EQL LIMITED

Phio Access

Phio Access allows patient self-referral into MSK pathways. Deployed at any stage of the pathway, this web-based chatbot technology supports early intervention by highlighting the extent of someone's injuries through structured clinical data. Phio can be mapped to any MSK framework and can also be used to tackle waiting-lists.

Features

• Human like interactions via conversational AI chatbot
• Engaging and interactive user interface
• Capable of stratifying against any local MSK framework/s
• Comprehensive clinical data collection including objective indicators
• Supports translation into 120 languages
• Direct capture mechanism allowing patient to be contacted via email/SMS
• Supports data collection through any web enabled device
• Developed in accordance with NHS and NICE approved clinical frameworks
• Accessible anytime 24 hours a day with >95% uptime SLA
• Structured decision-trees capable of collecting information on any MSK condition

Benefits

• Accelerated patient access to the most appropriate care pathway
• Clinical data available for immediate clinical review
• Remotely accessible requiring no face to face appointment
• Ability to collect other clinical data eg. medical history
• Supports self referral removing the need for a HCP consultation
• Rapid access to required clinical pathway
• Faster access to care leading to improved health outcomes
• Less patient repetition thanks to comprehensive clinical data capture
• Accessible any time via any web enabled device
• Exceptional user acceptance (93% completion-rate over c100,000 assessments)

£0.15 to £0.50 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@eql.ai. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

706997274289459

Contact

Jason Ward
07884008770
info@eql.ai

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Phio Engage
• Cloud deployment model: Private cloud
• Service constraints: Internet Access via a modern web browser (supported down to IE11), further constraints can be covered in SLAs at time of contracting.
• System requirements:
  • Internet connection
  • A modern internet browser (supported down to IE11)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 48 hours
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: EQL provides onboarding support for Phio Access for the initial phase. This integration team comprises clinical representatives (qualified Physiotherapists), operations support, customer success manager, engineering, governance (clinical and information), and where appropriate GP liaison support. They will discuss all integration routes and confirm which route is most appropriate. The integration team will be on hand throughout the onboarding process to provide staff training, governance set up, project management, operational & technical support.; ; EQL clinical representatives will work with all necessary clinical stakeholders to configure the decision tree. This includes pathway mapping and exit points, ensuring the unique instance of Phio Access reflects local frameworks and desired clinical outputs inclusive of patient communication (i.e. defining appropriate messaging for a given pathway outcome). EQL are also able to provide ongoing clinical support via our internal Clinical Services Team in order to oversee the whole triage function and, where appropriate, review outcomes to ensure appropriate pathway placement. ; Phio Access is provided as a fully managed service and requires relatively little ongoing support. However, our post-onboarding service includes personal account management support and ongoing KPI’s. We also provide online support to end users of the platform for any technical support that might be required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding Project Management is provided to our customers via our dedicated onboarding team to assist them with their set up of Phio Access (Triage). This includes a mixed approach of online training and demos along with training documentation. Once onboarding has taken place the project will move to a "business as usual" function whereby regular contacts will be established to maintain and monitor ongoing success of the project and report on service level agreements. Each contract benefits from a designated Customer Success Manager who will coordinate and mobilise the various EQL teams (e.g. clinical, operational, technical) where and when appropriate.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All outstanding data (not previously provided to them) is provided to the user via their integration route; either API or Admin Portal.
• End-of-contract process: Our service for the specific customer goes offline and no new patients are allowed access to the service. We ensure the customer has been provided all outstanding data. We keep all patient data for the customer for the timeframes assigned in our data retention policy.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There is no difference between the mobile and desktop Phio Access service. Phio Access has been developed to be completely responsive to the screen size therefore the platform is not affected by things such as device or screen size.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: API's & Admin Portal our clients use to interact with our services
• Accessibility standards: None or don’t know
• Description of accessibility: Phio Access is accessible via web URL
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: Users can use our suite of API endpoints to refer a patient to Phio Access and retrieve completed Phio Access data.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The back end decision trees used to power Phio Access are entirely customisable. This extends to both the types of questions that are asked and the associated outcomes used for signposting. It is also possible to include a variety of outcome measures should they be necessary. Customisation in this way allows for the creation of unique decision trees for certain types of patient cohort (e.g. those who are wishing to self-refer as well as those already on a waiting list), alignment with local frameworks and mapping to available local care pathways. This significantly increases the versatility of the platform as well as the type of data it can report on.

Scaling

• Independence of resources: We have load balances in place that help distribute the load on a single server.

Analytics

• Service usage metrics: Yes
• Metrics types: Monthly MI which includes key data metrics such as; Total Referral Count, Completion Rate, Outcome Breakdown, Age Demographic and Injured Area Data Analysis.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: We use a 3rd party service provider, Google Cloud Platform, and therefore benefit from all of their security polices and protocols.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: This is dependent on the users integration route. This could be either via API or our Admin Portal rendering each patients data into PDF format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • JSON
• Data import formats: Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Access control layers which limits/controls access to data within our network.

Availability and resilience

• Guaranteed availability: We work to maintain a high level of availability at 95%. Our approach is to minimise downtime to provide consistent access to our services.; ; In the rare event that we fail to meet these SLAs, we work with customers to resolve issues promptly. Our customer support team is available to support customers, ensuring quick communication and timely issue resolution.
• Approach to resilience: Our service is designed to run on Google Cloud Platform (GCP). GCP utilises the byzantine fault tolerant technique to replicate servers into zones. As these zones are isolated from each other it is highly unlikely that all zones fail from the same cause and at the same time.
• Outage reporting: We are notified of any outages via GCP's zone status API

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Other user authentication: Users can access the service via multiple routes these all have different authentication. When customers access the service via API they are authenticated by unique key authentication and data match requirements. When customers access the service via Admin Portal they are authenticated by Username & Password requirements. When a patient (end user) access the service they are authenticated via a JSON web token for Phio Triage.
• Access restrictions in management interfaces and support channels: Our management interface is restricted by layered access levels. This ensures members of staff are only provided access to the level of data required to successfully complete their job while at the same time restricting them from any access not required for their job. This allows us to protect the data.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: Internal management are provided access to the Admin Portal service via personal username and passwords that are subject to our password policy which involves passwords being changed every 90 days.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 23/02/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow our own internal information security policies and processes. These include Information Classification, Security Awareness & Training, Acceptable Usage, Access Controls, Password Policy, Physical Security, Protecting Data in Transit and at Rest, Disposal of Data, Data Protection by Design etc. We hold various security accreditations including Cyber Essentials, Cyber Essentials Plus, BulletProof and ISO27001.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change management is handled without our QMS system. All requirements are kept up to date and are fully traceable throughout the lifecycle of the change and archived for future reference if required. All requirements are to be reviewed and signed off by both our Data Security Officer and our Clinical Safety Officer in line with DCB 0129
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our regular pen-tests and overall security assessments help us identify our vulnerabilities and other risks. Our agile and highly competent team are able to patch a security flaw within the time limit specified in our SLAs.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All our exposed services (available on the internet) utilise GOOGLE FRONT END as reverse proxy. This layer also provides real time threat detection. When a potential risk is identified we have settings in place to temporary disable the service involved or, as in the case of a DoS attack, our system intelligently throttles inbound requests.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents are handled in accordance with our internal Security Incident Process and Data Breach Policy. Business Continuity plans are in place in case of severe incidents which could threaten the continuity of the organisation. Incidents can be reported via a business email account and all incidents are logged and tracked.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  EQL's Phio technology promotes remote triage and self-management where appropriate. A combination of virtual and face to face care facilitated by Phio will reduce unnecessary journeys to the hospital.

  Covid-19 recovery

  MSK waiting lists have been significantly impacted by Covid-19, with some patients waiting over a year for an appointment. The NHS will restore services by reducing unnecessary face to face care for appropriate patients. ; ; A combination of virtual and face to face care facilitated by Phio will reduce pressure on MSK services whilst also providing quicker treatment for patients. Phio can be used specifically to tackle MSK waiting lists, and can also support patients waiting for Orthopaedic surgery.

  Tackling economic inequality

  Phio is made available to all patients, regardless of economic background. Tackling inequality in healthcare is a core ambition for the EQL team, and Phio helps NHS services collect richer data from their patient population to improve services for poorer communities. By taking the pressure off MSK services and saving clinical time, NHS Trusts can reallocate resources to meet the needs of patients that need it the most.

  Equal opportunity

  Phio Access is made available to all patients, providing equal opportunity for the population. Phio Access can also be made available in multiple languages, reducing barriers to engagement for all communities

  Wellbeing

  EQL's Phio technology provides quicker and easier access to MSK services, which reduces anxiety for many patients who need faster access to care. Phio will allow patients to recover more quickly, empowering them to get back to normal activities and hobbies which are crucial for positive wellbeing.; ; Phio will also improve wellbeing for NHS staff. Burnout and fatigue increased during the pandemic, with services under increasing pressure and waiting lists growing each week. Encouraging remote care where appropriate, Phio will reduce pressures on NHS services and improve working conditions for staff.

Pricing

• Price: £0.15 to £0.50 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@eql.ai. Tell them what format you need. It will help if you say what assistive technology you use.