National Authentication Service for Health

Healthcare providers and supporting organisations use the National Authentication Service for Health (NASH) to securely access and share health information.

About

NASH Public Key Infrastructure (PKI) certificates help you to:

  • access My Health Records
  • securely share health information using software that meets Secure Message Delivery requirements and
  • access the NASH directory on the Certificates Australia website

Read more about PKI.

Eligibility

You're eligible for a NASH PKI certificate if your organisation is registered in the Healthcare Identifiers (HI) Service as:

  • a healthcare provider organisation
  • a contracted service provider, or
  • a general supporting organisation that assists in the delivery of digital health

NASH PKI certificates aren’t available for individual healthcare providers registered in the HI Service.

Read more about applying for your healthcare identifier and NASH PKI certificate.

Applying

NASH PKI certificate for healthcare provider organisations

NASH PKI certificates for healthcare provider organisations are only available through Health Professional Online Services (HPOS).

Before you apply for your NASH PKI certificate, make sure:

  • your organisation is registered in the HI Service
  • you have a Provider Digital Access (PRODA) account linked to HPOS so you can download your certificate

You need to provide a mobile phone number. We’ll send you an SMS when your certificate is ready and add this number to the system.

Read more about how to request your NASH PKI certificate for your organisation.

Read more about PRODA

Certificate policy and terms and conditions

You must read the Certificate Policy, Terms and Conditions of Use and Relying Party Agreement. You agree to them when you submit your online application.

Application outcome

After we’ve processed your application we’ll send you an SMS the next day letting you know your certificate is ready to download from HPOS.

The message will include your personal identification code (PIC) to install the certificate.

You need to install and import your NASH PKI certificate into your My Health Record system compliant software.

Contact your software vendor if you need help with installation. 

NASH PKI certificate for contracted service providers and general supporting organisations

To access the My Health Record system:

  • general supporting organisations (GSO) must provide infrastructure and information for the My Health Record system outside the role of a contracted service provider
  • contracted service providers must be IT organisations who provide management or communication of health information on behalf of healthcare provider organisations

You apply for your Healthcare Identifiers registration number and NASH PKI certificate at the same time.

Read more about the Healthcare Identifiers Service for health professionals.

Read more about applying for your healthcare identifier and NASH PKI certificate.

Certificate policy and terms and conditions

You must read the Certificate Policy and Terms and Conditions of Use. You agree to these when you sign the application form.

Application outcome

We'll post the NASH PKI certificate to the person who applied for it. We'll post it to the address you register in the HI Service.

You’ll need a PIC to install the NASH PKI certificate. We'll post that to you separately.

To use the certificate, install it into the My Health Record system or Secure Message Delivery compliant software.

Managing

NASH directory

The NASH directory lists healthcare providers and supporting organisations with an active NASH PKI certificate.

If you have a NASH PKI certificate, you can access the NASH directory on the Certificates Australia website.

Manage your details

You manage your NASH PKI certificate by updating details in the HI Service.

Read more about managing your details in the HI Service.

Healthcare provider organisations can use HPOS to manage most contact details. To access HPOS you need a PRODA account.

Read more about PRODA.

Manage your certificates

Expired certificates

NASH PKI certificates expire 2 years from the date of issue.

You can check the expiry date:

  • in HPOS for digital certificates
  • printed on the side of physical tokens

Renewing certificates

You need request a new NASH PKI certificate when the expiry date is close. We’ll send a reminder before your certificate expires.

Healthcare organisations need to request a new certificate in HPOS.

We automatically renew NASH PKI certificates for contracted service providers and general supporting organisations.

Certificates no longer needed

If you don’t need or use the NASH PKI certificate, let us know.

If you have a digital NASH PKI certificate, go to HPOS to request that your certificate be revoked.

If you have a physical token, complete and send us a Request to Revoke and/or Reissue a National Authentication Service for Health Public Key Infrastructure certificate form.

Lost certificates

If you've lost your NASH PKI certificate, you need to revoke it and order a new one. 

If you have a digital NASH PKI certificate, go to HPOS to request that your certificate be revoked.

If you have a physical token, complete and send us a Request to Revoke and/or Reissue a National Authentication Service for Health Public Key Infrastructure certificate form.

Certificate not received

If you don't get your certificate or can’t download it, contact the eBusiness Service Centre.

They can also help if you have a certificate and need assistance.

Correct installation of certificates

If you’re unsure if your certificate is correctly installed, contact your software vendor.

Resources

Software vendors and developers

If you’re a software vendor or developer we have information and resources to help you.

Read more about NASH PKI certificates for software vendors and developers.

Page last updated: 24 September 2018