Skip to main content

Digital

IM1 prerequisites form

To establish clinical safety prerequisites are in place and confirmation that you can commit to information governance prerequisites in order to progress the onboarding process. 

Before you start

In order for us to progress the onboarding process, you need to:

  • confirm that clinical safety prerequisites are in place - these must be in place at the time of initial Supplier Conformance Assessment List (SCAL) submission and reflected in the SCAL
  • confirm your commitment to ensuring information governance prerequisites will be in place

If you are currently unable to confirm that clinical safety prerequisites are already in place and/or unable to commit to the information governance prerequisites, you will be unable to complete and submit the form.

 

If you have any questions around this webform please contact [email protected]

Completion of all fields in the form is required. An asterisk (*) indicates a mandatory field. 

IM1 prerequisites

Section 1: Your details
Full name
Name of the IM1 product you are wanting to onboard with
Section 2: Clinical safety prerequisites
Confirm the following prerequisites are already in place:

A qualified Clinical Safety Officer is in place *
A detailed use case description that covers the entirety of the product *
A written clinical safety process and a commitment to uplift this as required with the development of the IM1 product *
Ability to populate a detailed hazard log template and a commitment to uplift this as required with the development of the IM1 product *
Confirm that if the product contains software as a medical device you understand that this would be subject to additional scrutiny *
Section 3: Information governance prerequisites
Confirm you are committed to the following:

Starting the process of obtaining a Data Security and Protection Toolkit (DSPT) annual assessment, to be in place by time of go live *
Completing a Data Protection Impact Assessment including Transparency/Privacy Notice for the consuming supplier and for associated applications and services as required for relevant use cases *
Utilising an Information Security Management System (ISO 27001 recommended) *
Completing a penetration test (pen test) which must be completed by a 3rd party CHECK / CREST accredited organisation, prior to go live and annually thereafter. The CHECK / CREST accredited organisation must be accredited to conduct penetration testing *
A UK location for processing patient data *
Section 4: Provider suppliers
Confirm which provider supplier(s) you would like to integrate with (you may select more than one):

EMIS (EMIS Web)
TPP (SystmOne)