Skip to main content

National Authentication Service for Health (NASH) - frequently asked questions

Who in my organisation can renew the NASH PKI certificate?

Any Organisation Maintenance Officer (OMO) for your organisation who is linked correctly in Health Professional Online Services (HPOS) can renew the NASH PKI certificate. This person is often a manager for the organisation or could also be the business owner or CEO.

How do I know if I need to renew my NASH PKI certificate and if it is SHA-1 or SHA-2?

Have your OMO or RO (with OMO abilities) view the certificate details tab in HPOS to find out when your organisations NASH certificate expires and if you have a NASH SHA-1 or SHA-2. See how to request or renew a NASH PKI certificate for more information.

Can I upgrade my current NASH SHA-1 certificate to NASH SHA-2?

Yes, you can revoke your current NASH SHA-1 certificate and upgrade to a NASH SHA-2 as long as you are using NASH SHA-2 compatible software. After 24 March 2024 all organisations must be using a NASH SHA-2 certificate to connect to digital health services. Find out how to revoke your NASH SHA-1 certificate and upgrade to SHA-2. Your NASH SHA-1 certificate will continue to function for 90 days (or until 24 March 2024) to give you time to install the new NASH SHA-2 certificate in all your systems.

How do I know if my software is SHA-2 ready? 

You can check if your software product and version number is ready by viewing the NASH SHA-2 Readiness Register (PDF, 356.52 KB). If your software product is not listed, ask your software provider when the product will be NASH SHA-2 ready.

How do I know if I have a NASH SHA-1 or SHA-2 certificate?

Have your OMO or RO (with OMO abilities) view the certificate details tab in HPOS to find out if your organisation currently has a NASH SHA-1 or SHA-2 certificate. Go to SHA-1 to SHA-2 transition for more information.

I am a practice manager/pharmacy manager but have not been linked to my organisation as an OMO. What do I do?

If an organisation needs to manage and update OMO details before completing NASH Certificate renewal steps, follow the steps to create or update OMO details.

What happens if my NASH PKI certificate expires?

If your NASH certificate expires, it means that your healthcare organisation may not be able to access important digital health tools such as electronic prescribing and My Health Record. To maintain access, your organisation needs to ensure that your NASH certificate is renewed and installed before it expires.

How do I renew my NASH PKI certificate?

Follow step-by-step instructions for renewing your NASH certificate, or view the NASH renewal guide animation with detailed instructions to step you through the renewal process.

How long does it take to complete the renewal process?

Steps 1 to 11 of the renewal process could take up to 10 minutes to complete. The final step to install your certificate may take longer as you may require support from your software provider or your IT support service if you have one. We suggest that you begin the renewal process as soon as possible and seek assistance to install the NASH certificate if required.

Within the certificates tab, I do not have the option to renew my certificate, what does this mean? 

This suggests that your NASH certificate has already been renewed or has expired. If you have renewed, you can confirm your new certificate expiry details within the certificates tab in HPOS. If you have renewed to a SHA-1 NASH PKI certificate, then you must update your organisation’s certificate to SHA-2 as soon as your software is ready. Click here for a guide on how to revoke your NASH SHA-1 certificate and upgrade to SHA-2.

What do I need to do if my software version is not compatible with NASH PKI SHA-2, will I be able to download a NASH SHA-1 certificate?

NASH SHA-1 certificates are no longer available. Please contact your software provider to find out when you can upgrade to a NASH SHA-2 ready version of that product. Alternatively please see the NASH SHA-2 Readiness Register (PDF, 356.52 KB) for a list of NASH SHA-2 ready products.

If I download a SHA-1 certificate, when will it expire?

SHA-1 certificates technically expire two years from the date of download. However all sites must be using NASH SHA-2 certificates by 24 March 2024 to maintain connection to digital health services. Sites with a SHA-1 certificate and SHA-2 ready software must transition to a SHA-2 certificate through HPOS. Click here for how to revoke your NASH SHA-1 and upgrade to SHA-2.

My organisation uses a software product from a Contracted Service Provider (CSP), do I still need to renew my NASH PKI certificate?

Organisations using a software product (such as MMex, Genie, Gentu or Clinic to Cloud) that provides connection to digital health services as a CSP, may not need to request or renew a NASH PKI certificate. Contact your software provider to confirm whether you require a NASH PKI certificate to access other digital health services.

What about the transition to web services for Medicare and PBS claiming?

This is a separate process to NASH PKI renewal and your organisation may likely need to follow the guidelines for Medicare PKI certificate transition. Services Australia is renewing all Medicare and PBS PKI Site certificates. Click here for more information on the transition to web services.

Medicare and PBS PKI Certificates:

Should my software be configured to use a NASH certificate or a Medicare PKI certificate for accessing the HI Service?

To prevent future interruption to Healthcare Identifier retrieval, My Health Record and ePrescribing, your software must be configured to use your NASH certificate for the Healthcare Identifiers Service (HI Service) and not your Medicare certificate. Please contact your software vendor for further support.

Who do I contact if I need more assistance in my NASH PKI certificate renewal? 

For all enquiries relating to installing your NASH certificate, please contact your software provider. For all other enquiries, please contact the eBusiness Team at Services Australia:

NASH PKI certificates
Phone: 1800 700 199 (option 2)
Monday to Friday, 8am to 5pm AWST
Email: [email protected] 

For assistance navigating HPOS:
Phone: 132 150 (option 6)
Monday to Friday, 8am to 5pm AWST