Skip to main content

National Authentication Service for Health (NASH)

NASH SHA-1 to SHA-2 transition update

More than 70% of all NASH PKI certificates have transitioned to SHA-2. If you are not sure which certificate type you have, you will be able to check this in HPOS from June 2022.

How to request or renew a NASH PKI certificate

To request or renew a NASH PKI certificate, an Organisation Maintenance Officer (OMO) needs to log on to their individual PRODA account, then: 

  1. Select Go to service on the HPOS tile.
    You may need to complete the linking process to proceed.
    Proceed as individual only
  2. Select  My programs
  3. Select Healthcare Identifiers and My Health Record tile.
  4. Select Healthcare Identifiers - Manage existing records
  5. Select My organisation details.
    Note: If connected to multiple organisations you will first need to select the required organisation record.
  6. Select the Certificates tab. 
  7. If your certificate has not expired click Renew, otherwise select Request a NASH PKI certificate from the task list.
  8. Select your software product version from the first drop down list. This list contains software product versions that are SHA-2 ready. If you cannot locate your software from the drop down list, please select the most appropriate reason from the second drop down list:
    • I don’t know my product: if you are unsure of what software product or version is used in your organisation.
    • My product is not on the list: if your product version is not listed as SHA-2 ready.
    • I have multiple products: if your organisation has multiple products that require a NASH certificate, select this option to proceed.
    • I wish to select my SHA level explicitly: only when you have been advised by your software developer or you are certain which SHA level you need.
  9. Enter a mobile number. When the certificate is ready to download you will receive a text message to the mobile number provided.
  10. Tick the check box to confirm you have read and understood the terms and conditions. 
  11. Save changes and submit.
  12. Once you have received a text message, your certificate is ready to download. Log into HPOS to download the certificate. The PIC is used during the installing of the certificate.
  13. Import your NASH certificate into your software. (Check software provider website for further instructions) 

Additional steps that may be required

Your software provider may advise that additional files must be downloaded and installed when you renew or request a new certificate. These may have already been installed by your software provider. If your software provider has advised you to install these additional files, please refer to their product instructions or guides.

The additional files are available on the Certificates Australia website.

  • For a NASH SHA-1 certificate, download and install SHA-1 Root CA Certificate and SHA-1 OCA Certificate
  • For a NASH SHA-2 certificate, download and install SHA-2 Root CA Certificate and SHA-2 OCA Certificate

For assistance with HPOS or requesting a NASH PKI certificate, please contact eBusiness Service Centre.

What is NASH?

Introduced in 2012, NASH is a Public Key Infrastructure (PKI) solution used to access digital health services such as:

  • Electronic prescribing
  • My Health Record
  • Secure messaging
  • Healthcare Identifiers (HI) Service

How it works

NASH is used by healthcare provider organisations and supporting organisations to:

  • authenticate and securely access digital health services
  • digitally sign documents and other transactions
  • encrypt health information for secure exchange
Diagram: National Authentication Service for Health


SHA-1 to SHA-2 transition

NASH SHA-2 certificates are available in Healthcare Provider Online Services (HPOS) to request and download. In anticipation of the transition, healthcare provider organisations are encouraged to review any notices from their software provider regarding NASH SHA-2 readiness.

Not ready to transition to SHA-2?

Sites that require a new NASH SHA-1 certificate after 7 May 2022 (because they have not yet updated to SHA-2-ready software) will be required to submit their plans to update to SHA-2-ready software and obtain approval to be issued with an interim NASH SHA-1 certificate.

All sites must be using NASH SHA-2 certificates by 31 December 2022 to comply with Australian Government cyber security requirements.

NASH SHA-2 Readiness Register

The Agency has developed a register so that healthcare organisations can check whether their existing software product and version are SHA-2 ready. Before logging into HPOS to request a new NASH certificate, check the register below to see if your software product is SHA-2 ready.

Last updated: 11 May 2022

Open Chat
Digital Health Chat