MyClinic.com Ltd

MyClinic Rooms

The MyClinic Rooms solution provides a way for healthcare professionals to remotely consult with their patients. Comprising of Clinics created by the healthcare professional, patients can join a clinic waiting room online, and be seen remotely by the healthcare professional, using a web-based video consultation and other online tools.

Features

• Remote video consultation with patients
• File Sharing
• email/SMS invitations
• Doctor-Doctor messaging
• Patient Questionnaires
• Fully web-based interface

Benefits

• Reduce travel time & infection risk for patients
• Greater information availability to patients
• Reduce DNA Rate - better utilisation of resources
• Quickly consult a colleague during a consultation
• Pre/Post appointment information streamlining consultations
• Available anywhere, no software client to install

£399.00 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

993036254587245

Contact

Dr Abdullah Albeyatti
07595759612
abdullah@medicalchain.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Monthly planned maintenance schedule up to once per month, service may be unavailable for up to 6 hours outside of normal working hours 9am-5pm Monday to Friday, excluding public holidays (UK)
• System requirements:
  • Internet Browser (Microsoft Edge Firefox Chrome Safari 9+ Opera)
  • Internet connectivity
  • Webcam or camera to enable video consultations
  • Microphone or phone

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within working day (Monday-Friday 9am to 5pm) ; Weekend questions will be responded to on the following Monday
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via embedded chat function on the MyClinic system
• Web chat accessibility testing: None
• Onsite support: No
• Support levels: Support for MyClinic.com is provided by our online interface and training guides. Users may raise service and support requests via our Service Desk, and these will be triaged by our Service Teams.; We endeavour to respond to service and support tickets raised within 24 hours, and responses will be made via the online interface/service desk system within the MyClinic.com product itself.; Technical Account managers are not provided as standard, however for an additional fee, Technical Account Managers, Project Managers, Programme Managers and other supporting teams may be provided on a day-rate basis, as defined in our SFIA rate card, subject to availability.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Upon contract execution, our deployment team will create a Management level user for the customer. This user's details will be securely relayed to the Management User.; This defines "Service Live". This management user has the capability to customise and administer the Enterprise instance of MyClinic.com for the Organisation. ; User documentation and online training guides are available online upon Service Live; On-Site training can be requested, and would be delivered in a seminar style to multiple delegates simultaneously. These training days can be purchased at an additional cost, defined in our SFIA rate card.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: On request, a user organisation can request a one-off end-of-contract full database backup of all data held on Medicalchain servers regarding their application. This must occur upon full termination of services provided, and will be provided t o the customer up to 6 months following full termination of service, dependent upon the complexity of data extract, and volumes of data involved. The mechanism of transfer may be one of the following; S3 data transfer (push to customer managed S3, or dedicated "download" S3 bucket made available to customer); SFTP data transfer (push to customer managed sftp)
• End-of-contract process: Upon contract termination, the Organisation's instance of MyClinic.com will be deactivated by the MyClinic.com deployment team within one month of contract termination. All Management Users will have access revoked within 1 week of contract termination.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None - accessible via mobile web browsers
• Service interface: Yes
• Description of service interface: A service portal embedded within the application itself, whereby a customer can raise incidents to our service management team directly; (Jira Service Desk)
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: In house testing to ensure meeting of WCAG 2.1 success criteria
• API: No
• Customisation available: No

Scaling

• Independence of resources: Our web applications are built on AWS autoscaling EC2 instances to ensure scalable approach to meeting customer demand

Analytics

• Service usage metrics: Yes
• Metrics types: User activity reports; concurrent user reports; Activity reports (system utilisation)
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: All user generated data is accessible via the application, and can be downloaded/exported from within.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: Direct to application via in-built forms

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: MyClinic.com (The Supplier) shall provide at least 95.5% or uptime service availability level during Support Hours. This availability refers to client software being able to connect to the software from the Supplier’s Hosted Servers. It does not include the external Internet network as the Customer is responsible for its own Internet access. ; Service availability shall be represented as a percentage, calculated as follows: ; Number of hours in the month - (Severity 1 failure time in Support Hours x 100)/Number of hours in the month; ; Availability measurement begins on the first day of each calendar month.; Availability does not include Force Majeure or Maintenance Events.; Further details can be found in our SLA document
• Approach to resilience: Available on Request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: All Enterprise management users must be created by the MyClinic.com deployment team. These users have unique access levels to the service. No other "publicly available" user type can access management/admin functions
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: In line with ISO27001, which we are in process of achieving certification (delayed due to COVID)
• Information security policies and processes: We follow NHS IG policies. Our IG team perform regular IG Training with our staff, and report to our IG Officer. All staff have completed the NHS IG Toolkit, and we have a robust SIRI reporting process in place.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: ITIL aligned CSI and change management processes. ; Pre-release and Post-integration unit tests, and regression testing on a per-release basis
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Monthly Vulnerability assessment carried out by CTO and Senior development team and CVSS (Common Vulnerability Scoring System) used to triage security vulnerabilities.; Patches can be released in-live on an ad-hoc basis, though regularly conform to our 2 weekly release cycle.; Information is gathered using assorted vulnerability assessment tools.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use a wide array of logging and monitoring tools to identify potential compromises. Once detected, we will treat these as highest severity incidents which are managed via our incident management processes. For high severity incidents, resolution is expected within 24 hours, although we endeavour to resolve much quicker.
• Incident management type: Supplier-defined controls
• Incident management approach: ITIL aligned service management and incident resolution processes; Users report events via our Service desk; Incident reports available to customers on request and at regular contract reviews (annually)

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £399.00 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Per user free plan (base version free to use in perpetuity). ; ; Features included; ; Number of Clinics 1; Max Duration 20 mins; Unlimited Video Calls ; Doctor to patient messaging; Screen sharing; File and Photo sharing; Email Invitations; Scheduling; 2FA Security; Full list of included features is available in Pricing document
• Link to free trial: https://myclinic.com/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF