EQL LIMITED

Phio Engage

Phio Engage is a clinically supported self-management solution for MSK. Patients receive exercise based physiotherapy via a smartphone application and clinicians monitor the end-to-end recovery in relation to patient goals. Phio Engage can be an alternative pathway to face-to-face care, but can also be provided to support waiting lists.

Features

• Exercise programmes delivered remotely via a smartphone application
• Patients configure their own goals/exercises to personalise their care
• Daily sleep and pain scores captured to monitor progression
• Direct messaging capability between patient and clinician
• Other data captured enabling remoting monitoring (e.g. symptom checking)
• Configurable alerts to notify when patients requires attention
• All data made available in real-time through a clinician portal
• Patient notifications and dashboards to track adherence and recovery
• Extensive exercise programmes, including pre and post operative protocols
• Exercise bands included as standard, shipped directly to the patient

Benefits

• Immediate access, no assessment needed if combined with Phio Access
• Structured clinical data covering a wide range of variables
• Real time clinical data with alerts for those needing help
• Patient notifications and reminders to improve adherence
• Highly scalable, no limit to the amount of active patients
• Releases capacity for face to face services
• No waiting lists
• Accommodates chronic condition management (e.g. OA, surgical lists)
• Intuitive and engaging interface co designed with patients
• Encourages ownership with patient including shared decision making

£0.15 to £0.50 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@eql.ai. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

891822635900560

Contact

Jason Ward
07884008770
info@eql.ai

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Phio Access
• Cloud deployment model: Private cloud
• Service constraints: Available on Android and iOS smartphone devices.
• System requirements: Smartphone on Android or iOS

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 48 hours
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: EQL provides onboarding support for Phio Engage with a designated integration team for the initial phase. This team comprises clinical representatives (qualified Physiotherapists), operations support, customer success manager, engineering, governance (clinical and information), and where appropriate GP liaison support. They will talk through all integration routes in detail and help confirm which route is best with the customer. The integration team will then be on hand throughout the onboarding process to provide staff training, governance set up, project management, operational & technical support.; ; EQL clinical representatives will work closely with all necessary clinical stakeholders to configure the exercise plans and onboarding. Phio Engage is provided as a fully managed service and requires relatively little ongoing support. However, our post-onboarding service includes personal account management support and ongoing KPI’s. We also provide online support to end users of the platform for any technical support that might be required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding Project Management is provided to our customers via our dedicated onboarding team to assist them with their set up of Phio Engage. This includes a mixed approach of online training and demos along with training documentation. Once onboarding has taken place the project will move to a "business as usual" function whereby regular contacts will be established to maintain and monitor ongoing success of the project and report on service level agreements. Each contract benefits from a designated Customer Success Manager who will coordinate and mobilise the various EQL teams (e.g. clinical, operational, technical) where and when appropriate.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Provided to customer as and when required via the Onboarding Project Manager.
• End-of-contract process: Our service for the specific customer goes offline and no new patients are allowed access to the service. We ensure the customer has been provided all outstanding data. We keep all patient data for the customer for the timeframes assigned in our data retention policy.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/A
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: API's & Clinical Portal our clients use to interact with our services
• Accessibility standards: None or don’t know
• Description of accessibility: Phio Engage is accessible via a smartphone application.
• Accessibility testing: None
• API: No
• Customisation available: Yes
• Description of customisation: Phio Engage has an extensive proprietary exercise library that has been used to create multiple injury and condition specific content. It is possible to configure this content for any number of pathways including the creation of bespoke exercise based protocols or plans. New exercise content is created on a continual quarterly cycle meaning it is possible to request new content should there be a need.

Scaling

• Independence of resources: We have load balances in place that help distribute the load on a single server.

Analytics

• Service usage metrics: Yes
• Metrics types: Monthly MI which includes key data metrics such as; Total Referral Count, Completion Rate, Engagement Rate, Age Demographic and Injury Data Analysis
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Via the Clinical Portal rendering each patient's data into PDF format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • JSON
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We work to maintain a high level of availability at 95%. Our approach is to minimise downtime to provide consistent access to our services.; ; In the rare event that we fail to meet these SLAs, we work with customers to resolve issues promptly. Our customer support team is available to support customers, ensuring quick communication and timely issue resolution.
• Approach to resilience: Our service is designed to run on Google Cloud Platform (GCP). GCP utilises the byzantine fault tolerant technique to replicate servers into zones. As these zones are isolated from each other it is highly unlikely that all zones fail from the same cause and at the same time.
• Outage reporting: We are notified of any outages via GCP's zone status API

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Our management interface is restricted by layered access levels. This ensures members of staff are only provided access to the level of data required to successfully complete their job while at the same time restricting them from any access not required for their job. This allows us to protect the data.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 23/02/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow our own internal information security policies and processes. These include Information Classification, Security Awareness & Training, Acceptable Usage, Access Controls, Password Policy, Physical Security, Protecting Data in Transit and at Rest, Disposal of Data, Data Protection by Design etc. We hold various security accreditations including Cyber Essentials, Cyber Essentials Plus, BulletProof and ISO27001.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change management is handled without our QMS system. All requirements are kept up to date and are fully traceable throughout the lifecycle of the change and archived for future reference if required. All requirements are to be reviewed and signed off by both our Data Security Officer and our Clinical Safety Officer in line with DCB 0129
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our regular pen-tests and overall security assessments help us identify our vulnerabilities and other risks. Our agile and highly competent team are able to patch a security flaw within the time limit specified in our SLAs.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All our exposed services (available on the internet) utilise GOOGLE FRONT END as reverse proxy. This layer also provides real time threat detection. When a potential risk is identified we have settings in place to temporarily disable the service involved or as in the case of a DoS attack our system intelligently throttles inbound requests.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents are handled in accordance with our internal Security Incident Process and Data Breach Policy. Business Continuity plans are in place in case of severe incidents which could threaten the continuity of the organisation. Incidents can be reported via a business email account and all incidents are logged and tracked.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  EQL's Phio technology promotes remote triage and self-management where appropriate. A combination of virtual and face to face care facilitated by Phio will reduce unnecessary journeys to the hospital.

  Covid-19 recovery

  MSK waiting lists have been significantly impacted by Covid-19, with some patients waiting over a year for an appointment. The NHS will restore services by reducing unnecessary face to face care for appropriate patients. ; ; A combination of virtual and face to face care facilitated by Phio will reduce pressure on MSK services whilst also providing quicker treatment for patients. Phio can be used specifically to tackle MSK waiting lists, and can also support patients waiting for Orthopaedic surgery.

  Tackling economic inequality

  Phio is made available to all patients, regardless of economic background. Tackling inequality in healthcare is a core ambition for the EQL team, and Phio helps NHS services collect richer data from their patient population to improve services for poorer communities. By taking the pressure off MSK services and saving clinical time, NHS Trusts can reallocate resources to meet the needs of patients that need it the most.

  Equal opportunity

  Phio Access is made available to all patients, providing equal opportunity for the population. Phio Access can also be made available in multiple languages, reducing barriers to engagement for all communities

  Wellbeing

  EQL's Phio technology provides quicker and easier access to MSK services, which reduces anxiety for many patients who need faster access to care. Phio will allow patients to recover more quickly, empowering them to get back to normal activities and hobbies which are crucial for positive wellbeing.; ; Phio will also improve wellbeing for NHS staff. Burnout and fatigue increased during the pandemic, with services under increasing pressure and waiting lists growing each week. Encouraging remote care where appropriate, Phio will reduce pressures on NHS services and improve working conditions for staff.

Pricing

• Price: £0.15 to £0.50 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@eql.ai. Tell them what format you need. It will help if you say what assistive technology you use.