Software vendors and developers

Information and resources about NASH PKI certificates to help software developers or vendors that work in healthcare provider organisations.

National Authentication Service for Health (NASH) Public Key Infrastructure (PKI) certificates let healthcare providers and supporting organisations securely communicate and exchange health information electronically.

These certificates:

  • are used to access the My Health Record system and HI Service
  • provide confidence in the integrity of information transmitted
  • provide the secure exchange of health information with other healthcare providers.

NASH SHA-1 to SHA-2 Transition

We’re upgrading our authentication systems to strengthen security when you access digital health services. This means we won’t issue NASH SHA-1 PKI Certificates from 14 March 2022.

You should offer your customers a NASH SHA-2 ready product to authenticate to the following digital health services:

  • My Health Record system
  • Healthcare Identifiers (HI) Service
  • electronic prescribing
  • secure messaging.

You need to:

  • upgrade your Clinical Information Software to ensure it’s NASH SHA-2 ready
  • transition to using NASH PKI certificates to authenticate to HI Services.

NASH PKI test kit

You can use a NASH PKI test kit to authenticate in the test environment for:

  • the My Health Record system
  • the HI Service
  • electronic prescriptions
  • sending and receiving secure messages.

NASH PKI test kits can't be used in the:

  • My Health Record production environment
  • Healthcare Identifiers (HI) Service production environment
  • any other online program.

When you apply for a test kit, you agree to the terms and conditions of licence.

When using the test kit, you're bound by these terms and conditions.

You can apply for a NASH PKI test kit by sending an email to with the reason why you need the test kit.

We’ll direct you to register in the Health Systems Developer Portal if required.

Certificates in the NASH PKI test kit

When you get the NASH PKI test kit, check it has the following certificates:

  • an active test NASH PKI certificate for Healthcare Provider Organisations for 2 test organisations
  • a revoked test NASH PKI certificate for Healthcare Provider Organisations for a test organisation, if requested
  • an active test NASH PKI certificate for Supporting Organisations for a test organisation, if requested.

Test organisation names will vary in different test kits. Any healthcare identifiers embedded in the certificates are test healthcare identifiers only.

Test certificates are valid for 2 years.

Using the active test certificates

Use both active test NASH PKI certificates for Healthcare Provider Organisations to:

  • check secure messaging is operating correctly
  • check the NASH Test Directory can be accessed.

Use the active test NASH PKI certificate for Supporting Organisations to:

  • check secure messaging is working between intermediary organisations
  • check the NASH Test Directory can be accessed with a supporting organisation NASH PKI certificate.

Using the revoked test certificates

Use the revoked test NASH PKI certificates for Healthcare Provider Organisation to:

  • check secure messaging can't occur when 1 of the organisations has a revoked certificate. Use 1 of the test NASH PKI certificate for Healthcare Provider Organisations to test this
  • confirm an organisation can't access the NASH Test Directory when they use a revoked certificate.

Installing test certificates

If you need technical support to install the certificates call us.

NASH, Medicare claims and payments PKI certificate compatibility matrix

NASH, My Health Record, secure messaging and HI Service PKI certificates - usage summary.

Certificate type My Health Record system NASH HI Service Secure messaging
  B2B Provider Portal NASH Directory HPOS B2B B2B
Medicare PKI Site Certificate
No No No No Yes No
Medicare PKI Site Certificate (For PBS Community)
No No No No Yes No
NASH PKI Certificate for Healthcare Provider Organisations
Yes No Yes No Yes Yes
NASH PKI Certificate for Supporting Organisations
Yes No Yes No Yes No
Individual PRODA No Yes No Yes No No

NASH operational requirements

Personal identification code (PIC)

A personal identification code (PIC) is the secure code you need to access your certificate. The certificate will be locked if the PIC has been entered incorrectly 3 times.

The NASH PKI test kit includes a PIC for each certificate to install the test certificate. If you lose your PIC, call us.

Expiring certificates

Test NASH PKI certificates have a lifespan of 2 years from the issue date. To continue using test certificates, you need to request new test certificates before this time. You should contact us to start the replacement process at least a month before your NASH PKI test certificates expire.

You can replace your test certificates by emailing us.

Revoking certificates

Certificates can be revoked if they're:

  • lost
  • compromised
  • no longer required.

If you still need them, lost certificates can be revoked and then replaced.

Support for revoked certificates is available by calling us.

NASH Directory

The NASH Directory is a secure directory of active NASH PKI certificates for Healthcare Provider Organisations and supporting organisations. You can use key words to search the NASH directory to find an entity's PKI certificate.

You can access the NASH Directory and NASH Test Directory through the Certificates Australia website.

Legislative, privacy and policy requirements

Healthcare organisations’ healthcare identifiers are embedded in the NASH PKI certificate.

The Healthcare Identifiers Act 2010 regulates the use and disclosure of healthcare identifiers.

It's important your organisation makes sure certificates are always used for the purpose of providing healthcare.

Read more about specific certificate policies.

NASH PKI support and contact information

Developing your product

We can provide support to help you develop your product.

The Developer Support team is the first point of contact and escalation for software vendors.

You can call or email us.

More information

Read more about:


Email us your feedback.

Related services

Read about the:

Page last updated: 26 May 2022.
QC 34016