NASH PKI certificates for software vendors and developers

Information and resources about NASH PKI certificates to help software developers or vendors that work in healthcare provider organisations.

National Authentication Service for Health (NASH) Public Key Infrastructure (PKI) certificates let healthcare providers and supporting organisations securely communicate and exchange health information electronically. These certificates:

  • are used to access the My Health Record system
  • provide confidence in the integrity of information transmitted, and
  • allow the secure exchange of health information with other healthcare providers

NASH PKI test kit

You can use a test certificate to authenticate in the test environment for:

  • the My Health Record system, and
  • sending and receiving secure messages

Test certificates cannot be used in the:

  • My Health Record production environment
  • Healthcare Identifiers (HI) Service, or
  • any other online program

When you apply for a test kit, you agree to the terms and conditions of Licence.

When using the test kit, you are bound by these terms and conditions.

You can apply for a NASH PKI test kit by sending an email to otsliaison@humanservices.gov.au with the reason why you need the test kit. We will send you an, Application to request a National Authentication Service for Health Public Key Infrastructure Test Certificate kit form, which you will need to sign and return to us.

This form includes the terms and conditions (Licence) by which we agree to license or otherwise make a test certificate kit available.

When we have received your completed and signed form, we will send you the test kit.

Certificates in the NASH PKI test kit

When you get the NASH PKI test kit, check that it has the following certificates:

  • an active test NASH PKI certificate for Healthcare Provider Organisations for two test organisations
  • a revoked test NASH PKI certificate for Healthcare Provider Organisations for a test organisation, if requested, and
  • an active test NASH PKI certificate for Supporting Organisations for a test organisation, if requested

Test organisation names will vary in different test kits. Any healthcare identifiers embedded in the certificates are test healthcare identifiers only.

Test certificates are valid for 2 years.

Using the active test certificates

Use both active test NASH PKI certificates for Healthcare Provider Organisations to:

  • check secure messaging is operating correctly, and
  • check the NASH Test Directory can be accessed

Use the active test NASH PKI certificate for Supporting Organisations to:

  • check secure messaging is operational between intermediary organisations
  • check the NASH Test Directory can be accessed with a supporting organisation NASH PKI certificate

Using the revoked test certificates

Use the revoked test NASH PKI certificate for Healthcare Provider Organisation to:

  • check secure messaging cannot occur when one of the organisations has a revoked certificate. To test this use one of the test NASH PKI certificate for Healthcare Provider Organisations
  • confirm an organisation cannot access the NASH Test Directory when they use a revoked certificate.

Installing test certificates

If you need technical support to install the certificates call us.

NASH, Medicare claims and payments PKI certificate compatibility matrix

NASH, My Health Record, secure messaging and HI Service PKI certificates - usage summary.

Certificate type My Health Record system NASH HI Service Secure messaging
  B2B Provider Portal NASH Directory HPOS B2B B2B
DHS PKI Individual Certificate
1.5.1.2
Yes Yes Yes Yes Yes Yes
Medicare PKI Site Certificate
1.6.1.2
Yes Yes Yes Yes Yes Yes
Medicare PKI Site Certificate (For PBS Community)
1.3.1.2
Yes Yes Yes Yes Yes Yes
DHS Individual Certificate for Healthcare Provider Individuals via data source for HI Service
1.7.1.1
Yes Yes Yes Yes Yes Yes
DHS PKI Individual Certificate for an authorised Organisation Maintenance Officer (OMO) under the HI Service
1.8.1.1
Yes Yes Yes Yes Yes Yes
Medicare Network Organisation PKI Site Certificate under the HI Service
1.9.1.1
Yes Yes Yes Yes Yes Yes
NASH PKI Certificate for Individual Healthcare Provider*
1.11.1.1
Yes Yes Yes Yes Yes Yes
NASH PKI Certificate for Healthcare Provider Organisations**
1.10.1.1
Yes Yes Yes Yes Yes Yes
NASH PKI Certificate for Supporting Organisations
1.12.1.1
Yes Yes Yes Yes Yes Yes

* Usage also applies to eHealth Record Organisation PKI certificate
** Usage also applies for eHealth Record Individual PKI certificate

NASH operational requirements

Personal identification code (PIC)

A Personal Identification Code (PIC) is the secure code you will need to access your certificate. The certificate will be locked if the PIC has been entered incorrectly three times.

The NASH PKI test kit includes a PIC for each certificate which is needed to install the test certificate. If you lose your PIC, call us.

Personal identification code unlock key (PUK)

You will need a personal identification code unlock key (PUK) to unlock your certificate if the PIC has been entered incorrectly three times. The PUK is only used for the NASH PKI certificate for Individual Healthcare Providers.

If the PUK is entered incorrectly three times you will need to request a replacement certificate.

The PUK for a test certificate is available for software vendors by calling us.

Expiring certificates

Test NASH PKI certificates have a lifespan of two years from the issue date. If you need to continue using test certificates, you will need to request new test certificates before this time. You should contact us to start the replacement process at least a month before your NASH PKI test certificates expire.

You can replace your test certificates by calling or by emailing us.

Revoking certificates

Certificates can be revoked if they are:

  • lost
  • compromised, or
  • no longer required

If you still need them, lost certificates can be revoked and then replaced.

Support for revoked certificates is available by calling us.

NASH Directory

The NASH Directory is a secure directory of active NASH PKI certificates for Healthcare Provider Organisations and supporting organisations. You can use key words to search the NASH directory to find an entity's PKI certificate.

You can access the NASH Directory and NASH Test Directory through the Certificates Australia website.

Legislative, privacy and policy requirements

Healthcare providers and organisations’ healthcare identifiers are embedded in NASH PKI certificates.

The Healthcare Identifiers Act 2010 regulates the use and disclosure of healthcare identifiers.

It is important your organisation makes sure certificates are always used for the purpose of providing healthcare.

Read more about specific certificate policies.

NASH PKI support and contact information

Developing your product

We can provide support to help you develop your product.

The OTS Liaison is the first point of contact and escalation for software vendors.

You can call or email us.

More information

Read more about:

  • secure messaging, including links to the Standards Australia standards, on the NEHTA website
  • My Health Record system, on the Department of Health website
  • the NASH Test Directory and to access the directory, on the Certificates Australia website
  • the National e-Authentication Framework, on the Department of Finance website
  • healthcare identifiers and My Health Record legislation, on the ComLaw website

Feedback

You can provide feedback to us via email at nash.business.team@humanservices.gov.au.

Related services

Page last updated: 18 October 2016

This information was printed Sunday 4 December 2016 from humanservices.gov.au/health-professionals/enablers/nash-pki-certificates-software-vendors-and-developers It may not include all of the relevant information on this topic. Please consider any relevant site notices at humanservices.gov.au/siteinformation when using this material.