National Authentication Service for Health

Healthcare providers and supporting organisations use the National Authentication Service for Health (NASH) to securely access and share health information.

Eligibility

About NASH

NASH Public Key Infrastructure (PKI) certificates help you to:

You can apply for a NASH PKI certificate if you meet the eligibility criteria.

Eligibility for a NASH PKI certificate

You're eligible for a NASH PKI certificate if:

  • you're registered in the Healthcare Identifiers (HI) Service, and are:
    • a healthcare provider,
    • a contracted service provider, or
    • a general supporting organisation that assists in the delivery of Digital Health

Applying

NASH PKI certificate for individual healthcare providers

We no longer issue NASH PKI certificates for individual healthcare providers.

You now need a Provider Digital Access (PRODA) account to log on to the My Health Record National Provider Portal.

If you already have a PRODA account, log on to PRODA, select the My Health Record National Provider Portal tile, and follow the prompts.

You can use an existing NASH PKI certificate for individual healthcare providers to access the National Provider Portal until it expires. After that, you’ll need to log on using a PRODA account.

Read more about PRODA.

NASH PKI certificate for healthcare provider organisations

Before you apply for a NASH PKI certificate, you need to register in the HI Service and get a Healthcare Provider Identifier-Organisation (HPI-O).

Read more about the Healthcare Identifiers Service for health professionals.

Certificate policy and terms and conditions

You must read the Certificate Policy, and Relying Party Agreement.

You must also read and agree to the Terms and Conditions of Use before requesting your certificate. 

Apply as an organisation

If you’re an organisation, apply for a NASH PKI certificate online through Health Professional Online Service (HPOS).

Read more about requesting NASH certificates through HPOS.

Application outcome

We'll post the NASH PKI certificate to your Responsible Officer (RO) or Organisation Maintenance Officer (OMO) at the address you register in the HI Service.

You'll need a personal identification code (PIC) to install the NASH PKI certificate. We'll post that to you separately.

The NASH PKI certificate comes with information to help you install it. You need to install and import it into your My Health Record system compliant software.

Contact your software vendor if you need help with installation. 

NASH PKI certificate for contracted service providers

To access the My Health Record system as a contracted service provider (CSP) you must provide information technology or health information management services under contract to a healthcare provider organisation.

Certificate policy and terms and conditions

You must read the Certificate Policy and Relying Party Agreement and agree to the Terms and Conditions of Use included in the Application to register a Contracted Service Provider organisation record form.

You need to register:

  • with the HI Service to get a registration number, and
  • with the My Health Record system to request a NASH PKI certificate

Download and complete the Application to register a Contracted Service Provider organisation record form

Application outcome

We'll post the NASH PKI certificate to the CSP officer who applied for it. We'll send it to the address you register in the HI Service.

You need a PIC to install the NASH PKI certificate. We'll post that to you separately.

The NASH PKI certificate comes with information to help you install it. You need to install it into the My Health Record system or Secure Message Delivery compliant software.

NASH PKI certificate for general supporting organisations

To access the My Health Record system, a general supporting organisation (GSO) must provide infrastructure and information for the My Health Record system outside the role of a contracted service provider.

Certificate policy and terms and conditions

You must read the Certificate Policy, and Relying Party Agreement and agree to the Terms and Conditions of Use included in the Application to register a General Supporting Organisation form.

Apply as a general supporting organisation

If you're a general supporting organisation you need to register:

  • with HI Service to be assigned a registration number, and
  • with the My Health Record system to request a NASH PKI certificate

Download and complete the Application to register a General Supporting Organisation form

Application outcome

We'll post the NASH PKI certificate to the GSO officer who applied for it. We'll post it to the address you register in the HI Service.

You’ll need a PIC to install the NASH PKI certificate. We'll post that to you separately.

To use the certificate, install it into the My Health Record system or Secure Message Delivery compliant software.

Managing

NASH directory

The NASH directory lists healthcare providers and supporting organisations with an active NASH PKI certificate.

If you have a NASH PKI certificate, you can access the NASH directory on the Certificates Australia website.

Updating your details

If you change your details in the HI Service this also changes the information we have about you for future NASH PKI certificates.

To change your name, correct your date of birth or update details that require supporting documents use the Healthcare Identifiers Service - Application to Amend a Healthcare Provider Record form (HW034).

Healthcare provider organisations

You can use HPOS to manage most of your contact details. To access HPOS you need a PRODA account.

Individual healthcare providers

If you're an individual healthcare provider registered with the Australian Health Practitioner Regulation Agency (AHPRA) you must contact it to update your registration details, including your address.

If you're an individual healthcare provider not registered with AHPRA, you can use HPOS to manage your contact details. 

Managing your certificates

Expiring certificates

NASH PKI certificates expire 2 years from the date of issue. The expiry date is printed on the installation CD, Smartcard and key tag.

Renewing certificates

Your NASH PKI certificate is renewed automatically if you have an active Healthcare Identifier.

If you don't get a new certificate 3 weeks before your certificate is due to expire, contact the eBusiness Service Centre.

Certificates no longer used or needed

If you don’t need or use the NASH PKI certificate, let us know.

Complete and send us a Request to Revoke and/or Reissue a National Authentication Service for Health Public Key Infrastructure certificate form.

You must do this at least 60 days before your certificate expires.

Lost certificates

If you've lost your NASH PKI certificate, you need to revoke it and request a new one. 

Complete and return the Request to Revoke and/or Reissue a National Authentication Service for Health Public Key Infrastructure certificate form.

Certificate not received

If you don't get your certificate, contact the eBusiness Service Centre.

They can also help if you have a certificate and need assistance.

Correct installation of certificates

If you’re unsure if your certificate is correctly installed, contact your software vendor.

Resources

Software vendors and developers

If you’re a software vendor or developer we have information and resources to help you.

Read more about NASH PKI certificates for software vendors and developers.

Page last updated: 24 July 2018