In Health service directives

Enterprise architecture

Directive number: QH-HSD-015:2014

Effective date: 10/01/2022

Review date: 10/01/2025

Supersedes: Version 4.0

On this page:

Context
Purpose
Scope
Principles
Outcomes
Mandatory requirements
Related or governing legislation, policy and agreements
Supporting documents
Business area contact
Review
Approval and implementation
Version control
Definitions of terms used in this directive
Schedule 1: Business, information, application and technology architecture

Context

Queensland Health is increasingly using digital capabilities to improve patient safety and service quality, and efficiency through the health system. Enterprise Architecture provides the supporting framework which helps achieve these desired business outcomes through technical best practices and approaches.

Purpose

This Health Service Directive (HSD) reflects the changing nature of technology and its role in healthcare delivery and administration. Such a directive is essential in order to maintain the integrity of the Queensland Health information ecosystem in a time of increased demand and rapid innovation to support patient-centric integrated digitally enabled services.

Scope

This directive applies to all Hospital and Health Services.

Principles

Whilst not explicit mandates to follow, the Enterprise Architecture principles provide a consistent set of fundamental beliefs, values, aspirations or behaviours that guide Hospital and Health Services when making digital and ICT investment and policy decisions. All principles are equal and should be used to guide decision making, likewise new initiatives that do not adhere to these principles may be seen negatively by other decision makers. The Queensland Health Enterprise Architecture principles are as follows:

Customer Focus: Every service shall be designed around the user. All digital capabilities shall meet the needs of the public, clinicians and other staff whilst maintaining compliance with legislative and policy requirements. Solutions should be co-designed using appropriate stakeholder engagement and participatory governance.
Queensland Health’s federated health system is moving to a networked model: All digital investments shall support the requirements of the health system as a whole. Where appropriate services that scale to support enterprise needs are favoured over fragmented approaches. Where enterprise solutions and services exist, the impact of implementing new, changed solutions, or decommissioning existing solutions shall be assessed prior to implementation.
Information as a health system asset: This principle recognises that information has value and contributes to the delivery of healthcare services and outcomes. There is a need to share information appropriately, increase access, manage its quality, and subject it to appropriate governance, legislative compliance, and lifecycle management processes. To assist this, digital investments shall reduce duplication of data and make data securely available (preferably at the source).
Digital as a Service: Digital services shall adopt an "as a service" approach for digital investments. Specifically, solutions and services shall utilise (where appropriate) cloud-based technologies as enablers unless there is a reason not to do so, such as:

service characteristics (availability, recover time objective, etc) that cannot be met
cyber or information governance that cannot be met by a service.

Sustainability: All digital solutions and services are to be sustainable. Sustainability must consider social, human, economic and environmental factors. A sustainable investment must also be provided in a manner that can respond to changes in health delivery needs.
Reuse Services and Platforms: Digital services should demonstrate that they have sought to reuse existing solutions before delivering new ones. Digital services should also leverage existing platforms to deliver their outcomes where appropriate. Where it is not possible to reuse or leverage an existing solution, buy or build opportunities can be considered when more cost effective, fit for purpose, scalable and flexible into the future than leveraging existing.
Privacy, confidentiality, and security: The increased ability to share data in a more connected, digital world will be balanced by (authorised and appropriate) measures to control data access, use and disclosure. Services must adopt a secure by design and information security management system approach, appropriate cyber security controls and manage an appropriate risk posture to protect the personal (and confidential) information from misuse, loss and unauthorised access, modification or disclosure. Cyber security controls shall be regularly assessed and maintained through the lifecycle of the service.
Do no harm: Digital services should promote quality and efficiency, but the failure to guarantee their reliability can lead to harming individuals. Higher information processing or communication capabilities can do more harm than more primitive systems with less capabilities, even if the former are potentially able to confer greater benefits (or the same benefit to more people) than the latter. This principle of non-maleficence shall apply to all Digital investments across Queensland Health.
Support contemporary digital architecture: All investments in digital services should support a mobile-first approach and adopt internet standards and protocols. This ensures digital services are easily accessible from mobile phones, tablets, laptops and assistive technologies like screen readers.
Interoperability as a default: By design digital investments should support interoperability through adoption of open data and technology standards. Business service and process design should be performed to identify opportunities for interoperability. Where appropriate digital solutions and services shall support information being securely accessible via standards-based Application Programming Interface (APIs) that allow the data to be created, interrogated and, updated.
Provide an efficient digital experience: Digital investments shall enhance the user experience in a way that reduces the complexity and difficulty to perform digital tasks. Reduce manual input in favour of reusing trusted digital sources and provide single or common entry points to consume digital services for a consistent and efficient digital experience.

Outcomes

Hospital and Health Services shall by implementing this directive:

Make investments that support Queensland Health’s vision of promoting wellbeing, delivering healthcare, connecting healthcare and pursuing innovation, not just for their Hospital and Health Service but the health system as a whole.
Focus on information to ensure the right information is given to the right person at the right time.
Have ICT solutions that enable and preserve the integrity of a federated health system through the sharing of information while providing the flexibility required to meet Hospital and Health Service specific business and information needs.
Balance diversity associated with local investment in ICT services against cost, risk and availability of statewide ICT services.
Have governance expectations and requirements that are clearly defined, setting Hospital and Health Service initiatives up for success.

Mandatory requirements

Hospital and Health Services will be requested to provide an attestation every three years demonstrating compliance with this HSD.
Hospital and Health Services will provide, on request, accurate and comprehensive information to eHealth Queensland sufficient for Queensland Health to meet the mandated reporting requirements defined in the Queensland Government Enterprise Architecture (QGEA) ICT resources strategic planning policy (IS2). This includes at-risk system reporting and the annual current state ICT Profile report. Contributions to the ICT Profile shall at a minimum include all critical ICT systems, at-risk ICT systems and ICT systems meeting the asset recognition threshold.
Hospital and Health Services shall provide, on request, information to eHealth Queensland regarding the use of unsupported technologies determined to pose a risk to the Queensland Health system.
Hospital and Health Services shall ensure that use of and investment in ICT and information management comply with the Queensland Health Enterprise Architecture and the QGEA, and legislative requirements and responsibilities.
Hospital and Health Services shall initially complete an Architecture Preliminary Assessment (APA) for ICT initiatives requiring design elements (procurement of standard hardware solutions is exempt) for consideration by the Architecture and Standards Committee (ASC) at Gate 0 (investment concept) and Gate 3 (award of contract) of the Investment Management Framework where one of the following criteria is met:

the total investment value is >$500,000 or
impacts more than one Hospital and Health Service or
is high risk or high complexity.

Hospital and Health Services shall provide a Solution Architecture for all ICT initiatives requiring design elements (procurement of standard hardware solutions is exempt) for consideration by the ASC prior to implementation where one of the following criteria is met:

the total investment value is >$500,000 or
impacts more than one Hospital and Health Service or
is high risk or high complexity.

Hospital and Health Services are required to comply with directions made by the ASC or appeal to the System ICT Advisory Committee.
Hospital and Health Services shall comply with the Queensland Health Enterprise Architecture, with a particular focus on Schedule 1 of this HSD, unless a formal dispensation is approved.
To seek an Enterprise Architecture dispensation to this directive, Hospital and Health Services shall submit a request and rationale to the Design Authority for consideration and where necessary referral to the ASC. Refer to the Department of Health Enterprise Architecture Dispensation Standard for additional information.
For dispensations in relation to information management Hospital and Health Services shall submit a request and rationale to the Information Management Strategic Governance Committee. Refer to the Department of Health Enterprise Architecture Dispensation Standard for additional information.
All mandated Queensland Health Enterprise Architecture standards shall undergo consultation with all Hospital and Health Services as per the Queensland Health Enterprise Architecture Framework, which outlines how the Queensland Health Enterprise Architecture is administered, managed and governed.

Electronic Transactions (Qld) Act 2001
Financial Accountability Act 2009
Financial and Performance Management Standard 2019
Healthcare Identifiers Act 2010
Healthcare Identifiers Regulations 2020
Hospital and Health Boards Act 2011
Hospital and Health Boards Regulation 2012
Human Rights Act 2019
Information Privacy Act 2009
My Health Record Act 2012
My Health Records Rule 2016
Public Health Act 2005
Public Records Act 2002
Public Services Act 2008
Right to Information Act 2009
Queensland Government Enterprise Architecture Framework
Support Services Agreement for the provision of Enterprise ICT Services
DIGITAL 1st: Advancing our digital future - The Queensland Government digital strategy for 2017–2021

Supporting documents

Department of Health Clinical Data Standardisation Standard
Department of Health Data management policy
Department of Health Enterprise Architecture Dispensation Standard
Department of Health My Health Record system participation standard
Department of Health National Clinical Terminology Service (NCTS) Participation Standard
Department of Health National Healthcare Identifiers Policy
Digital Health Strategic Vision for Queensland 2026
eHealth Investment Strategy July 2019 Progress
Information Management Framework
My Health, Queensland’s future: Advancing health 2026
Queensland Health ICT Services and Devices Policy suite
Queensland Health Cyber Security Strategy
Queensland Health Data and application custodianship policy
Queensland Health Data and application custodianship standard
Queensland Health Data Quality Framework
Queensland Health Enterprise Architecture Framework
Queensland Health Governance of ICT initiatives Policy
Queensland Health ICT Procurement Standard
Queensland Health Information Security Policy
Queensland Health Investment Management Framework
Queensland Health Requirements of ICT initiative Standard
Queensland Health User access management guideline

Business area contact

Digital Architecture, Digital Strategy and Transformation Branch, eHealth Queensland

Review

This Health Service Directive will be reviewed at least every three years.

Date of last review: February 2021

Supersedes: Version 4.0

Approval and implementation

Directive Custodian

Deputy Director-General, eHealth Queensland

Approval by Chief Executive

Director-General, Department of Health

Approval date: 10/01/2022

Issued under section 47 of the Hospital and Health Boards Act 2011

Definitions of terms used in this directive

Term	Definition/ explanation/ details	Source
Application	A software system deployed by the agency which has part of an agency’s business process embedded within it.	Data and application custodianship roles and responsibilities
At-Risk ICT System	An at-risk ICT system refers to an ICT system assessed from a whole-of-department perspective as posing a “High” or “Very High” risk to the business. This does not include the inherent business risk of a critical ICT System or any risk that has been accepted with no further treatments to occur.	Department of Health ICT Critical and At-Risk Systems: Identification and Reporting Standard
Critical ICT System	An ICT System that has an availability Business Impact Level (BIL) of High. A High BIL is defined as an inherent consequence of “Major” or “Extreme” according to the Department of Health risk analysis matrix should the system be unavailable.	Department of Health ICT Critical and At-Risk Systems: Identification and Reporting Standard
Digital Service	A digital service is any defined business activity that provides something of use or value to customers (internal or external) electronically using data or transactions. A digital service may also be the physical services that enable and support these electronic transactions
Dispensation	For the purpose of this directive, the term ‘dispensation’ means the endorsed exception from compliance with the mandatory requirements and Schedule 1 of this HSD.	Adapted from the QGEA Glossary
Enterprise ICT Services	An Enterprise ICT service (including applications, systems, platforms and technology) is consumed by one or more customers across Queensland Health and has been designed and provided in a manner intended to scale for use at a state-wide level, if required. It is intended these services are not duplicated across the state.
Enterprise Architecture	The practice of applying a comprehensive and rigorous method for describing a current and future structure and behaviour for an organisation's processes, information, applications, technology and human resources, so that they align with the organisation's strategic direction.	QGEA Glossary
External service provider	An entity (i.e. an individual or an organisation outside of the Department of Health and Hospital and Health Services) providing a health service under an agreement between the Chief Executive (Department) or a Service (Hospital and Health Service) and the entity.	Adapted from the Hospital and Health Boards Act 2011
ICT-enabled initiatives	ICT-enabled initiatives are focused on delivering improvements to the way of doing business, using ICT as an element. Any initiative requiring information technology and/or communications technology to realise outputs, outcomes and/or benefits is considered ICT-enabled.	QGEA Portfolio, program and project policy
Mandated (applications, services or requirements)	Mandated: the application/service shall be used. Where there are multiple applications/services listed as mandated options one of the applications/services shall be used. The mandated option shall be used when: Implementing a new product/service Replacing an existing product/service Major enhancements are required for an existing product/service A dispensation is required to not use a mandated application/service or to implement an application/service that does not meet the stated requirements.
Queensland Health	The Department of Health and the 16 Hospital and Health Services, making up the public healthcare system, is known as Queensland Health. https://www.health.qld.gov.au/system-governance/health-system/default.asp
Support Services Agreement	The Support Services Agreement is a written agreement that sets out agreed services and related performance levels and reports that the eHealth Queensland will be required to deliver to the Hospital and Health Services.	Adapted from QGEA Glossary
Services	Services in Schedule 1 may refer to specific application software solutions or to Enterprise ICT services (in italics)
Technologies	Technologies support the application portfolio of the business, including software technologies, hardware, and network support.	QGEA Glossary
Unsupported Technology	A technology that has left mainstream support and represents a risk from a whole-of-system perspective. It requires action to be taken such as decommissioning, upgrading or replacing the unsupported technologies with supported versions, products or services.	Adapted from QGEA Glossary

Schedule 1: Business, information, application and technology architecture

The section below describes business functions and current requirements for:

sharing information between organisations and care settings
implementing a new application, technology or service
replacing an existing application, technology or service
managing an existing application, technology or service

Where there are multiple applications, technologies or services mandated for a function; one of the listed applications, technologies or services shall be used.
Any deviations from what is listed will require either a rectification plan or a formal dispensation to be submitted to the Design Authority for consideration and where necessary to the ASC and/or the Information Management Strategic Governance Committee.
Security architecture is addressed in specific QGEA policies and standards and the Queensland Health Information security policy.
Where an application, technology and/or service is provided by another agency within Queensland Health and not by the Hospital and Health Services, the accountability for compliance to this HSD lies with the provider. An Hospital and Health Service as a consumer, is not required to attest to the compliance of that solution to this HSD. However, prior to commencing use of any new solution the Hospital and Health Service shall ensure the solution is compliant with this HSD or seek an ASC dispensation.

Business architecture

Queensland Government Enterprise Architecture artefacts:

Queensland Government Enterprise Architecture framework
Use of ICT services, facilities and devices policy – IS38
Software asset management policy
Records governance policy

Legislation:

My Health Record Act 2012
My Health Records Rule 2016
Healthcare Identifiers Act 2010
Healthcare Identifiers Regulations 2020

Usage	Product/service name
Information Management	Mandated: Where specialist advice is required on clinical records management, data standards, clinical terminology, Queensland Health's master patient index (QMPI) data quality, policy development and data access requests, eHealth Queensland Health Informatics and Advisory Service shall be consulted.
ICT Service Management	Mandated: All ICT solutions and technologies shall have a support model appropriate to the business requirements of that technology. Specifically, where a new solution meets the criteria for ASC oversight it shall address these requirements. Mandated: All service impacting events with Queensland Health are to be recorded within the eHealth Queensland ITSM Platform (Service Now) Mandated: All changes to Information & Communication Technology (ICT) hardware and software assets are managed in accordance with eHealth Queensland Change management Standard.
Sustainability	Mandated: All ICT initiatives shall have a sustainable support, financial model and resourcing for the expected whole life of the technology. Specifically, where a new solution meets the criteria for ASC oversight it shall address these requirements

My Health Record system

Usage	Requirement
My Health Record System	Mandated: The My Health Record system shall be used throughout Hospital and Health Services via The Viewer and in accordance with the relevant legislative requirements in the My Health Records Act 2012 and the My Health Records Rule 2016. Each Hospital and Health Service will participate as a network organisation with the My Health Record System Operator. The Department of Health shall act as the seed organisation on behalf of each Hospital and Health Service for pre-registration, registration and maintenance activities involving the My Health Record System as required.

Information architecture

In Queensland, the Public Records Act 2002 (Qld) defines that the State owns the public records (including Data) of Queensland Health. Public records include records made for use by, or a purpose of, a public authority or records received or kept by a public authority. Both the Department and the Hospital and Health Services are public authorities.
While ownership of public records vests in the State, the Department and Hospital and Health Services are separately responsible for the management, safe keeping preservation, and appropriate disposal of all records in their possession.

Terminology

There are a number of terminologies including approved data sets and code sets used across Queensland Health to support business requirements. The aim is to use a standardised terminology wherever applicable.

As the preferred national terminology for Australia, the use of SNOMED CT-AU including Australian Medicines Terminology (AMT) should be applied where there is a reference set suitable, or applied when developing a new reference set to meet requirements. Reference sets are available to licence holders from the Australian Digital Health Agency (ADHA).
Use of national terminology products from the ADHA requires Queensland Health to hold the following licenses:
- SNOMED CT Affiliate License Agreement
- Australian National Terminology License Agreement
The above agreements are entered into by the Deputy Director-General, eHealth Queensland on behalf of Queensland Health (including the Department of Health and Hospital and Health Services).
To assist in the consistent management of Clinical Terminologies in line with the framework provided by the ADHA, Queensland Health has mandated the use of a single product suite across the state (see Terminology Applications).
Queensland Health approved data sets and code sets are also used to meet business requirements. These data sets and code sets shall be sourced from and validated against the authoritative sources such as the Corporate Reference Data System (CRDS) or the Queensland Health Data Dictionary (QH DD).
Where a data collection is required to deviate from these (QCTS, CRDS, QH DD) due to valid business requirements (for example alternate national, college or industry standard) then an ASC dispensation should be sought.

Usage	Terminology
Clinical Terminology	Mandated For new systems where clinical information is intended to be exchanged: Systematised Nomenclature of Medicine Clinical Terms – Australian Release (SNOMED CT-AU)
Medicines Terminology	Mandated: Systematised Nomenclature of Medicine Clinical Terms – Australian Release (SNOMED CT- AU) (Australian Medicines Terminology (AMT) incorporated into SNOMED CT-AU November 2015)
Pathology Observations	Mandated: Logical Observation Identifiers Names and Codes (LOINC)
Dietetics	Mandated: International Dietetics and Nutrition Terminology (IDNT)
Corporate Reference	Mandated: For new systems required to exchange or report data to the Department of Health: The Corporate Reference Data System (CRDS) Queensland Health Data Dictionary (QHDD)
Clinical Coding and Admitted Patient Separations	Mandated: International Statistical Classification of Diseases and Related Health Problems, Tenth Revision, Australian Modification, Australian Classification of Health Interventions, Australian Coding Standards classification (ICD-10-AM/ACHI/ACS) Australian Refined Diagnosis Related Groups (AR-DRGs) Australian National Sub-acute and non-acute patient (AN-SNAP)
Emergency Patients Episode Grouping	Mandated: Australian Emergency Care Classification (AECC)
Non-admitted Patient Events	Mandated: Independent Hospital Pricing Authority (IHPA) Tier 2 non-admitted care services classification (Queensland Health Version)

Corporate reporting

Usage	Data requirements
Workforce Safety	Mandated: Provides minimum set of data elements to Department of Health as per Hospital and Health Service Agreement: Schedule 4 and within the approved Information Management and associate architecture e.g. receiving system, method of transport, and implementable object.
Clinical Governance/Patient Safety	Mandated: Provides minimum set of data elements to Department of Health as per Hospital and Health Service Agreement: Schedule 4 and within the approved Information Management and associate architecture e.g. receiving system, method of transport, and implementable object.
Clinical Incident Management	Mandated: Provides minimum set of data elements to Department of Health as per Hospital and Health Service Agreement: Schedule 4 and within the approved Information Management and associate architecture e.g. receiving system, method of transport, and implementable object.
Clinical Service Billing	Mandated: Provides minimum set of data elements to Department of Health as per Schedule 4 Hospital and Health Service Agreement.
Consumer Feedback	Mandated: Provides minimum set of data elements to Department of Health as per Hospital and Health Service Agreement: Schedule 4 and within the approved Information Management and associate architecture e.g. receiving system, method of transport, and implementable object.

Clinical data

Usage	Requirement
Acute Care Setting Management	Mandated: Provides equivalent data to Clinical Data Repository (as per existing eHealth Queensland supported systems) Conform to Enterprise Integration Platform (EIP) information exchange specification and patterns
Community & Primary Care Setting Management	Mandated: Provides equivalent data to Clinical Data Repository (as per existing eHealth Queensland supported systems) Conform to Enterprise Information exchange standards and patterns
Medical Imaging	Mandated: A copy of Medical Imaging Reports (both Internal and External Providers) when requested by a Queensland Health representative shall be accessible from The Viewer Medical Imaging solutions shall conform to EIP information exchange specification and patterns where appropriate
Medication	Mandated: Complies with the Medication Data Standards http://qheps.health.qld.gov.au/clinical_info_mgt/html/medication_dss.htm Provides equivalent data to Clinical Data Repository (as per existing eHealth Queensland supported systems) Conform to EIP information exchange specification and patterns
Clinical Reference Data	Mandated: Queensland Health Clinical Data Set Definitions
Private and External Pathology	Mandated: A copy of External Pathology Reports requested by a Queensland Health representative shall be accessible from The Viewer
Dental	Mandated: Provides equivalent data to Clinical Data Repository (as per existing eHealth Queensland supported systems) Conform to EIP information exchange specification and patterns

Person identification

Usage	Requirement
Client Directory Number (Enterprise Unique Identifier)	Mandated: The Client Directory Number (Queensland Master Patient Index Enterprise Unique Identifier) shall not be used as a primary identifier within any information system.
Patient Demographics	Mandated: Queensland Master Patient Index (QMPI)
Individual Healthcare Identifier (IHI)	Mandated: Queensland Master Patient Index (QMPI)

Application architecture

Enterprise resource planning

Usage	Application/service name
Fiscal and Monetary Services	Mandated: S/4HANA
Asset Management	Mandated: S/4HANA (Excludes technologies to support operational management of assets)
Workforce Safety	Mandated: Hazardous Chemicals: ChemAlert
Payroll	Mandated: Personnel Administration: myHR (SAP HR) Time Reporting: myHR (Infor WFM) Rostering: myHR (Infor WFM)

Health service delivery

Usage	Application/service name
Pathology	Mandated: Inventory Management: BloodNet Requests and authorisation for access to funded immunoglobulin products: BloodStar Organ and tissue donation for transplantation: DonateLife Electronic Donor Record
Aged Care Services	Mandated: My Aged Care Assessor Portal
Community and Public Health Services	Mandated: Application is Practice Incentives Program (PIP) compliant (https://epipregister.digitalhealth.gov.au/product-register/registers) Provides minimum set of data elements to Department of Health as per Schedule 4 Hospital and Health Service Agreement. Conform to Enterprise Information exchange standards and patterns
Discharge	Mandated: Enterprise Discharge Summary (EDS)
Electronic Health Record - Longitudinal Record Viewing	Mandated: The Viewer
Electronic Health Record - Digital Hospitals	Mandated: Integrated Electronic Medical Record (ieMR)
Promotion, Prevention and Protection	Mandated: Healthcare Associated Infection: (Multiprac) Staff immunisations: Staff Protect (SPA) Notifiable Conditions: Notifiable Conditions System (NOCS)
Medical Imaging - Breast Screening	Mandated: Registry: Breast Screen Queensland Registry (BSQR); and - PACS: Sectra PACS
Medication	Mandated: Drugs of dependency: Monitoring of Drugs of Dependency System (MODDS)
Alcohol and Other Drugs	Mandated: Mental Health: Consumer Integrated Mental Health and addiction (CIMHA)
Mental Health	Mandated: Mental Health: Consumer Integrated Mental Health and addiction (CIMHA)

Integration services

The following eHealth Integration Services / application software services are to be used for integrations to enterprise data.

Usage	Service name
Enterprise Clinical Data	Mandated: Clinical Data Repository (CDR) Services
External Provider Identity Management	Mandated: STS Address Book, GP Connect
Internal Provider Identity Management	Mandated: Provider Matching Service (PMS)
Public Pathology Reports	Mandated: AUSLAB via the Enterprise Integration Platform
Patient Consent for Medical information access	Mandated: Consent Service
Patient Encounters	Mandated: Patient Encounter Service (ePADT)
Patient/Client Identity Management	Mandated: Queensland Health Patient Search Service
Longitudinal Electronic Medical Records	Mandated: Clinical Data Repository (CDR) Service
Unstructured Clinical Documents	Mandated: Document Service (DS)

Generic service delivery

Usage	Application/service name
Legislation and regulation services	Mandated: Monitoring, Applications, Permits and Licensing Events (MAPLE)

Health information management

Usage	Application/service name
Clinical Coding	Mandated: 3M Codefinder

The following software products are mandated for the administration of Terminologies; Hospital and Health Services may implement these locally.

Solution	Product name
Terminology Browser	Mandated product: CSIRO Shrimp
Terminology Server	Mandated product: CSIRO Ontoserver
Syndication Server	Mandated product: CSIRO Ontoserver and CSIRO Atomio
FHIR Terminology Authoring	Mandated product: CSIRO Snapper Platform (including Snapper:Author and Snapper:Map)

Technology architecture

Queensland Government Enterprise Architecture:

ICT cabling infrastructure policy
Collaboration platform (Microsoft Teams) policy

Mandated

Queensland Health ICT Cabling Standard
Queensland Health Use of ICT services and devices policy
Queensland Health Use of ICT services and devices standard
Queensland Health Collaboration platforms standard

Integration

Usage	Application/service name
Application Integration Platforms, Messaging Middleware	Mandated: Enterprise Integration Platform (EIP) All application integrations (with the exception of bio-medical devices) to QH Enterprise systems shall be via the EIP. No ICT solution shall integrate or communicate directly with these enterprise systems. This excludes when data is routinely extracted from these applications for downstream analytics and processing Mandated: Secure Information Transfer Service (STS) For all external integrations with Queensland Health Enterprise system data.
My Health Record	Mandated: Upload of QH clinical information to My Health Record will be managed via the eHealth Queensland provided My Health Record Integration Solution (MHRIS)
License Management (Microsoft and Adobe License)	Mandated: Workstation Software Service All licensing of workstation Microsoft and Adobe software is to be managed by eHealth Queensland. Local purchasing of these licenses may place an Hospital and Health Service in breach of enterprise agreements. The exception is where these licenses are purchased as an ancillary component of a product. For example, Microsoft software is present on a bio-medical device and the manufacturer passes on the licensing to the Hospital and Health Service.

Collaboration software

Usage	Application/service name
Email and Calendaring	Mandated: Health Queensland Digital Collaboration Platform (Office 365) eHealth Queensland Legacy Email Service (On-Premise)
Real time and Team Collaboration	Mandated: eHealth Queensland Digital Collaboration Platform (Office 365) eHealth Queensland TeleHealth Videoconferencing Service The following products may also be used when an Information Security Risk Assessment has been conducted for the usage scenario: Apple Facetime Google Duo

Desktop

Usage	Application/service name
Desktop PCs, Desktop Terminals, Virtual Machine Desktops	Mandated: MOE associated with the eHealth Queensland Workstation Management Service The exception is where the operating system is an ancillary component of a product or service. For example, Microsoft software is present on a bio-medical device
Digital Application Systems Management, Hosting and Support	Mandated: All service impacting events with Queensland Health are to be recorded within the eHealth Queensland ITSM Platform (Service Now)

Security management

Usage	Application/service name
Identity and Access Management	Mandated: ICT User Network Access Management Service, External Network Access Service. eHealth Queensland Privileged Access Management Service (for Privileged Access Management and Application whitelisting/control)
Intrusion and Prevention Detection	Mandated: ICT User Network Access Management Service External Access Service
Public Key Infrastructure Software	Mandated: Queensland Health PKI Service (Internal QH network connected managed devices only)
Authentication Devices and Software	Mandated: ICT User Network Access Management Service and External Access Service. eHealth Queensland Privileged Access Management Service (for password vaults).
Security Event and Information Management	Mandated: eHealth Queensland Cyber Security Incident and Threat Response Service.
Content Filtering	Mandated: Corporate Safe Internet (for internet) - eHealth Queensland Digital Collaboration Platform (Office 365) (for external collaboration)
Vulnerability Management	Mandated: eHealth Queensland Vulnerability Management Service
Anti-virus and anti-malware	Mandated: eHealth Queensland supplied anti-virus and anti-malware solutions

Bandwidth and connectivity

Usage	Application/service name
Bandwidth Provision	Mandated: Wide Area Network Management Service, Local Area Network Management Service, Wi-Fi Service and Internet Service
Remote Access Devices Software	Mandated: External Network Access Service
VPN Devices and Services	Mandated: External Access Service

Networks

Usage	Application/service name
Caching and Proxy Devices and Software	Mandated: ICT Network Infrastructure Service and Internet Service Excludes devices managed on networks isolated from the QH network (BEMS, Fire, Security). Any connectivity from these networks to the QH Core Network will be managed by eHealth Queensland
Voice Network Devices and Software	Mandated: Telephony Infrastructure Support Service
LAN Devices	Mandated: Local Area Network Management Service Excludes devices managed on networks isolated from the QH network (BEMS, Fire, Security). Any connectivity from these networks to the QH Core Network will be managed by eHealth Queensland
Metropolitan Area Network (MAN) to Wide Area Network (WAN) Devices	Mandated: Wide Area Network Management Service
Wireless Network Access	Mandated: Wi-Fi Services Excludes devices managed on networks isolated from the Queensland Health network (BEMS, Fire, Security). Any connectivity from these networks to the QH Core Network will be managed by eHealth Queensland
Network Name and Address Devices and Software	Mandated: Wide Area Network Management Service, Local Area Network Management Service, Wi-Fi Service Excludes devices managed on networks isolated from the Queensland Health network (BEMS, Fire, Security). Any connectivity from these networks to the Queensland Health Core Network will be managed by eHealth Queensland
Network Performance and Optimisation Devices and Software	Mandated: ICT Network Infrastructure Service and Internet Service Excludes devices managed on networks isolated from the Queensland Health network (BEMS, Fire, Security). Any connectivity from these networks to the Queensland Health Core Network will be managed by eHealth Queensland
Radio Communications Devices	Mandated: Paging and Messaging Service Excludes locally managed Radio Communication services
Network Security Devices and Software (includes firewalls)	Mandated: Wide Area Network Management Service, Local Area Network Management Service, Wi-Fi Service, Internet Service and the eHealth Queensland Network Operations Network Time Service

Printers and scanners

Usage	Application/service name
Printer, Document / Image Scanners, Multi-Function Devices, Print Server Devices and Software	Mandated (for network connectivity only): Specialty Equipment Connection Service or Printing Support Service

Special purpose devices

Usage	Application/service name
IP Telephony Devices and Software	Mandated: Telephony Infrastructure Support Service
Desktop Telephones	Mandated: Telephony Infrastructure Support Service
Other Special Purpose Devices	Mandated: (for network connectivity only) Specialty Equipment Connection Service

Version control

Version	Date	Prepared by	Comments
1.0	01/07/2013	ICT Policy	Published with PCeHR updates
2.0	01/05/2014	ICT Policy & SAO	Formal review conducted. Principles and Outcomes updated to reflect feedback. Mandated Applications and Services reviewed and updated.
3.0	05/04/2018	Digital Policy	Formal review undertaken with Hospital and Health Services. The revised HSD has undergone a significant rewrite. The new HSD shifts the focus from an application centric approach to an information centric approach. Principles, Outcomes and Mandatory Requirements have all been updated. Endorsed ASC February 2018 Approved Director-General
4.0	20/02/2020	Digital Policy	Minor review undertaken with agreement from Hospital and Health Services Replacement of FAMMIS with S4HANA Replacement of PractiX (Legacy) Addition of myHR and MediRecords Updates to QGEA documents, supporting documents and definition of mandated Endorsed ASC January 2020 Approved Director-General
5.0	10/01/2022	Digital Policy	Approved Director-General The following changes were made to the HSD as a result of feedback from formal consultation and working group: Major update to Principles to align to the Department of Health Enterprise Architecture Policy and Queensland Health Enterprise Architecture Framework Update to Context section for clarity Inclusion of compliance with relevant legislation Update to definitions table for consistency Update to schedule 1 for correctness and consistency: Emergency Patients Episode Grouping Non-admitted Patient Events Medical Imaging Private and External Pathology Longitudinal Electronic Medical Records Digital Application Systems Management, Hosting and Support. Additional paragraph to Terminology section

Last updated: 10 January 2022