Blueteq Ltd

High Cost Drugs Management System

The High Cost Drugs Management System allows NHS Commissioners to manage the request for funding of high cost drugs by clinicians and the subsequent invoice validation submitted by Hospital Providers.

Features

• Take control of your High Cost Drug Budget
• Collect NICE criteria led evidence directly from hospital provider clinicians
• Validate and challenge hospital provider invoices with ease
• Keep a complete audit trail of the process
• Customised reporting tools available

Benefits

• Online submission by clinicians saves time
• Automated process to enable patients to be treated quickly
• Ensures use of HCDs are in line with NICE criteria
• Patient History displays all information in one place
• Provider invoices can be easily matched against approved requests
• Manage your High Cost Drugs budgets effectively

£5,000.00 to £113,000.00 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@blueteq.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

343637438445614

Contact

Graham Simmonds
02392 413057
info@blueteq.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: This web based software will run on a variety of web browsers without the installation of specialist software or configuration changes.
• System requirements:
  • Microsoft Edge or Chrome installed
  • Minimum 1Mbs synchronous Internet connection
  • Acrobat Reader for reading documents (Optional)
  • MS Office for opening Word/Excel documents (Optional)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: All tickets are responded to within 4 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: We provide a single level of support across all of our clients and systems. A Lead Project Manager is assigned to all new system implementations and he/she will remain the key contact until the system is handed over to the support team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide as much onsite and online training as the client requires. ; We aim to meet all of our clients for review meetings annually as more often if required.; All our systems are provided with user documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: When the date of termination is reached, we will securely provide an encrypted SQL Server back up file that includes all data, images and documents saved within the system.
• End-of-contract process: On termination of the contract, we will arrange for the secure return of all data as a SQL Server back up. There will be an additional cost if the client requires the data supplied in other formats.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: We provide web services for the following:- Reporting functions. Interfacing with hospital trust PAS system.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We will run a workshop for every client where we will run through the system and process. The client is encouraged to specify any changes that are required to the system to suit their process. The system is then supplied with those changes applied. Our support arrangement then allows for subsequent reasonable changes to be requested without further cost being involved.

Scaling

• Independence of resources: We use a virtual server network where we will add hardware to the network to maintain satisfactory performance levels.

Analytics

• Service usage metrics: Yes
• Metrics types: Upon request
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users are able to export data into an Excel format within the system.; We can also supply a web service that will allow the export of data into data warehouses at no additional cost.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We guarantee a 99% availability for access to our systems. All programmed maintenance is normally undertaken outside of business hours and the client is informed of these outages in advance.; We would refund a pro-rata amount based on the outage time up to the amount of the monthly support charge.
• Approach to resilience: - Availability of multiple connections with re-routing capability to other data centre sites.; - UPS and 7 day generator back up.; - Virtual server network allowing for the transfer of system images from one hardware configuration to another.
• Outage reporting: Email alerts and login messages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: All of our management interface and support channels are maintained on a private network with external access via IPSec VPN to named users.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Data Security and Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Data Security and Protection Toolkit - Standards exceeded.
• Information security policies and processes: All incidents relating to the security policies and processes are reported to the Information Governance Lead who is the Managing Director.; The following policies are available upon request:-; - Information Governance Policy; - Information Risk Management Policy; - Information Security Policy; - Information Security Incident Handling Procedure; - Network Security Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All change management requests are recorded and tracked through our on-line ticket management system. Continuous internal assessment of the security impact of all changes applied to our systems. Regular external assessment of changes are carried out by a third party CHECK accredited Security Consultancy.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Regular monitoring of logs - firewalls, web and database services.; Weekend application of patches to all servers; Emergency security patch application overnight.; Security threat notifications received from NCSC website, Operating and application system websites. Symantec and McAfee.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Daily monitoring of logs - firewalls, web and database applications.; Unauthorised access attempts notifications from systems.; The response is determined by the nature of the compromise. Any security incident will be handled in the process laid out in our Information Security Incident Handling Procedure.
• Incident management type: Supplier-defined controls
• Incident management approach: We follow the procedure laid out in our Information Security Incident Handling Procedure (available upon request).

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We fight climate change in the following ways: - 1. Our office has 50 solar panels and a battery installed, allowing us to go off grid for 8 months of the year. 2. We encourage our employees to use electric cars by providing them with a salary sacrifice scheme and we provide charging facilities at work.

  Tackling economic inequality

  We are a small business based in Havant near Portsmouth. We employ local people and employ degree apprentices from Chichester University.

  Equal opportunity

  We are a Tier 2 visa sponsor which allows us to sponsor foreign nationals with the appropriate skills.

  Wellbeing

  We give the opportunity to and pay for all staff to attend regular gym activities.

Pricing

• Price: £5,000.00 to £113,000.00 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@blueteq.com. Tell them what format you need. It will help if you say what assistive technology you use.