Pathway through Pain
Pathway through Pain is the only clinically proven digital therapeutic that delivers all the elements of an intensive Pain Management Programme (PMP). This accessible web-based program is NHS commissioned and delivers significant and often life-changing results for individuals seeking to better self-manage chronic musculoskeletal pain.
Features
- Quick and easy enrolment
- Health outcome reports
- Engagement reports
- Qualitative feedback
- Professional support
- Proven & Lasting Benefits
- Flexible & Accessible
- Guided & Supported
Benefits
- Highly impactful
- Cost-effective
- Ongoing professional support
- Secure Management Portal
- Simple to setup & maintain
- Clinical-grade digital therapeutic
- Reach housebound patients
- Reduce treatment waiting lists
Pricing
£5,000 to £112,500 a licence a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
1 8 9 5 4 0 4 8 8 4 9 8 1 6 9
Contact
WELLMIND HEALTH LIMITED
Richard Latham
Telephone: +44 (0)1273 325136
Email: contact@wellmindhealth.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- To use this service the participant must have an internet connection and device (smartphone, tablet, laptop) to access the course.
- System requirements
- Internet Browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Within 2 business days
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- Tested by Pipedrive Ltd with additional internal testing by Wellmind Health development team
- Onsite support
- No
- Support levels
-
We have phone, email and webchat support, all of which are free of charge.
Each client has a dedicated account manager that can assist with any queries.
There is a onsite cloud support engineer. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
The set-up process is straightforward, requiring minimal input, with a 3 to 4-week standard implementation.
Week 1: Introductions to Client Service Manager for a set-up consultancy call
Week 2: Set up of Management Portal, walkthrough via video conference, and production of self-enrolment course page, if required.
Week 3: Supporting launch with tailored promotional resources - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Users can download their data when contract ends as a csv file from the Web Management Portal.
- End-of-contract process
-
Included in price of contract:
• Course licenses (Lifetime access for users enrolled)
• Annual License to enroll onto course
• Facilitator Support
• User Support
• Setup Fee
No additional costs
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- No differences between mobile and desktop service.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
-
The service interface can be found online. There are two service interfaces:
1) Course web interface where participants access the course and it's library of resources.
2) Web Management Portal interface where referrers can access participant engagement and health outcome data - Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
-
External assessment for WCAG 2.1 AA by ORCHA.
Independent User Feedback - API
- Yes
- What users can and can't do using the API
-
API enables:
- Service users to be enrolled on a course
- Health outcomes and engagement data to be retrieved
- Private API connection with IAPTus where participants can be enrolled through a consultation
- Secure access to custom set of API functionality. - API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Buyers can customize the following:
• Welcome email text
• Data permissions
• Logo on enrollment page
• Setup of management portal by centers
Users can go about customizing these parts of the service in their setup period. A dedicated client services manager will help buyer setup these customizable features.
Scaling
- Independence of resources
-
The course is online and made up of pre-recorded videos allowing us to take a large influx of users on the course, while still having spare server capacity. We have an large space capacity of participants we can take on in our service, due to the online and asynchronous nature of our course.
As we take on new clients we are able to plan demand accordingly on server capacity and customer service requirements.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
We provide Engagement reports:
• User course engagement usage
• Helpfulness ratings
• Enrollment metrics
• Star ratings
We measure the following metrics before and after the course:
• Anxiety (GAD7)
• Depression (PHQ9)
• Disability (ODI)
• Health (EQVAS) - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Users can export, delete and edit their data via the course interface.
Buyers can export data via the web management portal. - Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
Service levels are maintained to the highest standard for both course providers and participants. All helplines and response times are from 9am to 5pm (UK) standard business days.
--Course Providers--
Technical Support:
Responsive and continuous technical help
Helpline: 9 to 5 pm (UK) Response within 24 hours
Operational Support:
Initial onboarding, portal setup, advisory and
day-to-day service, Annual Review and Recommendations report
Helpline: 9 to 5 pm (UK), Response within 24 hours
Management Portal:
Participant enrolment, course engagement and outcome reporting
On-demand
Support for Clinicians and Facilitators:
Individual participant assistance, monthly emailed participant reports
Helpline: 9 to 5 pm (UK) Response within 12 hours
Complaints:
Escalated to Client Services management
Response within 24 hours
--Course Participants--
Technical Support:
Responsive and continuous technical help
Helpline: 9 to 5 pm (UK) Response within 24 hours
Course Support:
Day-to-day support for all course queries (Non-clinical)
Non-Clinical Helpline: 9 to 5 pm
Response within 24 hours
Clinical Support:
Advice is not offered or given to course participants. Clinical assistance needs are
referred to the enrolling clinician or facilitator
Action/Response within 12 hours
Course Resources and Tools:
Course login
On-demand and lifetime access
Complaints
Escalated to Client Services management
Response within 24 hours - Approach to resilience
- Available on request
- Outage reporting
- Email alerts, API and public dashboard.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Secure password policies with multifactor authentication.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- SecureTrust / Trustwave
- PCI DSS accreditation date
- 2021/09/01
- What the PCI DSS doesn’t cover
- SecureTrust / Trustwave covers all PCI DSS requirements.
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- Digital Technology Assessment Criteria (DTAC)
- Data Protection Impact Assessments (DPIA)
- NHS Data Security & Protection Toolkit
- AWS cloud security compliance
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
-
DTAC - Digital Technology Assessment Criteria
Cyber Essentials
NHS Toolkit
AWS Cloud Compliance - Information security policies and processes
- Internal policies and procedures ensure all staff are aware of restrictions and regulations pertaining to acceptable use of IT and secure control of sensitive data. This includes - but not limited to - remote access, password management, BYOD, removable media, encryption/key management, backups and general awareness of data breach & cyber-security threat. Regular training and review processes in place and overseen by CTO and CEO.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- JIRA software for collaboration, planning and tracking of product development. Updates released roughly monthly and may include performance improvements, bug fixes, security patches, new features, and other changes in response to changes in user needs. Updates with major functionality changes are released as beta versions which are then tested with members of our existing user base. Development approach closely follows OWASP methodology. All code and config is tracked by GIT and peer-reviewed. Server-side config management utilises AWS tools that track and audit all changes to infrastructure and component configuration.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Third-party vulnerability scanning and review of findings takes place monthly. Penetration testing is done annually or as required due to major config/code updates. These activities as well as our team's keen interest in secure software development enable us to be aware of potential threats and vulnerabilities. Patching schedule is within 30 days of release however highly dependant upon the area of concern.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Active monitoring with automated exception reporting is in place wherever possible. As well, AWS Cloudwatch Alarms are configured to alert administrators immediately of any metric anomalies or threshold violations. Log datasets are analysed at least each quarter to further detect anomalies using tools such as Splunk, Cloudwatch Logs Insights and Cloudwatch Metrics Explorer. Response times vary depending upon the severity of the potential compromise however most incidents are resolved within hours where possible.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Users report incidents through our customer support channels (phone, email or live chat). Response procedure to common events is adequately covered by internal process and guidance documentation. Complex events will involve JIRA service desk ticketing system which is integrated with our SDLC such that incident investigation right through to a potential patch release is all auditable and reported upon with use of the system's in-built toolset.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Equal opportunity
-
Equal opportunity
Wellmind Health pledges to provide equal opportunities in the work environment and makes sure no one is discriminated by their gender, age, race, religion, sexual orientation, or disability. - Wellbeing
-
Wellbeing
As an organisation that helps other organisations improve staff mental health, Wellmind Health is dedicated to also promoting good mental health internally. Wellmind Healths wellbeing programme includes free services provided to all staff.
Pricing
- Price
- £5,000 to £112,500 a licence a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- We provide a demo account to evaluate the course content.