This presentation is the property of its rightful owner.
Sponsored Links
1 / 19

PsychologyOnline PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

PsychologyOnline. PsychologyOnline uses secure instant messaging to provide live, accessible and confidential cognitive behavioural therapy over the internet. . CBT with a live therapist delivered remotely over the internet.

Download Presentation


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript



PsychologyOnlineuses secure instant messaging to provide live, accessible and confidential cognitive behavioural therapy over the internet.

Cbt with a live therapist delivered remotely over the internet

CBT with a live therapist delivered remotely over the internet

Live one-to-one therapy using instant messaging-based text communication

Private, discreet therapy in a secure online meeting room

No travel or room booking – patients/users can attend therapy from convenient location, such as home

Available evenings and weekends at no extra cost

Relative anonymity reduces stigma and promotes disclosure

Psychologyonline growing and adding value in mental health therapy

PsychologyOnline – growing and adding value in mental health therapy


  • 2013

  • Full operrational launch

    • Product development

    • Investment

    • Pilots


Talking Therapies Pilot


NHS Surrey Pilot

And AQP status


Investment round


Patient Trials – Bristol and London


Clinical Validation - Lancet



Clinical validity and governance

Clinical Validity and Governance

Summary of PsychologyOnline Clinical Validity data & Governance

Proven effective by peer reviewed research

Proven effective by peer-reviewed research


297 depressed patients allocated to receive on-line CBT or standard care

At 4 months 38% recovery (BDI<10) in intervention group vs 24% in control group

Effect maintained at eight months – 42% vs 26%

Median of six sessions needed for benefit

Severely depressed benefited most

Many patients found it easier to talk when not face-to-face with a therapist

Care pathway

Care pathway

  • Focus on individual cases

  • One therapist throughout

  • GP communication at all stages


GP or self referral

Step chosen based on assessment tools and professional opinion


questions + 30 min appt

Step 2: structured programme

- 30 min sessions

- Goal setting

- Homework



Step 3: semi-structured programme

- Mainly 60 min sessions (some 30 min)

- Goal setting

- Homework



Step up possible

Same therapist retained

Step 3+: individual-focussed intervention

- 60 min sessions

- Goal setting

- Homework



The patient experience flexible accessibility

The Patient Experience – Flexible Accessibility

  • Therapy relationship enhanced rather than

    hindered by lack of body language or eye contact

    • Relative anonymity reduces inhibition

    • Reduced pressure allows patient to take time to formulate responses

    • Solipsistic introjection

  • Text communication supports therapy

    • Forces order and logic into communication

    • Documents a narrative that can be reviewed and reflected upon during therapy sessions

    • Creates thinking space

    • Transcript available for download for review between sessions

      Patients who benefit

  • Busy people who need appointments outside working hours or to fit in with a busy schedule

  • Parents and carers who can’t organise cover to attend meetings

  • Non-English speakers & ethnic minorities

  • People with disabilities

  • Patients in remote areas

  • Social anxiety or stigma

The therapist family

The Therapist Family

  • In house service therapists


  • PsychologyOnline Clinical Affiliates

    • >100 BABCP Accredited CBT Therapists and Chartered Psychologists

    • Rigorous selection and governance process

      • CRB, qualifications, accreditations, references

    • Supervision to IAPT standards

    • Varied specialisms

    • Multiple languages

    • Available out-of-hours at no extra cost

The user interface

The User Interface

Web interface

Web interface

  • Unique web address for each service

  • Content, colour scheme and general contact

    information customised for each service

    • Looks and feels like a service website

  • Patient Portal

    • Online completion of outcome questionnaires

      • PHQ, GAD etc

    • Outcomes scores viewable as graphs in patient login area

    • Secure asynchronous messaging between patient and therapist between sessions

      • Tasks can be sent as attachments

    • Set and manage goals

    • Can be used with any form of therapy – online, face-to-face, telephone



It architecture security and information governance

IT Architecture, Security and Information Governance

Psychologyonline architecture

PsychologyOnline Architecture

  • PsychologyOnline (POL) delivers Cognitive Behaviour Therapy (CBT) to patients remotely over a web connection in a secure and confidential manner. The system is a web-based application that clients and therapists can access from their own computers. Users access the system through a web interface using their registered user name and password.

  • Once logged in, clients can book appointments, complete questionnaires and send messages asynchronously to their therapists. When they book appointments, both therapists and clients are notified by email.

  • Online therapy takes place using a text based chat system that allows clients and therapist conversing real-time.


    The POL system is structured using a typical n-tier architecture (see diagram), with the following layers:

  • Database: MS SQL Server

  • Business Logic: C# on .NET framework

  • Presentation: ASP.NET MVC


  • The PsychologyOnline system is currently hosted by Norfolk and Suffolk NHS Foundation Trust.

  • The application and database are hosted on separate servers, which provides additional security for the database. The database server is only accessible from the application server.

  • Hosting the system on the NHS network ensures that PsychologyOnline fully complies with the NHS Information Governance toolkit.

  • All the data collected, i.e. patients, psychologists and transcript data are stored on a database hosted within Norfolk and Suffolk NHS Foundation Trust.


  • The live application and database are hosted on a NHS server that is housed in a secure environment and has full business continuity contingency.

  • Security is paramount to PsychologyOnline. The systemhas been designed and developed to ensure the system is protected against common security attackusing the OSWAP (Open Web Application Security Project) guidelines.


Psychologyonline patient data security capability

PsychologyOnline Patient Data Security Capability

The PsychologyOnline managed services is a comprehensive solution that provides a scalable, flexible & secure IT Hosting & Application Managed Service.

Patient Data Protection

All patients’ identifiable information and communications are encrypted using the industry standard AES 256 algorithm. AES has been adopted by the U.S. government and is now used worldwide notably by all major banking groups to protect customer data. This method provides protection even in the event that an attacker gains unauthorised access to the database itself.

The system makes use of the one-way encryption algorithm SHA-256 with the addition of a salt value to mitigate the risks of attacks such as hash and rainbow tables.

For applications processing sensitive information, it is important to ensure that all information is encrypted in transit. The application makes use of the 256-bit SSL encryption mechanism and is configured to ensure that patient data is always encrypted in transit between the user’s browser and the application.

Currently the application does not share Patient data with any other applications.

Registration Security Features

It is important that NHS providers control who access the online therapy system. For this purpose the system has been designed so that NHS users require a two-factor authentication to be able to register for online therapy. NHS patient first need to register with their provider. They are then sent an email with a link to the activation page. Once they click the link patients are sent an activation code to their mobile that they require to activate their account.

  • The application provides protection against SQL Injection attacks by ensuring that all user input is treated as such and cannot disrupt the execution of the query.

  • The application provides protection against Cross-Site Scripting (XSS) attacks. This is accomplished by encoding all user input sent back to the web browser by default, and is effective against most forms of XSS attacks.

  • User sessions are terminated after a certain period of inactivity to reduce the risk of unauthorised access to data from an unattended computer.

  • A common issue with web application security is users making use of weak, guessable passwords. The application enforces a password quality requirement on all users ensuring that passwords are at least 8 characters in length and contains at least one non-letter.

General Application Security Features

Psychologyonline information governance and data confidentiality policies

PsychologyOnline Information Governance and Data Confidentiality Policies

Psychologyonline operates strict information governance and is audited to ig toolkit level 2

PsychologyOnline operates strict Information Governance and is audited to IG Toolkit Level 2

Information Governance Policy

This policy describes PsychologyOnline policy on Confidentiality and Data Protection, and employees’ responsibilities for the safeguarding of confidential information held both manually (non-computer in a structured filing system) and on computers.

This Policy will be communicated to all employees. All users must confirm in writing that they have read and understood these documents. This Policy will be published to employees through the intranet and a hard copy will be available at PsychologyOnline Office.

This policy applies to all directly (and indirectly) employed staff and other persons working for PsychologyOnline.

All staff and contractors have a personal duty of confidence to patients and to PsychologyOnline.

The purposes of the Personal Information Handling Policy are:

To promote the effective, consistent, and legal, processing of data by defining a Data Protection policy 

To ensure all employees are aware of their responsibilities in relation to the processing of personal data and to the law surrounding its use 

To ensure all employees are aware of the consequences of the misuse or abuse of personal data 

To establish and maintain trust and confidence in PsychologyOnline’s ability to process personal data  To ensure compliance with legislation, guidance and standards relating to the handling of personal data

Data Confidentiality Policy

This policy sets out the procedures, management accountability, and structures, which have been put in place by PsychologyOnline to align with the Information Governance Agenda and safeguard the movement of personal data within PsychologyOnline information technology infrastructure.

Underpinning Policies and Procedures

The following procedures have been put in place to support the high quality information governance within PsychologyOnline, and the sharing of this information with other organisations:

  • Information Security (Sets out how we protect the company’s information assets from unauthorised access and loss of integrity and accessibility)

  • Confidentiality and Data Protection (sets out the standards expected of staff in maintaining the confidentiality of patient information);

  • Corporate Governance Policy (Sets out the procedures for the company to respond to Freedom of Information requests);

  • Information Lifecycle Management (Sets out how the company creates, manages, updates and disposes records of its service users. The policy also guides the company in maintaining the highest quality of the information in terms of completeness, accuracy, relevance and accessibility).

    Staff Duties and Responsibilities

  • All staff, whether permanent, temporary or contracted are responsible for ensuring that they remain aware of the requirements incumbent upon them for ensuring compliance on a day to day basis. This includes maintaining confidentiality of data, ensuring secure storage of data and being aware of situations where disclosure may be required or may not be required.

We are an Equal Opportunities Employer



Dr Michael Reilly

Business Development Director

[email protected]

00 44 (0) 7876593434


The Grange

Market Street


Cambridge CB24 4QG

  • Login