Overview of NASH

NASH is the National Authentication Service for Health, which is used to securely access and share information using national digital health systems, such as My Health Record and secure messaging. NASH uses Public Key Infrastructure (PKI) technology. 

Healthcare providers use NASH by installing a NASH PKI certificate into their clinical software. 

Originally, NASH certificates were on CD, but they are now only available as a file downloaded from HPOS.  

Who can request a NASH certificate?

Certificates can only be requested by a Responsible Officer (RO) or Organisation Maintenance Officer (OMO) by logging on to HPOS. 

Before you apply

  1. You must first register your organisation into the Healthcare Identifiers Service. The Service assigns your organisation with a HPI-O. 
  2. You must have a PRODA account linked to HPOS.

How do you request or renew a NASH?

Step 3 for registering for My Health Record This is a key step for registering for My Health Record.

NASH certificates have a two year expiry date from the date of issue.  You should renew your certificate three months before it expires. You can check the expiry date in HPOS:

HPOS - NASH expiry date.png

Note: In the past, you were automatically mailed a CD with the renewed certificate. With the new file download, this will no longer be the case. Instead, you will be sent a letter approximately 60 days before the certificate expires, notifying you of the expiry date, and directing you to download a new certificate through HPOS.

Here's how to both request or renew a NASH certificate:

  1. Using PRODA, log in to HPOS. (see instructions for How to register for PRODA)
  2. From the main screen, navigate to My Programs > Healthcare Identifiers & My Health Record > Healthcare Identifiers - Manage existing Records > Organisation details > Certificates.
  3. Click the 'Request a NASH PKI site certificate' link.
  4. Enter a mobile phone number.
  5. Tick the Terms and Conditions box.
  6. Click the Save changes button.
  7. Click the Submit button.


    You will then receive an SMS to the mobile number you entered. The message is: "Your NASH certificate for HPI-O XXXXXX is ready to download through HPOS. It is available for 30 days. Your PIC is XXXXXXXX. Do not reply by SMS".

    PIC stands for Personal Identification Code. Write the PIC down in case it's needed for later.

    Note: while any authorised user for the organisation will now be able to download the certificate in HPOS, it cannot be installed without the PIC that was sent by SMS. 

    If you need a new PIC, contact the HPOS help desk on 1800 723 471.


  8. Under the Action column, click the Download link to save the file to your computer. The name of the downloaded file will be ‘Site’.  
  9. Contact your IT support or software vendor to install the NASH certificate.


  • For security reasons, the NASH is only available to be downloaded for a maximum of 30 days.
  • Contact the eBusiness Service Centre on 1800 700 199 for any questions relating to the progress of the NASH Certificate request.
If you're following the key registration steps, go now to Step 4:  MyHR registration - step 4



How do you revoke an existing NASH certificate?

If you've lost your NASH PKI certificate, you need to revoke it and order a new one. 

  1. Using PRODA, log in to HPOS.
  2. From the main screen, navigate to My Programs > Healthcare Identifiers & My Health Record > Healthcare Identifiers - Manager existing Records.
  3. If more than one organisation is listed, click the appropriate one. 
  4. Click Organisation details link.
  5. Click the Certificates tab.
  6. Under the Action column, click the Revoke link. 
  7. You will get a warning notification. To continue, read the notice and click the Ok button.
  8. Fill out the form with your contact number and reason for revocation.
  9. Tick the Terms and Conditions box.
  10. Click the Save changes button.
  11. Click the Submit button.

 The request is sent to the Department of Human Services support team for processing.