Cloud Solutions

 

Standards and specifications

General requirements

Cyber security

The software must demonstrate ability to effectively achieve mitigation strategies in line with ‘Essential 8’.  

Privacy

Data collected about an individual by medical software is likely to constitute health information. Due to the sensitive nature of this information, it generally has a higher degree of privacy protection than other personal information, under relevant federal, state and territory legislations.

The software must demonstrate adherence to relevant federal, state or territory privacy legislation for example, the Privacy Act 1988 (Federal) or Health Records and Information Privacy Act 2002 (NSW).

The applicable federal legislation is the Privacy Act 1988.

Details of the relevant state and territory legislations are contained under the State and territory requirements section below.

Core requirements

Standards for identification

The software should:  

• be able to discover and validate Individual Healthcare Identifiers (IHI) via the Healthcare Identifier (HI) Service Business-2-Business web services
• utilise Individual Healthcare Identifiers (IHIs) to integrate and link records into the local patient record
• support adherence to Patient Identification best practices as outlined by the Australia Commission on Safety and Quality in Health Care.

Australian Core Data for Interoperability (AUCDI)

The software should support the use of AUCDI Release 1.

Note: The focus of the AUCDI Release 1 is the representation of the clinical content necessary for each of the data groups identified within the Release 1 scope.

Development is continuing to enhance AUCDI.

Standards for data sharing

The software should:  

• support the consumption of clinical documents in Fast Healthcare Interoperability Resources (FHIR®) formats
• capable of using HL7 FHIR-compliant API when sending clinical information
• should be capable of using HL7 FHIR-compliant API when receiving clinical information.

Standards for terminology, code sets and classifications

The system must:

• support Systematised Nomenclature of Medicine-Clinical Terms AU (SNOMED CT-AU)
• support the use of MBS item numbers as defined on MBS online or the DVA schedule on the DVA website
• support Standardised Pathology Informatics in Australia (SPIA)
• support Logical Observation Identifiers Names and Codes (LOINC®)
• support Australian Medicines Terminology (AMT)
• capable of using METEOR for recording clinical information with data specifications
• capable of using Nutrition Care Process Terminology (NCPT)
• Rapid Response System (RRS) terminology
• support the National Clinical Terminology Service (NCTS).

The system should:

• support person and provider identification in healthcare National Best Practice Data Set.

National Safety and Quality Health Service (NSQHS) Standards

Implementation of NSQHS is mandated in all hospitals, day procedure services and public dental services across Australia.

The system must:  

• support adherence to best practices related to Informed Consent  
• support adherence to all relevant National Safety and Quality Health Service Standards in accordance with the intended scope of the system being procured. These may include, but not limited to the following standards:  
  • Partnering with Consumers Standard
  • Communicating for Safety Standard
  • Comprehensive Care Standard
  • Blood Management Standard
  • Medication Safety Standard
  • Clinical Governance Standard.
• support adherence to all relevant Clinical Care Standards.  

Other Standards

International

The system should:

• have certification for ISO/IEC 27017:2015 Information technology — Security techniques — Code of practice for information security controls.

State and territory requirements

The following state and territory requirements must be upheld based on location.