for the period of the project.
A benefits report with evidence based clinical, operational and financial benefits.
|Link to free trial||http://www.immjsystems.com/mediviewer-proof-of-concept/|
|Pricing document||View uploaded document|
|Terms and conditions document||View uploaded document|