Directories
Definition:
A database system to store and manage information about resources and users such as identities, usernames, passwords, access authority and preferences.
Standards and specifications
General requirements
Cyber security
The software must demonstrate ability to effectively achieve mitigation strategies in line with ‘Essential 8’.
Privacy
Data collected about an individual by medical software is likely to constitute health information. Due to the sensitive nature of this information, it generally has a higher degree of privacy protection than other personal information, under relevant federal, state and territory legislations.
The software must demonstrate adherence to relevant federal, state or territory privacy legislation for example, the Privacy Act 1988 (Federal) or Health Records and Information Privacy Act 2002 (NSW).
The applicable federal legislation is the Privacy Act 1988.
Details of the relevant state and territory legislations are contained under the State and territory requirements section below.
Core requirements
Standards for identification
The system should:
- be able to discover and validate Healthcare Provider Identifiers – Individual (HPI-Is) and Healthcare Provider Identifiers – Organisation (HPI-Os) via the Healthcare Identifier (HI) Service Business-2-Business web services.
Standards for terminology, code sets and classifications
The system should:
- support provider identification in healthcare National Best Practice Data Set.
National Safety and Quality Health Service (NSQHS) Standards
Implementation of NSQHS is mandated in all hospitals, day procedure services and public dental services across Australia.
The system must:
- support adherence to all relevant National Safety and Quality Health Service Standards in accordance with the intended scope of the system being procured. These may include, but not limited to the following standards:
- Partnering with Consumers Standard
- Communicating for Safety Standard
- Comprehensive Care Standard
- Blood Management Standard
- Medication Safety Standard
- Clinical Governance Standard.
- support adherence to all relevant Clinical Care Standards.
Other Standards
International
The system should comply with:
- ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection – information security management systems – requirements. Annex A.9: access control
National
The system must comply with:
- AS ISO 27799:2023 Health informatics - Information security management in health using ISO/IEC 27002
Connections to National Systems
HI Service
The software should:
- be able to discover and validate Healthcare Provider Identifiers – Individual (HPI-Is) and Healthcare Provider Identifiers – Organisation (HPI-Os) via the Healthcare Identifier (HI) Service.
Conformance
The software should:
- have production access to the Health Identifiers Service.
State and territory requirements
The following state and territory requirements must be upheld based on location.
| State | Theme | Link |
|---|---|---|
| ACT | Privacy | Health Records (Privacy and Access) Act 1997 (ACT) |
| Territory Records Act 2002 (ACT) | ||
| Information Privacy Act 2014 | Acts | ||
| NSW | Privacy | NSW Privacy Laws |
| NT | Privacy | Refer to Federal requirement |
| QLD | Privacy | Privacy legislation in Queensland |
| SA | Privacy | Refer to Federal requirement |
| TAS | Privacy | Refer to Federal requirement |
| VIC | Privacy | Privacy and Data Protection Act 2014 |
| WA | Privacy | Refer to Federal requirement |