PsychologyOnline.co.uk PsychologyOnline PsychologyOnline uses secure instant messaging to provide...

PsychologyOnline.co.uk

PsychologyOnline

PsychologyOnline uses secure instant messaging to provide live, accessible and confidential cognitive behavioural therapy over the internet.


CBT with a live therapist delivered remotely over the internet• Live one-to-one therapy using instant messaging-based text communication• Private, discreet therapy in a secure online meeting room• No travel or room booking – patients/users can attend therapy from convenient location, such as home• Available evenings and weekends at no extra cost• Relative anonymity reduces stigma and promotes disclosure


PsychologyOnline – growing and adding value in mental health therapy

2001Founded

2008Clinical Validation - Lancet

2009Patient Trials – Bristol and London

2011Investment round

2012NHS Surrey PilotAnd AQP status

2013• Full operrational launch

• Product development• Investment• Pilots

2014

2013Talking Therapies Pilot


Clinical Validity and Governance

Summary of PsychologyOnline Clinical Validity data & Governance


Proven effective by peer-reviewed research

Accessibility

297 depressed patients allocated to receive on-line CBT or standard care

At 4 months 38% recovery (BDI<10) in intervention group

vs 24% in control group

Effect maintained at eight months – 42% vs 26%Median of six sessions needed for benefit

Severely depressed benefited most Many patients found it easier

to talk when not face-to-face with a therapist


Care pathway

ReferralGP or self referral

Assessmentquestions + 30 min appt

Step2mild-moderate

Step3moderate-severe

Step3+severe

Step 2: structured programme- 30 min sessions- Goal setting- Homework

Step chosen based on assessment tools and professional opinion

Step up possibleSame therapist retained

Step 3: semi-structured programme- Mainly 60 min sessions (some 30 min)- Goal setting- Homework

Step 3+: individual-focussed intervention- 60 min sessions - Goal setting- Homework

• Focus on individual cases• One therapist throughout• GP communication at all stages


The Patient Experience – Flexible Accessibility

• Therapy relationship enhanced rather than hindered by lack of body language or eye contact

– Relative anonymity reduces inhibition– Reduced pressure allows patient to take time to formulate responses– Solipsistic introjection

• Text communication supports therapy– Forces order and logic into communication– Documents a narrative that can be reviewed and reflected upon during therapy sessions– Creates thinking space– Transcript available for download for review between sessions

Patients who benefit• Busy people who need appointments outside working hours or to fit in with a busy schedule• Parents and carers who can’t organise cover to attend meetings• Non-English speakers & ethnic minorities• People with disabilities• Patients in remote areas• Social anxiety or stigma


The Therapist Family

• In house service therapistsor• PsychologyOnline Clinical Affiliates

– >100 BABCP Accredited CBT Therapists and Chartered Psychologists

– Rigorous selection and governance process• CRB, qualifications, accreditations, references

– Supervision to IAPT standards– Varied specialisms– Multiple languages– Available out-of-hours at no extra cost


The User Interface


Web interface

• Unique web address for each service• Content, colour scheme and general contact information customised for each service

– Looks and feels like a service website• Patient Portal

– Online completion of outcome questionnaires• PHQ, GAD etc

– Outcomes scores viewable as graphs in patient login area– Secure asynchronous messaging between patient and therapist between

sessions• Tasks can be sent as attachments

– Set and manage goals– Can be used with any form of therapy – online, face-to-face, telephone




berkshire


IT Architecture, Security and Information Governance


PsychologyOnline Architecture

• PsychologyOnline (POL) delivers Cognitive Behaviour Therapy (CBT) to patients remotely over a web connection in a secure and confidential manner. The system is a web-based application that clients and therapists can access from their own computers. Users access the system through a web interface using their registered user name and password.

• Once logged in, clients can book appointments, complete questionnaires and send messages asynchronously to their therapists. When they book appointments, both therapists and clients are notified by email.

• Online therapy takes place using a text based chat system that allows clients and therapist conversing real-time.

ARCHITECTUREThe POL system is structured using a typical n-tier architecture (see diagram), with the

following layers:• Database: MS SQL Server• Business Logic: C# on .NET framework• Presentation: ASP.NET MVC HOSTING• The PsychologyOnline system is currently hosted by Norfolk and Suffolk NHS

Foundation Trust.• The application and database are hosted on separate servers, which provides

additional security for the database. The database server is only accessible from the application server.

• Hosting the system on the NHS network ensures that PsychologyOnline fully complies with the NHS Information Governance toolkit.

• All the data collected, i.e. patients, psychologists and transcript data are stored on a database hosted within Norfolk and Suffolk NHS Foundation Trust.

BACK UP AND SECURITY• The live application and database are hosted on a NHS server that is housed in a secure

environment and has full business continuity contingency.• Security is paramount to PsychologyOnline. The systemhas been designed and

developed to ensure the system is protected against common security attackusing the OSWAP (Open Web Application Security Project) guidelines.

• https://www.owasp.org/

https://www.owasp.org/


PsychologyOnline Patient Data Security Capability

The application provides protection against SQL Injection attacks by ensuring that all user input is treated as such and cannot disrupt the execution of the query.The application provides protection against Cross-Site Scripting (XSS) attacks. This is accomplished by encoding all user input sent back to the web browser by default, and is effective against most forms of XSS attacks.

User sessions are terminated after a certain period of inactivity to reduce the risk of unauthorised access to data from an unattended computer.A common issue with web application security is users making use of weak, guessable passwords. The application enforces a password quality requirement on all users ensuring that passwords are at least 8 characters in length and contains at least one non-letter.

Patient Data Protection

Registration Security Features

The PsychologyOnline managed services is a comprehensive solution that provides a scalable, flexible & secure IT Hosting & Application Managed Service.

General Application Security Features

All patients’ identifiable information and communications are encrypted using the industry standard AES 256 algorithm. AES has been adopted by the U.S. government and is now used worldwide notably by all major banking groups to protect customer data. This method provides protection even in the event that an attacker gains unauthorised access to the database itself.

The system makes use of the one-way encryption algorithm SHA-256 with the addition of a salt value to mitigate the risks of attacks such as hash and rainbow tables.

For applications processing sensitive information, it is important to ensure that all information is encrypted in transit. The application makes use of the 256-bit SSL encryption mechanism and is configured to ensure that patient data is always encrypted in transit between the user’s browser and the application.

Currently the application does not share Patient data with any other applications.

It is important that NHS providers control who access the online therapy system. For this purpose the system has been designed so that NHS users require a two-factor authentication to be able to register for online therapy. NHS patient first need to register with their provider. They are then sent an email with a link to the activation page. Once they click the link patients are sent an activation code to their mobile that they require to activate their account.


PsychologyOnline Information Governance and Data Confidentiality

Policies


PsychologyOnline operates strict Information Governance and is audited to IG Toolkit Level 2

This policy sets out the procedures, management accountability, and structures, which have been put in place by PsychologyOnline to align with the Information Governance Agenda and safeguard the movement of personal data within PsychologyOnline information technology infrastructure. Underpinning Policies and Procedures The following procedures have been put in place to support the high quality information governance within PsychologyOnline, and the sharing of this information with other organisations: • Information Security (Sets out how we protect the company’s

information assets from unauthorised access and loss of integrity and accessibility)

• Confidentiality and Data Protection (sets out the standards expected of staff in maintaining the confidentiality of patient information);

• Corporate Governance Policy (Sets out the procedures for the company to respond to Freedom of Information requests);

• Information Lifecycle Management (Sets out how the company creates, manages, updates and disposes records of its service users. The policy also guides the company in maintaining the highest quality of the information in terms of completeness, accuracy, relevance and accessibility).

Staff Duties and Responsibilities • All staff, whether permanent, temporary or contracted are responsible

for ensuring that they remain aware of the requirements incumbent upon them for ensuring compliance on a day to day basis. This includes maintaining confidentiality of data, ensuring secure storage of data and being aware of situations where disclosure may be required or may not be required.

• This policy describes PsychologyOnline policy on Confidentiality and Data Protection, and employees’ responsibilities for the safeguarding of confidential information held both manually (non-computer in a structured filing system) and on computers.

• This Policy will be communicated to all employees. All users must confirm in writing that they have read and understood these documents. This Policy will be published to employees through the intranet and a hard copy will be available at PsychologyOnline Office.

• This policy applies to all directly (and indirectly) employed staff and other persons working for PsychologyOnline.

• All staff and contractors have a personal duty of confidence to patients and to PsychologyOnline.

The purposes of the Personal Information Handling Policy are:

• To promote the effective, consistent, and legal, processing of data by defining a Data Protection policy

• To ensure all employees are aware of their responsibilities in relation to the processing of personal data and to the law surrounding its use

• To ensure all employees are aware of the consequences of the misuse or abuse of personal data

• To establish and maintain trust and confidence in PsychologyOnline’s ability to process personal data To ensure compliance with legislation, guidance and standards relating to the handling of personal data

Data Confidentiality PolicyInformation Governance Policy

We are an Equal Opportunities Employer


Contact

Dr Michael ReillyBusiness Development Director

[email protected]

00 44 (0) 7876593434PsychologyOnlineThe GrangeMarket StreetSwaveseyCambridge CB24 4QG

mailto:[email protected]

Date post:	15-Dec-2015
Category:	Documents
Upload:	lonnie-fillmore
View:	224 times
Download:	1 times