What Is ADHA Conformance? Why It Matters Before You Trust an App With Your Prescriptions

ADHA conformance means an app has been assessed and registered by the Australian Digital Health Agency (ADHA) as meeting the safety, security, and interoperability standards required to handle electronic prescriptions. For Australian patients, choosing an ADHA-conformant eScript app ensures your prescription data is handled securely and in compliance with national digital health standards. OpenPharmacy is listed on the ADHA ePrescribing Conformance Register.

What is the Australian Digital Health Agency?

The Australian Digital Health Agency (ADHA) is the government body responsible for Australia's national digital health infrastructure. Established in 2016 and headquartered in Sydney, the ADHA oversees the programs that make electronic health services work consistently and securely across the country.

The ADHA's mandate covers three core systems that affect almost every Australian who interacts with the healthcare system. First, My Health Record: the national digital health repository where clinical documents, pathology results, and medication records are stored. Second, electronic prescribing: the national infrastructure that allows doctors to issue prescriptions electronically instead of on paper, and pharmacies to dispense them without a physical script. Third, the Active Script List (ASL): a centralised, real-time record of a patient's current electronic prescriptions that participating pharmacies can access with the patient's consent.

For any software product to connect to these national systems, it must pass through the ADHA's conformance assessment process. This is not a self-certification or a checkbox process. It involves formal technical testing, security review, and registration on the ADHA's public conformance registers.

What does ADHA conformance actually mean?

ADHA conformance is a formal assessment process with three distinct pillars: functional requirements, security requirements, and interoperability requirements. An app must satisfy all three to receive registration.

• Functional requirements

  The app must correctly handle eScript tokens according to the national electronic prescribing standard. This includes how tokens are imported, displayed, updated after dispensing, and archived. Incorrect handling of tokens could result in patients being unable to fill prescriptions or in tokens being misused.

• Security requirements

  Apps must use encryption standards approved by the Australian Signals Directorate (ASD), the national cybersecurity authority within the Australian Cyber Security Centre. ASD-approved encryption is the benchmark for securing sensitive government and health data in Australia. All data must be stored and transmitted to a standard that protects against unauthorised access.

• Interoperability requirements

  The app must communicate correctly with national systems including the National Prescription Delivery Service (NPDS) and the Active Script List. This ensures that when a pharmacist scans a QR code from a conformant app, the national system responds correctly and the dispensing record is accurate.

Once an app meets all three requirements, it is listed on the ADHA ePrescribing Conformance Register, a publicly accessible register on digitalhealth.gov.au. This listing is the definitive proof that an app has been formally assessed, not just self-described as compliant.

Why ADHA conformance matters for patients

When you use an eScript app to store and present your prescriptions, you are trusting it with sensitive health information. Conformance gives you three concrete protections that unregistered apps cannot offer.

• ✓

  Your health data is protected to a government-verified standard

  Conformant apps have had their security architecture independently assessed. The ASD-approved encryption requirement means your prescription data is protected using the same standards applied to government and defence systems. An app that claims to be 'secure' without ADHA registration has made no externally verified commitment to that standard.

• ✓

  The app has been tested to correctly handle your prescriptions

  Functional testing during the conformance process verifies that the app correctly reads, stores, and presents eScript tokens. A faulty or non-conformant implementation could result in tokens being corrupted, QR codes being unreadable at the pharmacy, or repeat counts being displayed incorrectly — meaning you might arrive at the pharmacy without a working script.

• ✓

  Your prescription data cannot be legally shared with third parties

  Conformant apps operate under the Australian Privacy Principles (APPs) and the specific privacy obligations of the national electronic prescribing framework. These rules prohibit sharing your prescription data with third parties for advertising, analytics, or commercial purposes. Apps that are not registered have made no formal commitment to this framework.

How to verify an app is ADHA-conformant

The word 'compliant' appears frequently in app store listings. It means almost nothing on its own — any developer can write it. Conformance means registered. Here is how to check.

1. 1

   Check the ADHA ePrescribing Conformance Register

   Visit digitalhealth.gov.au and navigate to the registers section. The ePrescribing Conformance Register lists every app and software product that has completed the formal assessment. If an app is not on this list, it is not ADHA-conformant, regardless of what its marketing says.

2. 2

   Look for an explicit registration claim in the app listing

   A genuinely conformant app will name the specific register it appears on, not just say it 'meets Australian standards' or is 'ADHA-compliant'. The phrase to look for is 'registered on the ADHA ePrescribing Conformance Register'.

3. 3

   Check the app's privacy policy for Australian Privacy Principles

   Conformant apps must operate under the Australian Privacy Principles. The privacy policy should reference the APPs and clearly state that prescription data is stored in Australia and is not shared with third parties. A policy that does not mention the APPs or that allows data sharing for commercial purposes is a red flag.

OpenPharmacy and ADHA conformance

OpenPharmacy is developed by Easy As Health Pty Ltd, a Brisbane-based digital health company. The app is registered on the ADHA ePrescribing Conformance Register, confirming it has completed the formal assessment for handling Australian electronic prescriptions.

On the security side, OpenPharmacy uses end-to-end ASD-approved encryption for all prescription data. ASD-approved encryption is the benchmark standard set by the Australian Signals Directorate for protecting sensitive government and health data. All data is stored on Australian servers and is never shared with third parties.

The app is built around a specific design principle: your prescription QR codes must always be available, including without an internet connection. Scripts are stored directly on your device so they are accessible in areas with no mobile signal — rural pharmacies, underground car parks, hospital basements — without any dependency on a server connection at the point of dispensing.

OpenPharmacy also makes it effortless to manage scripts for family members. Simply upload any eScript and the app automatically groups and sorts scripts by individual, so parents and carers can manage prescriptions for children and elderly parents within one account, all behind a 4-digit PIN.

For a full comparison of how OpenPharmacy's security compares to other Australian eScript apps, see: Best eScript Apps in Australia (2026): Compared by Offline Access, Security, and Family Features.

For a detailed ADHA-conformance comparison between OpenPharmacy and Scripty, see: OpenPharmacy vs Scripty: Which eScript Wallet Is Right for You?.

Questions to ask before downloading any health app

Use this checklist when evaluating any Australian eScript app. Every item on this list has a direct connection to whether your prescription data is genuinely protected.

• Is it on the ADHA ePrescribing Conformance Register?

  Registration is the only externally verified proof that the app meets national standards. Check digitalhealth.gov.au directly rather than trusting the app's own description.

• Where is your data stored?

  Your prescription data should be stored on Australian servers subject to Australian privacy law. Offshore storage means different legal protections and may not comply with the Australian Privacy Principles.

• Is there a clear privacy policy?

  A conformant app's privacy policy should explicitly reference the Australian Privacy Principles and confirm that prescription data is not shared with third parties for any commercial purpose.

• Is the app independent of a pharmacy chain?

  Apps owned by pharmacy chains have a commercial relationship with where you fill your prescriptions. An independent app has no incentive to direct you to a specific pharmacy, and your script data is not used to influence where you shop.

• Does the app work offline?

  An app that requires a server connection to display your QR code can leave you unable to fill a prescription in areas with poor reception. Offline-first storage means the QR code is on your device, not retrieved from a remote server.

Source: Australian Digital Health Agency — Electronic Prescriptions (digitalhealth.gov.au)

Frequently Asked Questions

New to eScripts? Read our plain-English explainer: What Is an eScript Wallet? A Plain-English Guide for Australians.