National Authentication Service for Health (NASH)

Training and resources

NASH policy documents

Before you apply for a NASH PKI certificate:

You must read the common policies including the terms and conditions on the Services Australia Website.
The NASH PKI Certificate for Healthcare Organisations Terms and Conditions require the healthcare organisation to have a set of policies and procedures in place governing use of the NASH PKI Certificate.
Download Sample NASH PKI certificate policy (DOCX, 20.78 KB)

Additional resources

FAQs: Check out our frequently asked questions on NASH PKI certificate renewal
Request and renewal guides: Download the Request or renew your NASH PKI certificate (PDF, 1.8 MB) guide or view this animation with detailed instructions to step you through the renewal process.
Revoke your NASH SHA-1 and upgrade to SHA-2: If your organisation is still using a NASH SHA-1 certificate and is ready to upgrade to SHA-2, check out our guide on how to revoke your NASH SHA-1 and upgrade to SHA-2. (PDF, 1.76 MB)
Organisation details: Has your organisation changed ownership or responsible officer (visit Roles and responsibilities | My Health Record)? You can now update your organisation’s ownership details or responsible officer in HPOS. Your organisation will not lose access to My Health Record when applying (visit Register your organisation | My Health Record)

NASH SHA-1 to SHA-2 transition update

Support for NASH SHA-1 PKI certificates will be turned off during 2023.
If you have not yet transitioned to NASH SHA-2, please contact your software vendor.

SHA-1 to SHA-2 transition

NASH SHA-2 certificates are available in Healthcare Provider Online Services (HPOS) to request and download. All healthcare provider organisations should have transitioned to NASH SHA-2 before 31 December 2022 to meet Australian Government cyber security requirements. If you have not completed this transition and wish to connect to digital health services, then please contact your software vendor immediately.

What NASH certificate type do I have?

To manage a NASH PKI certificate, an Organisation Maintenance Officer (OMO) needs to log in to their individual PRODA account, then:

Select Go to service on the HPOS tile.You may need to complete the linking process to proceed.Proceed as individual only
Select My programs.
Select Healthcare Identifiers and My Health Record tile.
Select Healthcare Identifiers - Manage existing records.
Select My organisation details.Note: If connected to multiple organisations you will first need to select the required organisation record.
Select the Certificates tab. On this page you will be able to see what certificates have been requested for your organisation, including the Certificate Type and Expiry Date.

If you have a NASH SHA-1 certificate and your software product is compatible with NASH SHA-2, follow the guide to revoke your NASH SHA-1 and upgrade to a SHA-2.

How to revoke your NASH SHA-1 and upgrade to SHA-2

Follow these steps if your organisation has a software product compatible with NASH SHA-2 and you are ready to upgrade from your SHA-1 certificate.

To revoke your NASH SHA-1 certificate and upgrade to SHA-2, an Organisational Maintenance Officer (OMO) needs to log in to their individual PRODA account.

Select Go to service on the HPOS tile.
You may need to complete the linking process to proceed.
Proceed as individual only
Select My programs.
Select Healthcare Identifiers and My Health Record.
Select Healthcare Identifiers - Manage existing records.
Select My organisation details.
Note: If connected to multiple organisations you will first need to select the required organisation record.
Select the Certificates tab.
Under the Action columns click the Revoke hyperlink next to the NASH SHA-1 certificate you wish to revoke.
You should get a warning notification. To continue read the notification and click OK.
Complete the form and select your reason for revocation as ‘transitioning to a NASH SHA-2 Certificate’.
Tick the Terms and Conditions box and click Save changes.
Click the Submit button.

Once Service Australia have processed the revocation request, the OMO will be advised that they can now request a NASH SHA-2 certificate, follow the guide to request or renew your NASH PKI certificate.

What is NASH?

Introduced in 2012, NASH is a Public Key Infrastructure (PKI) solution used to access digital health services such as:

Electronic prescribing
My Health Record
Secure messaging
Healthcare Identifiers (HI) Service

NASH is used by healthcare provider organisations and supporting organisations to:

authenticate and securely access digital health services
digitally sign documents and other transactions
encrypt health information for secure exchange

Diagram: National Authentication Service for Health

NASH SHA-2 Readiness Register

The Agency has developed a register so that healthcare organisations can check whether their existing software product and version are SHA-2 ready. Before logging into HPOS to request a new NASH certificate, check the register below to see if your software product is SHA-2 ready.

Download: NASH SHA-2 Readiness Register (PDF, 343.69 KB)

Last updated: 9 March 2023

How to request or renew a NASH PKI certificate

To request or renew a NASH PKI certificate, an Organisation Maintenance Officer (OMO) needs to log on to their individual PRODA account, then:

Select Go to service on the HPOS tile.
You may need to complete the linking process to proceed.
Proceed as individual only
Select My programs.
Select Healthcare Identifiers and My Health Record tile.
Select Healthcare Identifiers - Manage existing records.
Select My organisation details.
Note: If connected to multiple organisations you will first need to select the required organisation record.
Select the Certificates tab.
If your certificate has not expired click Renew, otherwise select Request a NASH PKI certificate from the task list.
Select your software product version from the first drop down list. This list contains software product versions that are SHA-2 ready. If you cannot locate your software from the drop-down list, please select the most appropriate reason from the second drop down list:
- I don’t know my product: if you are unsure of what software product or version is used in your organisation.
- My product is not on the list: if your product version is not listed as SHA-2 ready.
- I have multiple products: if your organisation has multiple products that require a NASH certificate, select this option to proceed.
- I wish to select my SHA level explicitly: only when you have been advised by your software developer or you are certain which SHA level you need.
Enter a mobile number. When the certificate is ready to download you will receive a text message to the mobile number provided.
Tick the check box to confirm you have read and understood the terms and conditions.
Save changes and submit.
Once you have received a text message, your certificate is ready to download. Log into HPOS to download the certificate. The PIC is used during the installing of the certificate.
Import your NASH certificate into your software. (Check software provider website for further instructions)

Additional steps that may be required

Your software provider may advise that additional files must be downloaded and installed when you renew or request a new certificate. These may have already been installed by your software provider. If your software provider has advised you to install these additional files, please refer to their product instructions or guides.

The additional files are available on the Certificates Australia website.

For a NASH SHA-1 certificate, download and install SHA-1 Root CA Certificate and SHA-1 OCA Certificate
For a NASH SHA-2 certificate, download and install SHA-2 Root CA Certificate and SHA-2 OCA Certificate

For assistance with HPOS or requesting a NASH PKI certificate, please contact eBusiness Service Centre.

Check out our frequently asked questions on NASH PKI certificate renewal

Did you find this page helpful?

Yes No