Hospital procurement engineered against the regulator's calendar — lot, batch, expiry, audit-grade across the full chain.
Pharmaceuticals, medical supplies, capital equipment. Lot / batch / expiry traceability at the engine. Multi-entity contracts and framework agreements; ENS Medium for the public-sector variant; GDPR / LOPDGDD enforced at the data tier. The compliance posture procurement officers and external auditors read first.
Lot, batch and expiry at the engine
Every consumable tracked at lot / batch / expiry through receipt, storage, dispensing and patient charge. The regulator's question — which patient received this lot, on which date, charged against which episode — answered as a single query. No reconciliation theatre.
Multi-entity contracts and frameworks
Framework agreements signed at the group level; entity-specific draw-downs against each framework; volume rebates accrued and reconciled across the entire group. The supplier sees one contract; each hospital draws against it under its own entity.
ENS Medium for public-sector
Esquema Nacional de Seguridad Medium-level controls implemented at the engine for the public-hospital variant. Real Decreto 311/2022 compliance. Access control, audit trail, incident response, vulnerability disclosure — engineered, not bolted on.
Regulatory reporting against each calendar
Pharmacovigilance, supply-chain transparency, public-sector procurement disclosure, autonomous-community-specific reporting — emitted against the calendar each regulator sets. The submission cadence honoured at the engine.
Procurement and compliance, at the depth healthcare requires.
Six surfaces of the regulated-procurement engine — sourcing, lot traceability, multi-entity contracting, audit, security posture, regulatory submission.
Catalogue and supplier master with regulatory data
Pharmaceutical and medical-device catalogue with regulatory identifiers (CIM / CN national codes, GTIN / GS1 codes, UDI for devices), supplier master with audit-grade compliance documentation (manufacturing licences, quality certifications, withdrawal history), authorised-substitute mapping for therapeutic equivalence.
Lot, batch and expiry traceability
Every lot tracked from supplier receipt through storage location, dispensing event, patient charge. Expiry-driven re-allocation, near-expiry alerting, FEFO (first-expired-first-out) issue logic. Recall events triggered by regulator notification reconciled across every dispensing location; the patient roster affected by a recall returned as a query.
Multi-entity contracting
Framework agreements signed at the hospital-group level; entity-specific draw-downs by each member hospital under terms that may differ per entity; volume rebates accrued across the group and reconciled into intercompany flows; supplier-portal visibility per the supplier's contract scope.
ENS Medium and audit posture
Esquema Nacional de Seguridad Medium-level controls (Real Decreto 311/2022) implemented at the engine for the public-hospital variant. Access control, encryption at rest and in transit, audit trail, incident response procedure, vulnerability disclosure with timed SLAs. The auditor's request answered with the certificate and the evidence in the same query.
GDPR and LOPDGDD at the data tier
Personal-data classification enforced at the metadata tier. Retention rules applied per category (clinical · administrative · financial · employment). Right-to-erasure handled with audit-grade evidence — the deletion request, the data scope, the surviving derivative data, the audit hash. Cross-border data flow controls per the EU adequacy framework.
Regulatory submission against multiple calendars
Pharmacovigilance against the EMA / national-agency calendar. Supply-chain transparency against the OECD framework. Public-sector procurement disclosure against the Spanish autonomous-community calendars (each region sets its own cadence). The submission file emitted in the format and the cadence each regulator demands.
Why procurement and compliance share a module.
Procurement and compliance look like separate concerns until you audit a regulated industry. The supplier the hospital chose, the lot the supplier shipped, the patient who received the lot, the regulator's audit five years later — these are one chain. Vendors who separate them spend the audit reconciling four systems that were supposed to agree. Axional Healthcare runs the chain as one record from the supplier master through to the patient charge ; the audit reads as a single query.
The ENS Medium framework specifically is what unlocks the public-hospital surface in the Spanish market. Without an ENS Medium-certified back-office, a private vendor cannot operate the administrative engine of a public hospital — the procurement law and the public-data-protection regime forbid it. Axional Healthcare's compliance posture is what makes the public-sector variant possible, not an after-the-fact accreditation.