MyClinic provides a way for healthcare professionals to remotely consult with their patients. Comprising of Clinics created by the healthcare professional, patients can join a clinic waiting room online, and be seen remotely by the healthcare professional, using a web-based video consultation and other online tools.


  • Remote video consultation with patients
  • File Sharing
  • email/SMS invitations
  • Doctor-Doctor messaging
  • Patient Questionnaires
  • Fully web-based interface


  • Reduce travel time & infection risk for patients
  • Greater information availability to patients
  • Reduce DNA Rate - better utilisation of resources
  • Quickly consult a colleague during a consultation
  • Pre/Post appointment information streamlining consultations
  • Available anywhere, no software client to install


£399.00 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

9 9 3 0 3 6 2 5 4 5 8 7 2 4 5

Contact Ltd Dr Abdullah Albeyatti
Telephone: 07595759612

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Monthly planned maintenance schedule up to once per month, service may be unavailable for up to 6 hours outside of normal working hours 9am-5pm Monday to Friday, excluding public holidays (UK)
System requirements
  • Internet Browser (Microsoft Edge Firefox Chrome Safari 9+ Opera)
  • Internet connectivity
  • Webcam or camera to enable video consultations
  • Microphone or phone

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within working day (Monday-Friday 9am to 5pm)
Weekend questions will be responded to on the following Monday
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Via embedded chat function on the MyClinic system
Web chat accessibility testing
Onsite support
Support levels
Support for is provided by our online interface and training guides. Users may raise service and support requests via our Service Desk, and these will be triaged by our Service Teams.
We endeavour to respond to service and support tickets raised within 24 hours, and responses will be made via the online interface/service desk system within the product itself.
Technical Account managers are not provided as standard, however for an additional fee, Technical Account Managers, Project Managers, Programme Managers and other supporting teams may be provided on a day-rate basis, as defined in our SFIA rate card, subject to availability.
Support available to third parties

Onboarding and offboarding

Getting started
Upon contract execution, our deployment team will create a Management level user for the customer. This user's details will be securely relayed to the Management User.
This defines "Service Live". This management user has the capability to customise and administer the Enterprise instance of for the Organisation.
User documentation and online training guides are available online upon Service Live
On-Site training can be requested, and would be delivered in a seminar style to multiple delegates simultaneously. These training days can be purchased at an additional cost, defined in our SFIA rate card.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
On request, a user organisation can request a one-off end-of-contract full database backup of all data held on Medicalchain servers regarding their application. This must occur upon full termination of services provided, and will be provided t o the customer up to 6 months following full termination of service, dependent upon the complexity of data extract, and volumes of data involved. The mechanism of transfer may be one of the following
S3 data transfer (push to customer managed S3, or dedicated "download" S3 bucket made available to customer)
SFTP data transfer (push to customer managed sftp)
End-of-contract process
Upon contract termination, the Organisation's instance of will be deactivated by the deployment team within one month of contract termination. All Management Users will have access revoked within 1 week of contract termination.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
None - accessible via mobile web browsers
Service interface
Description of service interface
A service portal embedded within the application itself, whereby a customer can raise incidents to our service management team directly
(Jira Service Desk)
Accessibility standards
WCAG 2.1 A
Accessibility testing
In house testing to ensure meeting of WCAG 2.1 success criteria
Customisation available


Independence of resources
Our web applications are built on AWS autoscaling EC2 instances to ensure scalable approach to meeting customer demand


Service usage metrics
Metrics types
User activity reports
concurrent user reports
Activity reports (system utilisation)
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All user generated data is accessible via the application, and can be downloaded/exported from within.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
Other data import formats
Direct to application via in-built forms

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability (The Supplier) shall provide at least 95.5% or uptime service availability level during Support Hours. This availability refers to client software being able to connect to the software from the Supplier’s Hosted Servers. It does not include the external Internet network as the Customer is responsible for its own Internet access.
Service availability shall be represented as a percentage, calculated as follows:
Number of hours in the month - (Severity 1 failure time in Support Hours x 100)/Number of hours in the month

Availability measurement begins on the first day of each calendar month.
Availability does not include Force Majeure or Maintenance Events.
Further details can be found in our SLA document
Approach to resilience
Available on Request
Outage reporting
Email alerts

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
All Enterprise management users must be created by the deployment team. These users have unique access levels to the service. No other "publicly available" user type can access management/admin functions
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
In line with ISO27001, which we are in process of achieving certification (delayed due to COVID)
Information security policies and processes
We follow NHS IG policies. Our IG team perform regular IG Training with our staff, and report to our IG Officer. All staff have completed the NHS IG Toolkit, and we have a robust SIRI reporting process in place.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
ITIL aligned CSI and change management processes.
Pre-release and Post-integration unit tests, and regression testing on a per-release basis
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Monthly Vulnerability assessment carried out by CTO and Senior development team and CVSS (Common Vulnerability Scoring System) used to triage security vulnerabilities.
Patches can be released in-live on an ad-hoc basis, though regularly conform to our 2 weekly release cycle.
Information is gathered using assorted vulnerability assessment tools.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use a wide array of logging and monitoring tools to identify potential compromises. Once detected, we will treat these as highest severity incidents which are managed via our incident management processes. For high severity incidents, resolution is expected within 24 hours, although we endeavour to resolve much quicker.
Incident management type
Supplier-defined controls
Incident management approach
ITIL aligned service management and incident resolution processes
Users report events via our Service desk
Incident reports available to customers on request and at regular contract reviews (annually)

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£399.00 a licence a year
Discount for educational organisations
Free trial available
Description of free trial
Per user free plan (base version free to use in perpetuity).

Features included

Number of Clinics 1
Max Duration 20 mins
Unlimited Video Calls
Doctor to patient messaging
Screen sharing
File and Photo sharing
Email Invitations
2FA Security
Full list of included features is available in Pricing document
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.