D+R Medical

D+R Therapy

Remote Physiotherapy Analysis.
D+R Therapy allows physiotherapist to remotely supervise as monitor patients during physiotherapy.
The platform allows customised treatments per patient with video and text description.


  • Real-time Analysis
  • Remote Monitoring
  • Personalised Treatments
  • Patient Feedback
  • Secure Messaging
  • Notes
  • Custom Exercises


  • Real-Time Analytics
  • Early Intervention
  • Exercises Videos and Descriptions
  • Remote Patient Analysis


£0 to £20 per person per month

Service documents


G-Cloud 11

Service ID

9 4 5 6 6 4 8 4 6 4 4 4 2 2 0


D+R Medical

Viv Austin



Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Requires modern browsers (Chrome, Safari, IE11, Edge).
System requirements
  • Mobile app requires iOS or Android
  • Custom videos best hosted on Youtube or Vimeo

User support

Email or online ticketing support
Email or online ticketing
Support response times
24 hour response time weekdays.
48 hours response time at weekends.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
Onsite support
Onsite support
Support levels
Free online support via website.
Premium support with customer rep - 1000GBP per month.
Support available to third parties

Onboarding and offboarding

Getting started
We provide onsite training, email support, and web documentation.
Service documentation
Documentation formats
End-of-contract data extraction
All patient content is available to extract via CSV.
End-of-contract process
Once patient treatments are inactive, there are no further charges.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Differences between the mobile and desktop service
Desktop website for physiotherapist to manage patient treatments and analysis exercises.

Mobile app for patients to access treatment and record exercises.
Service interface
Customisation available
Description of customisation
Users can add custom private exercises and treatments.
Users can create an organisational structures.


Independence of resources
Azure based site with auto-scaling services.
Separation of therapist site and patient mobile app service.


Service usage metrics
Metrics types
All patient exercise records are available via web dashboard.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Treatment data can be exported via a CSV.
Data export formats
Data import formats
Other data import formats
  • MP4
  • JPG
  • PNG

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.7% availability target.
10% refund if service drops below 99.5% in any calendar month.
Approach to resilience
Service hosted on Azure servers with multiple instances in both web server and mobile web service.
Outage reporting
Service outages will be communicated via email.

Identity and authentication

User authentication needed
User authentication
Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels
All users authenticated through Windows Azure Active Directory.
Access restriction testing frequency
At least every 6 months
Management access authentication
Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
User access managed through Windows Azure Active Directory.
Server patching managed through Azure automatic updates.
Malware protection and firewall handled through Azure.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
3 tier development process ensures that code is managed through dev, UAT, then production.

Security library is isolated and assessed with full regression test when being modified.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Database threat detection is part of the service offered by Microsoft Azure, with firewall rules and access notification.

Servers are auto-patched by Microsoft Azure.

Site access managed via Windows Azure Active Directory.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Database threat detection is part of the Microsoft Azure service.
Notification emails are sent to security staff when the encrypted SQL server is accessed.
Incident management type
Supplier-defined controls
Incident management approach
Incident reporting available via website and email.
Severe incidents reported to users via email.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£0 to £20 per person per month
Discount for educational organisations
Free trial available
Description of free trial
Full platform access for 1 month.
Link to free trial

Service documents

Return to top ↑