- Overview of NASH
- Who can request a NASH certificate?
- Checking your NASH Certificate details
- Transitioning from NASH SHA-1 to NASH SHA-2
- How do you request or renew a NASH SHA-2?
- How do you revoke an existing NASH SHA-2 certificate?
Overview of NASH
NASH is the National Authentication Service for Health, which is used to securely access and share information using national digital health systems, such as My Health Record, Electronic prescribing and secure messaging. NASH uses Public Key Infrastructure (PKI) technology.
Healthcare providers use NASH by installing a NASH PKI certificate into their clinical software.
Originally, NASH certificates were on CD, but they are now only available as a file downloaded from Healthcare Professional Online Services (HPOS).
Who can request a NASH certificate?
Certificates can only be requested by the Organisation Maintenance Officer (OMO) logging on to HPOS.
Before you apply
- You must first register your organisation into the Healthcare Identifiers Service. The Service assigns your organisation with a HPI-O.
- You must have a PRODA account linked to HPOS.
Checking your NASH Certificate details
A major transition from NASH SHA-1 to NASH SHA-2 Certificates occurred on 13th March 2022. SHA-2 certificates renewed at this time have a 2 year expiry.
To check your NASH certificate details, follow the steps below.
To check a NASH PKI certificate, an Organisation Maintenance Officer (OMO) needs to log in to their individual PRODA account (see instructions for How to register for PRODA), then:
- Select Go to service on the HPOS tile. You may need to complete the linking process to proceed. Proceed as individual only
- Proceed to My programs.
- Select Healthcare Identifiers and My Health Record tile.
- Select Healthcare Identifiers - Manage existing records.
- Select My organisation details. Note: If connected to multiple organisations you will first need to select the required organisation record.
- Select the Certificates tab. On this page you will be able to see what certificates have been requested for your organisation, including the Certificate Type and Expiry Date.
Transitioning from NASH SHA-1 to NASH SHA-2
All healthcare provider organisations using NASH certificates were required to transition to NASH SHA-2 by
31 December 2022 to meet Australian Government cyber security requirements.
A list of software using NASH certificates is available in the NASH SHA-2 Readiness Register.
How do you request or renew a NASH SHA-2?
This is a key step for registering for My Health Record. |
- Using PRODA, click on Go to Service on the HPOS tile. (see instructions for How to register for PRODA)
Note: You may be prompted to choose an Organisation to act on behalf of: Select - No Organisation - Proceed as Individual only
- From the main screen, navigate to
>My Programs
> Healthcare Identifiers & My Health Record
> Healthcare Identifiers - Manage existing Records (choose organisation)
> Organisation details
> Certificates tab.
3. Click the 'Request a NASH PKI site certificate' link or Under the Action column, click the "Renew" link to renew your certificate.
Select your Software Product and version from the drop-down menu (This is a list of software versions ready to use SHA-2 NASH certificates).
If you are unable to see your Software Product and version, or you need multiple certificates, the system will automatically refer you to your software vendor for verification that your software is SHA-2 ready.
If you are unsure of the version of the software you are using, generally, you can navigate to ‘Help’ > ‘About’.
4. Enter a mobile phone number.
5. If you are renewing your NASH certificate, tick the box "If you have an existing NASH certificate, please confirm that you agree for us to revoke it after 90 days".
6. Tick the Terms and Conditions box.
7. Click the Save changes button.
8. Click the Submit button.
Note: Most NASH certificates will be available to download within 1 hour, some may be delayed by 24 hours.
Next steps:
You will then receive an SMS to the mobile number you entered. The message is: "Your NASH certificate for HPI-O XXXXXX is ready to download through HPOS. It is available for 30 days. Your PIC is XXXXXXXX. Do not reply by SMS".
PIC stands for Personal Identification Code. Write the PIC down in case it's needed for later.
Note: while any authorised user for the organisation will now be able to download the certificate in HPOS, it cannot be installed without the PIC that was sent by SMS.
If you need a new PIC, contact the HPOS help desk on 1800 700 199 (option 2).
- Under the Action column, click the Download link to save the file to your computer. The name of the downloaded file will be ‘Site’.
- Contact your IT support or software vendor to install the NASH certificate.
Notes:
- For security reasons, the NASH is only available to be downloaded for a maximum of 30 days.
- Contact the eBusiness Service Centre on 1800 700 199 (Option 2) for any questions relating to the progress of the NASH Certificate request.
How do you revoke an existing NASH SHA-2 certificate?
If you've lost your NASH PKI certificate, you need to revoke it and order a new one.
- Using PRODA, log in to HPOS.
- From the main screen, navigate to My Programs > Healthcare Identifiers & My Health Record > Healthcare Identifiers - Manager existing Records.
- If more than one organisation is listed, click the appropriate one.
- Click Organisation details link.
- Click the Certificates tab.
- Under the Action column, click the Revoke link.
- You will get a warning notification. To continue, read the notice and click the Ok button.
- Fill out the form with your contact number and reason for revocation.
- Tick the Terms and Conditions box.
- Click the Save changes button.
- Click the Submit button.