Skip to main content

National Authentication Service for Health (NASH)

Support for NASH SHA-1 and Medicare PKI expires 24 March 2024

Digital health support for NASH SHA-1 and Medicare PKI certificates will be turned off after 24 March 2024. The Healthcare Identifiers Service (HI Service) and My Health Record system will no longer accept connections from NASH SHA-1 or Medicare PKI certificates.

Your software must be configured to use a NASH SHA-2 certificate by 24 March 2024.

SHA-1 to SHA-2 transition

NASH SHA-2 certificates are available in Healthcare Provider Online Services (HPOS) to request and download. All healthcare provider organisations must transition to NASH SHA-2 to meet Australian Government cyber security requirements.

Configure your software to use NASH SHA-2

NASH SHA-2 certificates must be used by clinical information systems connecting to the Healthcare Identifiers Service (HI Service) and My Health Record system. Previously the HI Service allowed the use of either a NASH or Medicare PKI certificate.

After 24 March 2024 only a NASH SHA-2 certificate can be used for the HI Service and My Health Record system. Please make sure your software is configured to use your NASH SHA-2 certificate for the HI Service and My Health Record system.

Note that many systems have separate configurations for the HI Service and My Health Record certificates. You must update the certificate in both places.

What NASH certificate type do I have?

To manage a NASH PKI certificate, an Organisation Maintenance Officer (OMO) needs to log in to their individual PRODA account, then: 

  1. Select Go to service on the HPOS tile.You may need to complete the linking process to proceed.Proceed as individual only
  2. Select My programs. 
  3. Select Healthcare Identifiers and My Health Record tile.
  4. Select Healthcare Identifiers - Manage existing records. 
  5. Select My organisation details.Note: If connected to multiple organisations you will first need to select the required organisation record.
  6. Select the Certificates tab. On this page you will be able to see what certificates have been requested for your organisation, including the Certificate Type and Expiry Date. 

If you have a NASH SHA-1 certificate and your software product is compatible with NASH SHA-2, follow the guide to revoke your NASH SHA-1 and upgrade to a SHA-2

How to revoke your NASH SHA-1 and upgrade to SHA-2

Follow these steps if your organisation has a software product compatible with NASH SHA-2 and you are ready to upgrade from your SHA-1 certificate. 

To revoke your NASH SHA-1 certificate and upgrade to SHA-2, an Organisational Maintenance Officer (OMO) needs to log in to their individual PRODA account. 

  1. Select Go to service on the HPOS tile. 
    You may need to complete the linking process to proceed. Proceed as individual only.
  2. Select My programs.
  3. Select Healthcare Identifiers and My Health Record.
  4. Select Healthcare Identifiers - Manage existing records.
  5. Select My organisation details.
    Note: If connected to multiple organisations you will first need to select the required organisation record.
  6. Select the Certificates tab. 
  7. Under the Action columns click the Revoke hyperlink next to the NASH SHA-1 certificate you wish to revoke.
  8. You should get a warning notification. To continue read the notification and click OK.
  9. Complete the form and select your reason for revocation as ‘transitioning to a NASH SHA-2 Certificate’.
  10. Tick the Terms and Conditions box and click Save changes.
  11. Click the Submit button.

Once Service Australia have processed the revocation request, the OMO will be advised that they can now request a NASH SHA-2 certificate, follow the guide to request or renew your NASH PKI certificate.

NASH SHA-2 Readiness Register

The Agency has developed a register so that healthcare organisations can check whether their existing software product and version are SHA-2 ready. Before logging into HPOS to request a new NASH certificate, check the register below to see if your software product is SHA-2 ready.

How to request or renew a NASH PKI certificate

To request or renew a NASH PKI certificate, an Organisation Maintenance Officer (OMO) needs to log on to their individual PRODA account, then: 

  1. Select Go to service on the HPOS tile.
    You may need to complete the linking process to proceed.
    Proceed as individual only
  2. Select My programs
  3. Select Healthcare Identifiers and My Health Record tile.
  4. Select Healthcare Identifiers - Manage existing records
  5. Select My organisation details.
    Note: If connected to multiple organisations you will first need to select the required organisation record.
  6. Select the Certificates tab. 
  7. If your certificate has not expired, click the Renew hyperlink next to the NASH certificate you wish to renew. Otherwise, click the Request a NASH PKI site certificate hyperlink under the Certificate details table to request a new certificate. 
  8. Complete the form, tick the Terms and Conditions box and click Save changes
  9. Click the Submit button. 
  10. Once you have received a text message, your certificate is ready to download. Log into HPOS to download the certificate. The PIC is used during the installing of the certificate. 
  11. Import your NASH certificate into your software. (Check your software provider website for further instructions). 

Additional steps that may be required

Your software provider may advise that additional files must be downloaded and installed when you renew or request a new certificate. These may have already been installed by your software provider. If your software provider has advised you to install these additional files, please refer to their product instructions or guides.

The additional files are available on the Certificates Australia website.

  • For a NASH SHA-1 certificate, download and install SHA-1 Root CA Certificate and SHA-1 OCA Certificate
  • For a NASH SHA-2 certificate, download and install SHA-2 Root CA Certificate and SHA-2 OCA Certificate

For assistance with HPOS or requesting a NASH PKI certificate, please contact eBusiness Service Centre.

What is NASH?

Introduced in 2012, NASH is a Public Key Infrastructure (PKI) solution used to access digital health services such as:

  • Electronic prescribing
  • My Health Record
  • Secure messaging
  • HI Service

NASH is used by healthcare provider organisations and supporting organisations to:

  • authenticate and securely access digital health services
  • digitally sign documents and other transactions
  • encrypt health information for secure exchange
Diagram: National Authentication Service for Health