Australia’s digital health system is rapidly growing and evolving and, as part of that evolution, the Agency is working closely with Services Australia, software developers, and healthcare organisations to implement enhancements to the National Authentication Service for Health (NASH).
These upgrades will provide enhanced security protection for healthcare information and reduce the need for healthcare organisations to manage multiple certificates.
What is NASH?
Introduced in 2012, NASH is a Public Key Infrastructure (PKI) solution used to access digital health services such as:
- My Health Record
- Electronic Prescribing
- Secure Messaging
- Healthcare Identifiers (HI) Service
How it works
NASH is used by healthcare provider organisations and supporting organisations to:
- authenticate and securely access digital health services
- digitally sign documents and other transactions
- encrypt health information for secure exchange
SHA-1 to SHA-2 transition
From 20 September 2021, NASH SHA-2 certificates will be available in Healthcare Provider Online Services (HPOS) to request and download. In anticipation of the transition, healthcare provider organisations are encouraged to review any notices from their software provider regarding NASH SHA-2 readiness.
When you renew your existing NASH certificate, you will receive either a SHA-1 or SHA-2 certificate based on whether your software version is SHA-2 ready.
The option to receive a SHA-1 certificate will no longer be available after 13 March 2022. All software that uses NASH must be updated to a SHA-2 ready version by that date.
Additional steps that may be required
Your software provider may advise that additional files must be downloaded and installed when you renew or request a new certificate. These may have already been installed by your software provider. If your software provider has advised you to install these additional files, please refer to their product instructions or guides.
The additional files are available on the Certificates Australia website.
- For a NASH SHA-1 certificate, download and install Sha1 Root CA Certificate and Sha1 OCA Certificate
- For a NASH SHA-2 certificate, download and install Sha2 Root CA Certificate and Sha2 OCA Certificate
Not ready to transition to SHA-2?
Until 13 March 2022, you will receive a SHA-1 NASH certificate with a 2-year validity period if you do not have SHA-2 ready software when you request your NASH certificate. This will ensure business continuity and will allow you to transition to a NASH SHA-2 certificate later.
NASH SHA-2 Readiness Register
The Agency has developed a register so that healthcare organisations can check whether their existing software product and version are SHA-2 ready. Before logging into HPOS to request a new NASH certificate, check the register below to see if your software product is SHA-2 ready.
Last updated: 19 October 2021
How to request or renew a NASH PKI certificate
To request or renew a NASH certificate, an Organisation Maintenance Officer (OMO) needs to log on to their individual PRODA account, then:
- Select Go to service on the HPOS tile. You may need to complete the linking process to proceed.
- Select My programs.
- Select Healthcare Identifiers and My Health Record tile.
- Select Healthcare Identifiers - Manage existing records.
- Select the required organisation record. When selecting the required organisation record, you may need to navigate to the correct record. Refer to view the organisation's network map, manage HPI-O details and manage your OMO procedures.
- Select the Certificates tab.
- Select Request a NASH PKI site certificate.
- Select your software product version from the first drop down list. This list contains software product versions that are able to use NASH SHA-2 certificates (SHA-2 ready). If you cannot locate your software from the drop down list, please select the most appropriate reason from the second drop down list:
- I don’t know my product: if you are unsure of what software product or version is used in your organisation.
- My product is not on the list: if your product version is not listed as SHA-2 ready.
- I have multiple products: if your organisation has multiple products that require a NASH certificate, select this option to proceed.
- I wish to select my SHA level explicitly: only when you have been advised by your software developer or you are certain which SHA level you need.
- Enter a mobile number. This is required to send a text message with your Personal Identification Code (PIC) when your certificate is ready to download.
- Tick the check box to confirm you have read and understood the terms and conditions.
- Save changes and submit.
- Once you have received a text message, your certificate is ready to download. Log into HPOS and use the PIC to download the certificate.
For assistance with HPOS or requesting a NASH certificate, please contact eBusiness Service Centre.