Skip to main content

Supply Chain Systems

This content is draft for consultation. 

 

Definition:

A supply chain system in healthcare involves managing the flow of medical supplies, pharmaceuticals, equipment, and other products from production to delivery in healthcare facilities. Key aspects in Australian healthcare include sourcing and procurement, inventory management, distribution and logistics.  

Standards and specifications

General requirements

Cyber security

The software must demonstrate adherence to the ‘Essential 8’ cyber security principles.  

Core requirements

Standards for identification

The software must:

  • Content will be updated following consultation feedback

Australian Core Data for Interoperability (AUCDI)

The software should support the use of AUCDI Release 1.

Note: The focus of the AUCDI Release 1 is the representation of the clinical content necessary for each of the data groups identified within the Release 1 scope.

Development is continuing to enhance AUCDI.

Standards for data sharing

The software should:

  • support the authoring and consumption of clinical documents in Fast Healthcare Interoperability Resources (FHIR®) formats.

Standards for terminology, code sets and classifications

If the system is managing prostheses, the system must:

If the system is managing medications, the system must:

  • support Australian Medicines Terminology (AMT)

The system should:

  • support person and provider identification in healthcare National Best Practice Data Set

If the system is managing medical devices or medicines, the system should:

National Safety and Quality Health Service (NSQHS) Standards

Implementation of NSQHS is mandated in all hospitals, day procedure services and public dental services across Australia.

Other Standards

International

The system must support:

  • ISO/IEC 17360:2023 standard: Automatic identification and data capture techniques - Supply chain applications of RFID - Product tagging, product packaging, transport units, returnable transport units and returnable packaging items
  • ISO/IEC 27036-3:2023 standard for Cybersecurity - supplier relationships - Part 3: Guidelines for hardware, software, and services supply chain security.

National

  • comply with the relevant legislation for medicines, poisons and therapeutic goods  
  • comply with the handling and destruction of drugs standard.

The system should support:

Connections to National Systems

HI Service

If the system is managing medical devices or medicines, the system should:

  • support linkage to the Pharmaceutical Benefits Scheme (PBS) online-claiming system.

Conformance

The software must:

  • have production access to the Health Identifiers Service.

State and territory requirements

The following state and territory requirements must be upheld based on location.

StateThemeLink
ACTPrivacyHealth Records (Privacy and Access) Act 1997 (ACT)
  Territory Records Act 2002 (ACT)
  Information Privacy Act 2014 | Acts
NSWPrivacyNSW Privacy Laws
  Requirements for consent
NTPrivacyRefer to federal legislation for privacy
QLDPrivacyPrivacy legislation in Queensland
  Informed Consent
SAPrivacyRefer to federal legislation for privacy
TASPrivacyRefer to federal legislation for privacy
  Privacy and Data Protection Act 2014
WAPrivacyRefer to federal legislation for privacy
  Consent to treatment policy

Contact us 

This content is draft for consultation. To learn more about the Guidelines, the phased publication approach, or if you are interested in being part of future reference groups, please contact us via the form below. 

Date last updated: 1 July 2025