ROCZEN LTD

Roczen

Roczen is a digitally-delivered clinical service focusing on specialist weight management programmes for treating obesity, Type 2 Diabetes and related conditions. Roczen is available for NHS patients (Tier 3), and as a workplace health programme for staff. Roczen is regulated by the CQC, recommended by NICE, and compliant with DTAC.

Features

• Specialist weight management services delivered by multidisciplinary clinical team
• Digital-first delivery via secure purpose-built Roczen App
• Face-to-face (synchronous) video consultations with clinicians
• 24/7 Asynchronous messaging with clinical team for rapid support
• Online peer and champion support community with messaging, video meets
• Educational resources, recipes (>300), and personalised content (nutrition, exercise, motivation)
• At-home HbA1c blood tests to assess type 2 diabetes risk
• In-app recording of key patient metrics.
• Comprehensive outcomes tracking (e.g. weight loss, mental health) and reporting
• Prescribing of weight loss medications (e.g Wegovy, Mounjaro, etc)

Benefits

• Affordable, accessible solution to a major healthcare challenge
• Delivers outcomes aligned to national and local health priorities
• Promotes diversity: obesity disproportionately affects black,asian demographics, and women.
• Tackles health inequalities through accessible digital delivery
• Improves physical and mental health, and comprehensively tracks outcomes
• Improves workplace productivity, addressing a major cause of absence
• Reduces workload on NHS primary care, handling prescriptions, complications etc
• Alleviates weight stigma anxiety sometimes experienced with in-person services
• Equips patients with evidenced-based techniques to manage their metabolic health
• Promotes prevention of type-2-diabetes and associated co-morbidities

£35 a user a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@resethealth.clinic. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

884624612428608

Contact

Laura Newson
07813299053
opportunities@resethealth.clinic

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: There are no service constraints other than patients must have a mobile device to use our service and the Roczen mobile app supports iOS version 12+ and Android version 8+
• System requirements:
  • IOS version 12 or later
  • Android version 8 or later

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: For general and contracting queries: ; Mon-Fri 0830 to 1730 - within 2-5 hours; Weekends and bank holidays - users get an out-of-office response stating that their query will be answered during weekday working hours.; ; Participating patients have access to clinicians via asynchronous messaging through the Roczen app out of hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat is accessible 24/7 by users, via our website. Before a chat commences, users will be first directed to self-serve articles available through our Help Centre. These articles provide comprehensive information to users on both common technical and/or support queries. ; ; During normal working hours, users requesting help via the chat can type their message into the chat box and they will receive notification of the average response time. Users will be provided with online support within this timeframe.; ; Outside normal working hours, users will see a message asking them to leave a message, which will be responded to in-hours.; ; Users can provide their email address should they need to leave a chat and one of our support team will contact them.
• Web chat accessibility testing: We have not yet conducted testing with users of assistive technology
• Onsite support: No
• Support levels: Roczen provides individual users with dedicated clinical care to manager their metabolic health via our digital platform. Individual users access the service via a mobile app. ; ; No additional infrastructure setup is required from the procuring organisation.; ; We provide direct customer support to users, which covers technical and non-technical support. All inbound queries are triaged by the customer support team, who will escalate queries to other members of the team, including clinical, technology, sales & marketing, and finance.; ; Support is free, and is available for technical and general enquiries from users. Support will be provided in several ways:; 1. Web chat via the Roczen website; 2. Email or phone, serviced by our customer support team; 3. Online help and resources (available via our online Help Centre); ; There is a dedicated account manager for each procuring organisation, who holds monthly feedback sessions with the procuring organisation.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Users of Roczen are guided through the platform when they first register/sign-in. The platform has been designed to be intuitive, mitigating the need for in depth training to be delivered.; ; A user manual is available via our Roczen website (https://assets-global.website-files.com/61fae8dfbffd22856ca31b8c/64db376803a7bd71a7c5b9fb_Roczen%20User%20Manual.pdf) and this provides comprehensive information and guidance on using the platform.; ; In addition to the above, we run briefing sessions to HR / Wellbeing teams of the procuring organisation. Sessions cover eligibility for the Roczen health programme, how to discuss metabolic health with colleagues, and ways to access the programme.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Individual users can request for a complete export of data they provided and stored on the Roczen platform. This can be provided in a HTML file. Note that this can be extracted at any time, not just after the contract ends.
• End-of-contract process: As per our Health Record Retention Policy, all health data will be retained for a period of 8 years. Users can continue to access resources provided to them as part of the contract but will not have access to clinical and peer group support via the mobile app.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our service is only available to patients with a mobile device. Nevertheless, patients are able to access customer support via our web browser chat functionality available on our website or by email.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Roczen's service interface allows user to:; ; 1. Have remote access via mobile app 24/7; 2. Track health outcomes metrics; 3. Send/receive text message with clinicians and mentors; 4. Participate in video consultations with clinicians; 5. Access educational resources (articles/videos)
• Accessibility standards: None or don’t know
• Description of accessibility: 1. Enter and view own data; 2. Message clinicians; 3. Message a peer group (moderated by a trained mentor); 3. Join a video consultation with a clinician; 4. View educational resources
• Accessibility testing: We have not yet conducted testing with users of assistive technology
• API: Yes
• What users can and can't do using the API: Users will not directly use the Roczen APIs, they are designed and maintained for use by our applications
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: The infrastructure team routinely monitor the load on our servers and conduct load testing to ensure available capacity

Analytics

• Service usage metrics: Yes
• Metrics types: We publish our service metrics, such as uptime/service availability through a dedicated page on the Roczen website. This is updated on a monthly basis.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Individual end users can submit a request for their data to be exported. ; ; Patients health data is confidential, we do not export individual health data to procuring organisations.
• Data export formats: Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: Not applicable

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We have Service Level Agreements in place with third parties to guarantee 99.9% uptime and availability of the Platform
• Approach to resilience: 1. No single point of failure by design; 2. Multiple nodes/replicas for database, application, storage and similar services; 3. Processing split over more than one data centre; 4. Multiple entry points from Internet; 5. Multiple independent power supplies
• Outage reporting: Uptime availability is reported through a public dashboard that is updated monthly: https://www.roczen.com/en-gb/service-status; ; In the event the service is unavailable a notification is pushed to a patients mobile application informing them there is an outage. The notification is delivered through an API.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: 1. Phone number; 2. Password; 3. SMS code sent to phone; 4. Email code sent (first time only)
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Self-certified via Self-Assessment Questionnaire (SAQ) A
• PCI DSS accreditation date: 20/03/2024
• What the PCI DSS doesn’t cover: The SAQ A is not applicable to face-to-face channels or to payment service providers. Roczen is a Merchant using card-not-present, outsourcing handling of account data to two PCI DSS compliant third-party payment processors. We do not electronically store or transmit account data.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • NHS Data Security & Protection Toolkit
  • Digital Technology Assessment Criteria (DTAC) approval by NHS England

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: The Information Security (Info Sec) Committee is responsible for good information security and data protection governance across the organisation. The committee consists of team leaders from the technology, operations, and clinical teams, with oversight from the Data Protection Officer. The committee meets monthly to review incidents, risks, and audits relating to data protection and security. ; ; In addition, we have commissioned an external dedicated data protection team that chairs a quarterly data protection risks meeting with the Info Sec Committee to prioritise action plans in responses to new risks or changes to the business operations.
• Information security policies and processes: The Information Security Committee, led by the DPO and CTO, is responsible for establishing information security policies and processes. The Committee meets monthly to review Information Governance (IG) related risks and implement action plans to mitigate any potential security risks and weaknesses. It is supported by a dedicated data protection team, who performs annual audits to ensure policies are followed and responsive to operational changes.; ; An annual penetration test is performed by a CREST-accredited provider. Access controls are allocated on the basis of business need and ‘Least Privilege’ principle. ; ; All staff are required to attend information governance and data security training courses annually. They are trained on incident management policy and mobile home working policy.; ; Our security accreditations include Cyber Essentials, NHS Data Security & Protection Toolkit (DSPT), DTAC (approved by NHS England), and ORCHA Baseline Review.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: 1. Change request is raised by an authorised team member via a ticket management system ; 2. Changes that may alter the security posture of organisation are approved by the Technical Architects; 3. Every code and infrastructure change made is committed to a Version Control System ; 4. The change is approved by 1 other authorised individual; 5. Changes are tested on a non-production environment; 6. Release notes contains audit trail of change; 7. Changes are deployed into production with authority from either Head of Technical Delivery, Head of Engineering, or CTO; 8. Production access restricted to two named individuals
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: 1. Solution Architecture review between architects; 2. Code review; 3. Static code analysis (this is automated into the Continuous Integration system); 4. Scheduled library update process; 5. Subscription to CVE/similar bulletins; 6. Automated patching of servers (typically happens once or twice a day)
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Potential compromises are indentified using Amazon GuradDuty, if a potential compromise has been identified the DevOps team will quarantine and re-provision. The DevOps team response is aligned with the Recovery Time Objective (RTO) which is 6 hours.
• Incident management type: Undisclosed
• Incident management approach: Roczen has a robust incident management framework, supported by the Incident Reporting Policy, Data Breach Policy, and Serious Incident Framework (to be replaced by PSIRF imminently).; ; Staff use our customised compliance system to report incidents. These are automatically directed to the appropriate Line Manager or Supervisor for monitoring and response. Incident reporting forms are in line with PSIRF. Clinical incidents are discussed at clinical operations meetings and reviewed monthly by the Medical Advisory Board. Data incidents are reviewed by the InfoSec committee.; ; All incidents are reviewed at the quarterly Management Board meetings.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Roczen maintains a comprehensive policy for Environmental and Social Governance, and in 2024 commissioned an external audit of our approach.; ; As a digital-first business, our operating model is well-configured to minimise negative environmental impacts.; ; By delivering patient services digitally, Roczen reduces avoidable travel and reduces the need to operate and maintain physical facilities when compared to traditional delivery. Traditional services typically require multiple clinic visits, for example for blood tests and consultations, whereas Roczen conducts consultations by secure video link and logistics of blood tests and medicines distribution by post.; ; By working primarily digitally, Roczen similarly reduces avoidable travel (including commuting) by employees and visitors, and maintains a small-footprint office within modern, well-managed premises. The selection process for premises gives due regard to environmental governance, considering factors such as access to public transport, secure bicycle parking, and waste/ recycling management.; ; We also give due consideration to sustainability in choosing specific working tools and practices, for example using public-cloud computing that is far more environmentally efficient than maintaining proprietary on-premise servers.

  Covid-19 recovery

  During the Covid-19 pandemic, Roczen programmes were offered to staff at a number of NHS Trusts and to key workers in other frontline public services to improve their health and help keep the nation working. ; ; Following the pandemic, the impact of Covid-19 was greatest in healthcare, where the most notable residual impact is the ongoing waiting lists for routine care experienced across the NHS This is well-documented and the subject of various national and regional strategies and recovery programmes. This is exacerbated by high levels of staff sickness and poor retention. Roczen is configured to play an important role in tackling those waiting lists by supporting both NHS staff and patients, hence supporting Covid-19 recovery by affordably and accessibly increasing capacity in important healthcare services related to obesity and diabetes management. Waiting lists for comparable NHS services are currently significant (typically over a year). ; ; Roczen's clinical approach enables us to customise care plans for each patient, taking account of their circumstances. This is important, for example, for the 600,000 people estimated to be affected by Post-Covid Syndrome (Long Covid), for whom that may be an important factor to consider in planning any changes to diet or exercise. Obesity was recognised as a factor increasing the risk of people developing long covid, and conversely long covid, which typically inhibits exercise, may be a contributory factor to the rising prevalence of obesity.

  Tackling economic inequality

  Among adults, obesity disproportionately affects ethnic minorities (black and asian), women, people living with disabilities and those living in more deprived communities. Obesity is statistically associated with job losses, unemployment, and various forms of workplace discrimination. Roczen's accessible digital programmes serve those communities effectively, and at approximately 1/3 the cost of existing NHS approaches to clinical weight management services (NICE's assessment), do so in a way that is sustainably affordable.; ; As well as enhanced levels of need, people living with obesity may face additional challenges in terms of accessing in-person health services and appointments, particularly in the use of public transport. This issue is further exacerbated by disability or deprivation. Digital delivery of specialist weight management services will enable the NHS, Local Authorities and public sector employers to better serve the health needs of those communities.; ; Where our patients give consent to do so, we record demographic factors such as ethnicity in order to analyse outcomes by demographic categories to better inform action and progress to tackle health inequalities. As at 2024, in our largest contract to date, 49% of participants described their ethnicity as something other than white. 47% were female.

  Equal opportunity

  Roczen is widely used across the public sector as a workplace health programme, tackling one of the leading causes of ill-health, absence, and discrimination for adults of working age. Our programmes help employers to better understand the stigma and unintentional discrimination faced by people living with obesity, as well as directly helping those people to improve their health and wellbeing. Whilst weight status is not currently a protected characteristic in law, we encourage employers (ourselves included) to act as though it is.; ; In terms of our own approach to equality, diversity and inclusion, The training and development needs of all employees is managed in line with the Company’s Equality and Diversity Policy. ; ; As a digital-first employer, Roczen's flexible approach to home working facilitates inclusionary recruitment for individuals for whom regularly attending an office may involve additional challenges, notably people with disabilities and people providing care for others.; ; Reset Health (Roczen's parent company) embeds its Recruitment Selection and Engagement Policy in all its operations. The Policy warrants that all recruitment procedures are applied fairly to all; irrespective of a candidate’s age, gender, race, religion, and or/belief. The Policy warrants that all applications receive equal consideration.

  Wellbeing

  Obesity is a causal factor in over 200 other diseases, including Type 2 Diabetes, colon cancer, and mental health issues such as anxiety and depression. People living with obesity are 25% more likely to suffer from mood disorders. By providing affordable, accessible, specialist clinical weight management programmes through the NHS, Local Authorities and other public sector partners (as employers), Roczen is helping to improve the health and wellbeing of the nation.; ; Weight management services are both curative and preventative: for example, successful weight management can help prevent somebody living with obesity and at high risk of developing Type 2 Diabetes (e.g. diagnosed with Pre-Diabetes) or other diseases from progressing to that stage; equally, successful weight management can put existing Type 2 Diabetes into remission, with patients' insulin dependency reduced in a matter of months.; ; We record and report our outcomes, enabling us to demonstrate the positive impact of our services on the health and wellbeing of the communities we serve. We have numerous outcome reports and case studies to demonstrate the effectiveness of our interventions on improving wellbeing.

Pricing

• Price: £35 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@resethealth.clinic. Tell them what format you need. It will help if you say what assistive technology you use.