VBC Checker
The VBC Checker is a web based system that provides an instant funding decision on whether a patient meets the relevant policy criteria and therefore can be granted prior funding approval for procedures covered in both the local Value Based Commissioning Policy and also for any national Evidence Based Interventions.
Features
- Consistent Policy applied for all system users in a locality
- Simple and Easy to use system
- Web based - accessible to both Primary and Secondary Care
- Different levels of access available to different user groups
- Key data reporting functionality to allow system monitoring
- Fully hosted with no software installation requirements: quick to implement
- Minimal training required due to simplicity of system usability
- Allows patient level reconciliation to take place with Acute Providers
- Developed by the NHS, for the NHS with practicing clinicians
Benefits
- Ensures policy compliance, reducing the risk of harm to patients
- Patients only proceed for elective procedures where benefits outweigh risk
- Flexibility to host multiple policies, across large geographic regions
- Reduces the number of inappropriate elective procedures, releasing capacity
- Supports financial savings to the local health economy
- Ensures procedures considered through right process (IFR v Prior Approval)
- Contributes to provider cost improvement programmes (through reducing targeted activity)
- Supports the reduction of inappropriate Individual Funding Requests
- Instant decisions for Prior Approval - no delays
- Reduction in patients referred to secondary care for outpatient appointments
Pricing
£18,000 a licence
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
4 8 4 4 8 0 7 8 4 1 4 6 9 7 1
Contact
NHS North of England Commissioning Support Unit (Hosted by NHS England)
Amanda Smallbone
Telephone: 0191 3751789
Email: necsu.busdev@nhs.net
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- No
- System requirements
-
- Connection required via Health and Social Care Network (formally N3-network)
- Minimum screen resolution of 1024 x 768
- Windows 7, 8.1, 10 and above, Mac OS X
- Internet and web browser access
User support
- Email or online ticketing support
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
During the implementation period, intense support levels will be provided to the customer.
Following go-live, a high level of maintenance and support will be provided (along with a wrap around programme support where applicable) on an ongoing basis, to the customers requirement. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
NECS will meet with the Customer(s) to discuss and agree the required support levels needed to start using the system. During implementation, NECS will provide both face to face and virtual training, as agreed with the customer dependent upon their requirements, and delivered to all relvant stakeholders.
We will also provide a training video and user guides (for both primary and secondary care).
Initial system-wide engagement will be a key focus. - Service documentation
- Yes
- Documentation formats
-
- Other
- Other documentation formats
-
- Microsoft Word (Where appropriate, and requested)
- Excel documents may be provided during mobilisation
- End-of-contract data extraction
- NECS will download and provide the customer with their relevant data held within the system.
- End-of-contract process
- Upon contract expiry or termination, the customer will be provided with a copy of all relevant information / data currently held within the system at that time.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- Yes
- Description of service interface
- The VBC Checker is accessed via a web browser. The system has been designed to be quick and easy to use.
- Accessibility standards
- None or don’t know
- Description of accessibility
- Non-text content is supported through the inclusion of text based values to ensure the information is accessible.
- Accessibility testing
- We have not undertaken any interface testing with users of assistive technology.
- API
- No
- Customisation available
- Yes
- Description of customisation
- Customers can input their own CCGs, Practices and Providers as well as their own local Value Based Commissioning and Evidence Based Interventions Policies
Scaling
- Independence of resources
- The VBC Checker has been load tested with positive results, providing the assurance that thousands of users can access the system and generate tickets at the same time.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Service usage statistics (including login audit, login attempts)
Information around Prior Approval tickets - Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- No
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
Depending upon access level user will have the opportunity to download summary reports of successful/unsuccessful tickets.
The user/customer are also able to download the Prior Approval tickets at individual ticket level. If a bulk download of all tickets is requested (though unlikely), this can be provided by NECS - Data export formats
-
- CSV
- Other
- Other data export formats
- PDF (individual user level)
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- 99% assured, excluding planned downtime for maintenance.
- Approach to resilience
- Our datacentre is set up to be resilient through two data centres with fail over, which is transparent for the end users. This is thoroughly tested within the test environment to ensure minimal disruption to customers.
- Outage reporting
- Any outages will be reported via email correspondence to designated customer leads.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
Once a user has been provided with the VBC Checker system link, they must then register for an account. The system will only allow NHS compliant email addresses and requires the user to set up a password with strict minimum requirements.
Once the user has registered, they will then receive an email to the above, designated NHS email address. The user must then click on the link to verify the account. Once fully registered and verified, the individual must then be granted permissions by a senior access role in order to access their own organisation within the system. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Username or password
- Other
- Description of management access authentication
-
Once a user has been provided with the VBC Checker system link, they must then register for an account. The system will only allow NHS compliant email addresses and requires the user to set up a password with strict minimum requirements.
Once the user has registered, they will then receive an email to the above, designated NHS email address. The user must then click on the link to verify the account. Once fully registered and verified, the individual must then be granted permissions by a senior role in order to access their organisation within the system.
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
- Cyber Plus Security
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
-
Security governance approach includes:
• IG Toolkit Level 2 Compliance
• Information Security Management Plans which are developed practice based experience.
• Cyber Essentials Plus – NECS will continue to seek further accreditation to gain compliance against the Cyber Essentials Plus scheme.
• ISEM (Information Assurance for Small & Medium sized Enterprises) - The IASME standard, based on ISO27001, has developed to create a cyber security standard recognised by the UK Government.
• ISO27001 – NECS is aligned with the ISO27001 internationally recognised, gold standard, and Information Security standards. - Information security policies and processes
- There is an Information & Cyber Security Strategy and Plan, managed through an IT Security Team with access to the wider IT teams. This is managed by our Infrastructure Security Manager. She reports into the Head of Infrastructure who reports to the Business Information Services Director. NECS’ develop Information Security Management Plans which are developed using the valuable practice based experience. The key strategic information security principles that underpin information security management at NECS are considered in any service provided by NECS. NECS adhere to NHS England Policies and all NECS procedures are based on ITIL good practice.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- There is an ITIL based Change Advisory Board (CAB) that manages the processes in accordance with the NECS Procedures.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- The system is regularly penetration tested for vulnerabilities in coding and security. It is fully protected by Microsoft Update Service.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
The infrastructure is monitored by the supplier with active port monitoring alerts in place. Incidents are dealt with in line with the NECS ITIL Incident, Request Fulfilment and Problem Management Procedure.
Standard response times are below: Priority Level 1 (Major Incident) KPI - 95% resolution within 4 hours Priority Level 2 KPI - 90% resolution within 8 hours Priority Level 3 KPI - 80% within 3 working days Priority Level 4 KPI - 95% resolution within 5 working days Priority Level 5 KPI - 95% resolution within 30 working days - Incident management type
- Supplier-defined controls
- Incident management approach
- The management of Incidents follows the standards set out by ITIL and defined in our own Incident and Problem Management Policy. Users report incidents via the Service Desk either via Telephone. Each incident is given a unique reference number and a priority which defines the length of time allowed to resolve the incident. Incidents are analysed to look for common trends by reviewing the types of incidents logged and trying to identify root causes. We report each month to our customers on the number of Incidents logged and our performance in terms of meeting the fix time.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- NHS Network (N3)
- Health and Social Care Network (HSCN)
Pricing
- Price
- £18,000 a licence
- Discount for educational organisations
- No
- Free trial available
- No