FibriCheck

FibriCheck

FibriCheck is a device agnostic, hardware free, cloud based digital application that transforms smartphones/ smartwatches into a medical device, detecting and following-up on cardiac arrhythmias. Users simply download to create an account, perform measurements, getting real-time results and reports, which can be securely shared with their provider to inform decision-making.

Features

• Proven detection and monitoring of cardiac arrhythmias including Atrial Fibrillation
• Scalable: Device agnostic and hardware free– available on most smartphones
• PPG performance with demonstrated equivalence to single-lead ECG
• Flexible monitoring duration based on patients’ profile and medical needs
• On-demand, real-time reporting- results are available immediately after each measurement
• Expert review after algorithm interpretation ensures quality and confidence
• Physician dashboard provides overview analytics- remotely monitoring treatment effectiveness
• Diagnostic grade reporting for evidence informed decision-making during (tele)consultations
• Secure, 2-factor authentication access to patient data, international standards compliance
• CE-certified medical device– extensive clinical validation, DSPT, Cyber Essentials, DTAC

Benefits

• Proven and published cost savings across different care paths
• UK-cases post-cardioversion, pre-cardioversion, post ablation, symptom management, AF detection
• Efficient cross condition management (cardiac arrhythmia, hypertension, heart failure)
• Better outcomes, empowerment and engagement with at home self-monitoring
• User friendly- including tailored reminders, educational info and instructional videos
• Efficient triaging and resource optimisation- creating capacity for high-risk patients
• Combines heart rhythm data intelligence with symptom annotation and co-morbidities
• Patient and provider worklist and clinical summary reports. Integrations available
• Not just results -medical experts and user/staff support in compliment
• No complex deployment, storage, or capital investment. Includes updates/ upgrades

£7,500 a licence

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bieke.vangorp@fibricheck.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

694981758242877

Contact

Bieke Van Gorp
0497939784
bieke.vangorp@fibricheck.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Other software service providers can bolster their offering with FibriCheck’s PPG technology for heart rhythm monitoring. Enabling seamlessly implementation of FibriCheck’s regulated PPG technology for heart rate and heart rhythm monitoring with our SDK or enhance their patient care by integrating FibriCheck data via our API.
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our support team typically responds within 1 business day, and is available between the business hours of 9:00 A.M. to 5:00 P.M. (CEST).
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: In addition to user support, FibriCheck offers more than just the digital solution. Our team is comprised of medical experts, researchers, educators, project managers and campaign specialists, who bring a holistic approach to every project and awareness initiative we support. So, whether it’s onboarding and educating HCPs, collecting and analysing outcomes data (post project outcomes study), or creating dynamic content for patients and care providers as part of broader practice initiatives, we can support and engage with centres because we understand it takes more than just tools to transform, people need to be at the heart of the matter. Project related support and services vary by project and are quoted based on what is required by the adopting clinic/ centre. ; ; Example services as part of the set-up of the project, can include:; Stakeholder involvement (physicians, organisations, management),; Preparation of education & awareness material,; Set-up of marketing campaign,; Set-up of communication channels to engage users,; ; Technical implementations and integrations (where needed),; Set-up of data collecting system and implementation of specific, questions lists to collect additional information from users (where relevant),; ; Specific reporting outside of the standard reporting or patient question lists,; Outcome study.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: FibriCheck tailors its onboarding support to the needs of the buyer. This can be in the form of video call demonstrations, online tutorials (YouTube), recorded site specific instructional videos, and onsite training where appropriate / necessary. This is in addition to our user documentation (i.e. helpdesk articles, website FAQs etc.) and user support centre (via phone/ email); ; Instructions are also provided upon download of the application as well as included on the prescription handout/ patient leaflet when provided by a physician.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: During the contract period, NHS organisations have complete, on demand access to all their data in the FibriCheck system (or through internal systems where integrations have been made). As such, all FibriCheck data and patient end reports (in pdf format) can easily and at any time be extracted from the FibriCheck system, providing centres with a centralised and consolidated data overview.; ; As such, further data extracts are likely not required after the contract ends. Audit reports reflecting the duration of the contact or arrangements with respect to specific data extraction for medical liability retention purposes can be made with the HCP/care provider/care instance upon request and are subject to invoice. Without a specific request, data is stored in the FibriCheck system according to the data retention schedules prior to being permanently deleted.
• End-of-contract process: At the end of the contract with the HCP/care provider/care instance, Qompium along with the HCP will continue to support patients with unexpired access to FibriCheck. In this respect, we ensure that the patient's rights are honored and the best possible service and support is provided to those under HCP care.; ; Aside from adherence with the contract termination clauses, complex withdrawal activities are not required or foreseen. ; ; Within 14 days of any termination, both parties shall return all documents, information, computer disks and material (and all copies thereof) provided to or prepared by pursuant to the contract.; ; As a data processor, NHS organisation can simply request a complete data deletion. Upon request, NHS organisations are informed that in doing so future reporting will not be possible and that patient access to their data and the ability to log-in to their FibriCheck application will cease. As such, we request confirmation that the NHS organisation's will, going forward, assume all responsibilities and liabilities in this regard. Where deletion is not requested, data is stored securely according to data retention schedules. Allowing the NHS organisation time to transfer any data to their own systems, where appropriate.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is primarily the mobile application that is used by patients/ users to perform measurement recordings of their heart and log co-morbidities like blood pressure and weight. These measurement results, along with the ability to modify labels and review reports are accessible by credentialed providers via a secure web-based physician platform - accessible on desktop computers / laptops/ tablets (MFA avaible).
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: FibriCheck offers a JSON REST API over HTTPS to support integrations and interactions. All the functionality that FibriCheck offers is also available through the API. Partners can use our API to generate new user accounts, manage personal/profile data, activate/assign subscriptions, upload measurement data for analysis and retrieve measurement data/results/reports.; Based on the integration requirements, it is possible to define custom API endpoints that offer tailored functionality in different formats (e.g. HL7/FHIR).
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Fit for purpose, FibriCheck is a customisable software solution that is flexible to buyer requirements and implementations. ; Example customisations can range from specific set-ups (patient groups, worklist, alerting) over technical integrations and application add-ons, to communications towards patients like: ; Additional questionnaire and data sets,; Data reporting and summary analytics,; Notification messages and reminders.; ; Customisations are scoped and defined at the request of the buyer during contracting, wherein a quote will be provided and subject to agreement, expensed to the buyer.

Scaling

• Independence of resources: FibriCheck is a medical device developed according to IEC62304. FibriCheck has been extensively stress tested to enable large volume onboarding and measuring. During real-life stress testing the system was capable of onboarding 60.000 users within hours and processing hundreds of thousands of measurements per day. During internal technical stress testing, the load balancer, our services and systems are capable of processing more than 100 000 API calls per hour.

Analytics

• Service usage metrics: Yes
• Metrics types: Biometric data, symptoms, demographic data, medical history, utilisation data, activity data.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Summary and Measurement reports can be saved and sent via secure mail. We can, at the request of the user, compile an extract, which may be subject to invoicing, unless otherwise arranged during contracting.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Xls
  • PDF
• Data import formats: Other
• Other data import formats:
  • Uploading data files is not necessary for this service/permitted
  • Users may input their data (PROMs) in app

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Any service levels and corresponding uptime commitments to be provided by Qompium shall be dependent on the service levels and corresponding uptime commitments guaranteed by the (third party) hosting service provider, currently AWS. Qompium guarantees a minimum average System Availability of at least 99.50% of the time as calculated on a monthly basis and excluding any Scheduled Downtime.; ; Qompium shall use its best efforts to ensure the System Availability (subject to Scheduled Downtime, as set forth in articles 2.3 of the SLA) and remedy any Unscheduled Downtime in accordance with article 2.4 of the SLA.; ; Further details on this topic are cover by the service description and terms and conditions documents.
• Approach to resilience: We have a disaster plan in place, wherein snapshot backups are taken on an hourly, daily, weekly and monthly basis and can be restored in case of failure. The service is set-up in a redundant way with load balancers in front. Automatic restart of services are also in place, should services go offline. The service is monitored through AWS CloudWatch, alerting the required personnel in case of service disruption that could result in the service becoming unavailable. ; ; Information on how we have designed our service to be resilient and responsive in the event of failures, incidents or attacks is detailed in our Service Level Agreement (SLA). Further inquires pertaining to historical evidence of service availability may be offered upon request.
• Outage reporting: Qompium shall use its best efforts to ensure the System Availability (subject to Scheduled Downtime (articles 2.3 of the SLA) and remedy any Unscheduled Downtime (article 2.4 of the SLA). ; ; Scheduled Downtime; Qompium reserves the right to have the following Scheduled Downtime periods, which may change from time to time with the prior written consent of the Client (consent shall not be unreasonably withheld or delayed).; Period: Bi-weekly; Description: Maintenance; Cumulative Duration Cap: Maximum 4hrs; ; All maintenance work is done on an “as needed” basis, so the Scheduled Downtime periods in the SLA may or may not be used during each scheduled time-period but will in no event accumulate from one period to the next.; ; The figures quoted are the maximum Scheduled Downtimes permitted in any one period, however, with respect to bi-weekly maintenance, it is estimated that such Scheduled Downtime shall usually not exceed thirty (30) minutes. Downtime shall be ordinarily scheduled between 10:00 P.M. and 6:00 A.M. (CEST) on Saturday evenings.; ; Unscheduled Downtime; In the event of any known and verified Unscheduled Downtime, Qompium will notify the Client within one (1) Business Hour of verification thereof. Qompium will immediately notify the Client when the FibriCheck service is restored.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: We employ role-based access controls to ensure users are adequately separated within management interfaces in order to safeguard against (un)intended data modifications of users from whom consent has not been given. By constraining the permissions of individual users to those absolutely necessary (in accordance with the principle of least privilege), and coupled with 2-factor authentication, the potential for damage caused by malicious users, compromised credentials or compromised devices is limited. Regular penetration testing is also performed to assess the strength of separation within digital service management interfaces.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Brand Compliance
• ISO/IEC 27001 accreditation date: 12/02/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 05/11/2019
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: N/A; Covered by AWS
• PCI certification: Yes
• Who accredited the PCI DSS certification: Via Stripe - Level 1 service provider
• PCI DSS accreditation date: August 2019
• What the PCI DSS doesn’t cover: N/A.; ; In addition to Stripe, we have in app purchase functionality through Apple and Google as of 2021, both of whom PCI compliant
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • DSPT - Exceeds standards
  • DTAC externally assessed by Orcha 100% received on scorable elements
  • ISO/IEC 27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: We have a quality management system in place (certified ISO13485), have detailed risk procedures in place (according to ISO14971) are certified ISO27001. ; ; We use Mongo and AWS who are compliant with CCM 3.0 and have all relevant ISO standard certifications: ISO 13485:2016, ISO/IEC 27001:2017, and ISO/IEC 27701:2019, and are IEC62304 compliant. We do private key management so they cannot access our data.; ; We have Cyber Essentials and are DTAC ready. External assessment of our DTAC by Orcha resulted in passing all sections and received 100% on the scorable sections. Our DSPT rating is Standards Exceeded.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change and configuration management are covered in our organisation under ISO27001 (covering security requirements) and ISO13485 (covering medical device software requirements) certifications.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: A vulnerability management program is implemented to track and manage vulnerabilities, we have automated vulnerability checking tools in place. Found vulnerabilities are given a CVSS scoring and associated risks and mitigations are managed within our risk management system. This is subjected to yearly compliance audits in keeping with our ISO27001; certifications.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: An incident management program is implemented to monitor and track issues. As part of the management system, a PDCA cycle has been implemented to ensure continuous monitoring and improvement. Potential compromises can be identified through vulnerability or incident management, or as part of risk management processes. Clear arrangements with customers are in place to ensure timely response to incidents.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: An incident management program is implemented in the organisation to track and resolve and mitigate identified incidents. This is subjected to yearly compliance audits in keeping with our ISO27001 certifications.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We believe our impact can be greater than our collective influence on health outcomes. For this reason, we implemented responsible practices to tackle climate change and to improve the health of our planet. We commit to:; ● Act to positively impact global climate outcomes.; ● Use resources responsibly and support a circular economy. Our offices are furnished with environmentally friendly materials.; ● Utilise water responsibly.; ● Have a remote working policy in place to avoid unnecessary travels with financial compensation; ● Have an electrical fleet in place by the end of 2027.; ; Related to net zero:; ; FibriCheck implementations, whether face-to-face or via teleconsultation or not, can eliminate around 75% of face-to-face consultations and related diagnostics. This implies that approximately 3.6 metric tons of CO2 emissions are avoided annually per 1,000 patients using FibriCheck ((based on a limited roundtrip distance of 30 km to the hospital).; ; Furthermore, each Holter monitor requires 1 to 2 AA batteries for power (with older devices using 2 AA batteries and newer ones using 1). Assuming a 50-50 split between older and newer devices, approximately 500 AA batteries are consumed per 1,000 patients. According to Life Cycle Analysis, a single AA battery contributes 90g of CO2 emissions during recycling/remanufacturing. This adds around 45 kg of CO2 emissions to the equation per 1,000 patients

  Covid-19 recovery

  FibriCheck, as a remote monitoring tool for cardiac health in a broad sense, haven proven to play a significant role in supporting healthcare systems facing challenges due to the backlog of patients and increased waiting times, particularly in outpatient appointments. FibriCheck enables monitoring of cardiac health without the need for frequent in-person appointments and logistical hassle. ; ; For those without a smartphone (the minority of the population), additional capacity and resources will become available thanks to FibriCheck ensuring every patient receives the healthcare they deserve.; ; During the COVID-19 pandemic, over 8,000 patients from 40+ European and UK centres seamlessly adopted FibriCheck in their daily practice. Healthcare providers accessed patient data effortlessly through FibriCheck's infrastructure. Insights from this exciting project demonstrated a remarkable 71% reduction in ECG examinations, 72% decline in Holter ECGs/echocardiograms, 75% shorter consultation times, and 75% less travel time for patients. This streamlined approach not only enhanced patient safety and satisfaction but also showed no significant difference in emergency department presentations, affirming its safety.These insights underscore FibriCheck's seamless integration into existing workflows, saving time, resources, and alleviating workforce strain.

  Equal opportunity

  FibriCheck has been thoroughly evaluated in diverse populations and is currently being used actively in the UK, Europe, Middle-east, Asia, and Australia. To demonstrate that FibriCheck’s PPG technology meets the criteria, our technology has been tested in individuals across the entire Fitzpatrick scale, demonstrating consistent accuracy levels with no statistically significant differences between data acquisition in individuals with pale and dark skin tones. This testing was conducted to meet regulatory requirements set by the FDA. Furthermore, results have been demonstrated that by embracing a digital-first approach, face-to-face visits are reserved for patients requiring additional attention or those lacking digital access to mitigate health disparities, thus optimising clinical capacity for those who need it and avoiding waiting lists.

  Wellbeing

  We want to involve and empower the community and help bring people together to make a better place for everyone. We commit to:; ● Involve and empower people in decisions that affect them.; ● Be a good neighbour, recognising the potential of our business to bring people together and promote social interaction within communities.; ● Support voluntary, charitable and social enterprise groups.; ● Take action to support the physical and mental health of employees by providing a professional point of contact for mental health topics, organising team activities and ensuring persons have sufficient days off to ensure a proper work-life balance.

Pricing

• Price: £7,500 a licence
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A 3-day free trial of FibriCheck (for end users) is available upon downloading the app. During this trial, users have unlimited access to all FibriCheck features, including real-time heart rhythm analysis following every measurement recording. Upon free trial expiry, users receive a personal summary report to share with their HCP.
• Link to free trial: https://www.fibricheck.com/pricing/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bieke.vangorp@fibricheck.com. Tell them what format you need. It will help if you say what assistive technology you use.