getUBetter is a digital health treatment delivering and enabling patients to self-manage their recovery from all common MSK disorders and injuries by following a recovery and prevention pathway defined by their local healthcare provider


  • Patient pathway management: triage, recovery, prevention, support
  • One app for all common minor injury conditions
  • Bespoke content configured for individual CCGs
  • Prescribed locally by clinician or direct via website
  • Self-referral and connection to local third-party MSK tools
  • Questionnaire, nudges, video content and risk stratification to guide patient
  • Integration with GP system
  • Real-time data analytics dashboard
  • Medical device registration (CE marking)
  • Data security and evidence based


  • Patients feel better supported by their GPs along MSK pathways
  • Increased patient confidence and engagement in managing their condition
  • Improved patient access to specialist knowledge and expertise
  • Reduction in unnecessary burden on healthcare resources
  • High-quality care delivered more consistently against standardised workflow.
  • Less burden of administration and managing process for clinicians
  • Complements and enhances 3rd party MSK tools
  • Fully supported deployment by experienced team
  • App is clinically safe and stores patient information securely
  • Data capture providing insight themes of patient engagement with app


£35,000 a unit

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

8 2 7 4 8 5 1 6 7 4 7 8 4 6 3


Telephone: 07952228499

Service scope

Software add-on or extension
Cloud deployment model
Community cloud
Service constraints
All maintenance work is planned to meet minimal disruption levels to customers, normally around 0200 am.
We operate on iOS on 7.0 onward and Android on 4.0 onward
System requirements
  • Access to the internet
  • PC and/or a smartphone
  • Modern web browser: Chrome, Safari, Firefox, Edge, Internet explorer

User support

Email or online ticketing support
Email or online ticketing
Support response times
We aim to respond to questions via our email response:
within 4 hours during weekday office hours
within 12 hours during weekday out of office hours
and 24 hours during weekends
If /when requested we will phone the customer direct to advised contact phone number
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Support is free, available for technical and general enquiries and provided via our customer response team.

The team is available via the contact details published in the app and website and responds via email as default, and can connect via phone if requested.

The team performs against service level targets so responds and rectifies queries as quickly and effectively as possible.
Support available to third parties

Onboarding and offboarding

Getting started
We work with individual GP practices, localities and O/H teams as part of the deployment to educate, integrate and promote engagement in self-management for common MSK injuries and conditions. We provide access to training manuals, videos, site materials and remote awareness surgeries.

Our service description document provides detail of our 5 step Rapid Deployment Model that enables a smooth and effective installation of, and so, realisation getUBetter benefits.
Service documentation
Documentation formats
End-of-contract data extraction
An off-boarding data export process would form part of our standard contract, when we would provide a csv.file of all patient data collected during the contract.
End-of-contract process
At contract end getUBetter will assume cost of data extraction and termination of all links to clinical and patient users.

The data extraction is set in the agreed formats.

Extra extracts or very custom formats would be chargeable.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
There is no difference in how our condition pathway perform and are presented between mobile and desktop services.

However, a mobile app will be accessed via download of getUBetter from the app/play store whereas the desktop option is via sign-in option on our website
Service interface
Customisation available
Description of customisation
GetUBetter is highly configurable.

All minor injury, condition defined, recovery and prevention pathways are customised to reflect local needs, for example, a chosen mix of endpoints, advice, guidance and instruction and supporting services.

getUBetter enables branding, logos, real-time data dashboard, and contact information for each clinician community.

Once 'in-service' our customers have access to modify and re-configure some elements of the app such as rebrand their condition pathway with a new business logo, adjust contact details and provide bespoke information for their patient users.


Independence of resources
Our partnership with UKCloud VMware hosting structure enables quick provision and scale up our configuration as necessary. This is set at 2GHz and speed of data transfer averages 8Mbit/s for VM import/export and 40 Mbit/s for data transferred over FTPS.

Customers are placed within UKCloud servers and will not be affected by other customers.

Our technology stack uses multi-platform frameworks such as Laravel and Ionic to enable a platform and data model that can accommodate approximately 200,00 active, concurrent users and 10,000 condition pathways, so safely scale to 234 CCGs and 214 NHS OHPs


Service usage metrics
Metrics types
Our customers have access to our online portal, through which there are graphical illustration of metrics, such as; the number of apps issued by the prescribing team; the number of apps registered by patient; the age profile of registered patients.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
We don't anticipate any scenario for users to input data in order to enjoy the getUBetter service.

We offer data export, as described earlier, as part of off-boarding services if requested.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
Other protection within supplier network
Our hosting services traffic sits within the UKCloud Assured and Elevated services (e.g. between UKCloud's data centres) and is
protected using encrypted sessions over resilient fibre optic connections, which have been
independently validated by the NCSC Assured Service - Telecoms (CAS-T) scheme, and which are
subject to a regular independent IT Security Health Check (ITSHC) CHECK Test.
Data over the public internet to patient devices has security application which is protected using authentication tokens and 2-factor authentication. Access to the service is via encrypted VPN. Information in transit is subject to encryption.

Availability and resilience

Guaranteed availability
GetUBetter strive to achieve 99.99% service availability. There is no financial compensation if target service levels are not achieved.
Approach to resilience
Our data centre service is hosted by UKCLoud. Locations have been visited and assessed during formal accreditation activities undertaken
by accreditors and assessors from the National Cyber Security Centre, Home Office (PASF) and by
BSI and Lloyd's Register (LR) external assessors during routine ISO9001, ISO20000, ISO22301,
ISO27001, ISO27017 and ISO27018 certification assessments.
All data centres used by UKCloud are protected by a robust framework of physical, technical and logical
security controls, which ensure the data, applications and ICT infrastructure are afforded the highest
possible levels of protection and resilience
Outage reporting
Our service resides within UKCloud who operate a Network Operations Centre (NOC) that supports the service on a 24/7 basis, which
is responsible for monitoring the health of the UKCloud platform and carrying out routine tasks. A framework of monitoring tools provides an early warning system that allows for the identification of
potential service issues before they can impact us and our customers.
In the event of service disruption, the NOC is the primary focal point for major incident management. It co-ordinates the recovery actions with us to ensure remedial actions are completed.
Service disruptions are also communicated via the Service Status webpage to use and we email project sponsors in our Customer base details on the incident. This will provide the status of an issue in addition to the follow up report that will describe what, when, how and why the incident occurred.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access is managed via UKCloud who have implemented and operate several technical controls to ensure only authorised getUBetter individuals can authenticate to and access the getUBetter services for which they have an identified and approved business need. We are
required to have a unique username and password with the option to add a memorable word combination.
Access Control Policy places specific responsibilities on “super user” or administrative accounts, which are not used routinely for normal support or development tasks.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • Security Management System (SMS) supported by IG manual and procedures
  • Registered with the DSP toolkit
  • Working toward ISO27001 for 2021
  • Hosting partner UKCloud have ISO27001
  • Our supply chain contractually obliged to comply with our SMS

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We follow, and are assessed on a quarterly basis, the ISO27001 security standards and cyber essentials plus, for which we are compliant in both.
We follow GDPR principles through our information governance processes

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
As a registered medical device, CE compliant getUBetter operates a quality management system for all configuration and change management requirements, aligned to ISO13485. The application and related components are tracked through their lifetime using our internal ticketing system.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
An integral part of our Release Management Policy is the identification and assessment of threats, vulnerabilities and exploitation methods which could have an impact on the of our technical stack or the confidentiality, integrity or availability of data assets.
For every release of the system we are subject to internal penetration testing using the OWASP top 10 list of vulnerabilities to ensure we have no unmanaged vulnerabilities.

For urgent matters we deploy patches in 12 hours and less so, 36hours.

Our hosting provider is CSA CCM compliant and listed on the CSA STAR registry.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Our hosting provider, UKCloud have Assured and Elevated Platforms that are protected by a GPG13 aligned protective monitoring system externally provided by e2e-assure. This monitors and alerts on the twelve control areas documented within GPG13 (PMC1-12) at the DETER Level, and includes the production and
retention of user activity logs to support monitoring, incident identification, response and investigative activities. It also includes activities related to the formal notification to the relevant authorities as appropriate.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
UKCloud tools are used to monitor the live service and to provide real time live service monitoring information. The feedback on the live service is reviewed by the development and acted on as required.
User report incidents via the email address.
Where the service is interrupted due to service incidents, a web page or dialog will be displayed to advise users.
Safety incident communication is managed by our service desk and where necessary user service bulletins will provide instructions for dealing with safety incidents through the application help pages.
Root cause analysis is completed for all incidents

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Connected networks
Public Services Network (PSN)


£35,000 a unit
Discount for educational organisations
Free trial available
Description of free trial
At first stage of engagement we provide a demo workshop to all interested individuals in the organisation. If the organisation chooses to pursue their interest further we provide access to our demo version of the product. The demo app provides the full user-experience, in a test, not live, environment.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.