EQL LIMITED

Phio Collect

Phio Collect provides a seamless way to collect bespoke outcome and experience measure (PROMS/PREMS) data across pathways. Using an intuitive chatbot interface, it can be deployed at any stage of the patients healthcare journey, enabling valuable longitudinal insights. Data from different pathways can be compared to support pathway transformation

Features

• Human like interactions via conversational AI chatbot
• Engaging and interactive user interface
• Can incorporate any outcome measure question set
• Can be deployed at any stage of the patient pathway
• Supports translation into 120 languages
• Direct capture mechanism allowing patient to be contacted via email/SMS
• Supports data collection through any web enabled device
• Developed in accordance with NHS and NICE approved clinical frameworks
• Accessible anytime 24 hours a day with >95% uptime SLA
• Can be deployed on any pathway, including face-to-face and digital

Benefits

• Seamless outcome measure collection for any pathway
• Data available for immediate clinical review
• Remotely accessible requiring no face to face appointment
• Ability to collect other clinical data eg. medical history
• Ability to capture patient experience data
• Ability to capture healthcare utilisation data
• Ability to compare outcome data for multiple pathways
• Less patient repetition thanks to comprehensive clinical data capture
• Accessible any time via any web enabled device
• Exceptional user acceptance

£0 to £50,000 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@eql.ai. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

604384264140736

Contact

Jason Ward
07884008770
info@eql.ai

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Internet Access via a modern web browser (supported down to IE11), further constraints can be covered in SLAs at time of contracting.
• System requirements:
  • Internet connection
  • A modern internet browser (supported down to IE11)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 48 hours
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: EQL provides onboarding support for Phio Collect for the initial phase. This integration team comprises clinical representatives (qualified Physiotherapists), operations support, customer success manager, engineering, governance (clinical and information), and where appropriate GP liaison support. They will discuss all integration routes and confirm which route is most appropriate. The integration team will be on hand throughout the onboarding process to provide staff training, governance set up, project management, operational & technical support. EQL clinical representatives will work with all necessary clinical stakeholders to configure the decision tree. This includes pathway mapping and exit points, ensuring the unique instance of Phio Collect reflects local frameworks and desired clinical outputs inclusive of patient communication (i.e. defining appropriate messaging for a given outcome). EQL are also able to provide ongoing clinical support via our internal Clinical Services Team. Phio Collect requires relatively little ongoing support. However, our post-onboarding service includes personal account management support and ongoing KPI’s. We also provide online support to end users of the platform for any technical support that might be required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding Project Management is provided to our customers via our dedicated onboarding team to assist them with their set up of Phio Collect. This includes a mixed approach of online training and demos along with training documentation. Once onboarding has taken place the project will move to a "business as usual" function whereby regular contacts will be established to maintain and monitor ongoing success of the project and report on service level agreements. Each contract benefits from a designated Customer Success Manager who will coordinate and mobilise the various EQL teams (e.g. clinical, operational, technical) where and when appropriate.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All outstanding data (not previously provided to them) is provided to the user via their integration route; either API or Admin Portal.
• End-of-contract process: Our service for the specific customer goes offline and no new patients are allowed access to the service. We ensure the customer has been provided all outstanding data. We keep all patient data for the customer for the timeframes assigned in our data retention policy.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There is no difference between the mobile and desktop Phio Collect service. Phio Collect has been developed to be completely responsive to the screen size therefore the platform is not affected by things such as device or screen size.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: API's & Admin Portal our clients use to interact with our services
• Accessibility standards: None or don’t know
• Description of accessibility: Phio Collect is accessible via web URL
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: Users can use our suite of API endpoints to refer a patient to Phio Collect and retrieve completed Phio Collect data.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The back-end decision trees used to power Phio Collect are entirely customisable. This extends to both the types of questions that are asked as well as including a variety of outcome measures. Customisation in this way allows for the creation of unique decision trees for different pathways (e.g. those who receive care in primary care, ED or a variety of MSK services), as well as those that are at different stages of their treatment. This significantly increases the versatility of the platform as well as the type of data it can report on.

Scaling

• Independence of resources: We have load balances in place that help distribute the load on a single server.

Analytics

• Service usage metrics: Yes
• Metrics types: Monthly MI which includes key data metrics such as; Total Referral Count, Completion Rate, Outcome Breakdown, Age Demographic and Injured Area Data Analysis.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: We use a 3rd party service provider, Google Cloud Platform, and therefore benefit from all of their security polices and protocols.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: This is dependent on the users integration route. This could be either via API or our Admin Portal rendering each patients data into PDF format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • JSON
• Data import formats: Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Access control layers which limits/controls access to data within our network.

Availability and resilience

• Guaranteed availability: We work to maintain a high level of availability at 95%. Our approach is to minimise downtime to provide consistent access to our services.; ; In the rare event that our services become unavailable, we work with customers to resolve issues promptly. Our customer support team is available to support customers, ensuring quick communication and timely issue resolution.
• Approach to resilience: Our service is designed to run on Google Cloud Platform (GCP). GCP utilises the byzantine fault tolerant technique to replicate servers into zones. As these zones are isolated from each other it is highly unlikely that all zones fail from the same cause and at the same time.
• Outage reporting: We are notified of any outages via GCP's zone status API

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Other user authentication: Users can access the service via multiple routes these all have different authentication. When customers access the service via API they are authenticated by unique key authentication and data match requirements. When customers access the service via Admin Portal they are authenticated by Username & Password requirements. When a patient (end user) access the service they are authenticated via a JSON web token for Phio Triage.
• Access restrictions in management interfaces and support channels: Our management interface is restricted by layered access levels. This ensures members of staff are only provided access to the level of data required to successfully complete their job while at the same time restricting them from any access not required for their job. This allows us to protect the data.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: Internal management are provided access to the Admin Portal service via personal username and passwords that are subject to our password policy which involves passwords being changed every 90 days.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 23/02/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow our own internal information security policies and processes. These include Information Classification, Security Awareness & Training, Acceptable Usage, Access Controls, Password Policy, Physical Security, Protecting Data in Transit and at Rest, Disposal of Data, Data Protection by Design etc. We hold various security accreditations including Cyber Essentials, Cyber Essentials Plus, and ISO27001.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change management is handled without our QMS system. All requirements are kept up to date and are fully traceable throughout the lifecycle of the change and archived for future reference if required. All requirements are to be reviewed and signed off by both our Data Security Officer and our Clinical Safety Officer in line with DCB 0129
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our regular pen-tests and overall security assessments help us identify our vulnerabilities and other risks. Our agile and highly competent team are able to patch a security flaw within the time limit specified in our SLAs.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All our exposed services (available on the internet) utilise GOOGLE FRONT END as reverse proxy. This layer also provides real time threat detection. When a potential risk is identified we have settings in place to temporary disable the service involved or, as in the case of a DoS attack, our system intelligently throttles inbound requests.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents are handled in accordance with our internal Security Incident Process and Data Breach Policy. Business Continuity plans are in place in case of severe incidents which could threaten the continuity of the organisation. Incidents can be reported via a business email account and all incidents are logged and tracked.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  EQL's Phio technology promotes remote, digital data capture which minimises paper based approaches to collecting information and reduces visits to the hospital.

  Covid-19 recovery

  MSK waiting lists have been significantly impacted by Covid-19, with some patients waiting over a year for an appointment. The NHS will restore services by reducing unnecessary face to face care for appropriate patients. ; ; Phio Collect helps understand how patients are responding to each service, helping identify key areas for improvement for COVID recovery.

  Tackling economic inequality

  Phio is made available to all patients, regardless of economic background. Tackling inequality in healthcare is a core ambition for the EQL team, and Phio helps NHS services collect richer data from their patient population to improve services for poorer communities. By taking the pressure off MSK services and saving clinical time, NHS Trusts can reallocate resources to meet the needs of patients that need it the most.

  Equal opportunity

  Phio Collect is made available to all patients, providing equal opportunity for the population. Phio Collect can also be made available in multiple languages, reducing barriers to engagement for all communities

Pricing

• Price: £0 to £50,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@eql.ai. Tell them what format you need. It will help if you say what assistive technology you use.