Medicare SHA-1 PKI certificates are used for online claiming purposes only. As claiming has transitioned to web services using PRODA, these certificates are no longer required. These certificates are set to expire on 25th June 2024.
eRX Script Exchange also now accepts NASH SHA-2 PKI Certificates.
Services Australia has transitioned away from Medicare SHA-1 PKI certificates due to security concerns. SHA-1 encryption is now considered insecure and poses potential risks of cyber threats and fraudulent activities.
Services Australia has recently communicated with practices who are still in possession of current Medicare SHA-1 PKI certificates. Services Australia has requested these practices participate in a survey to determine how these certificates are being used, so they can understand any potential business impacts when the certificate expires or if they revoke it early.
How do we know if we are using a Medicare SHA-1 PKI Certificate?
To determine whether your practice is using a Medicare SHA-1 PKI certificate, perform the steps below on the Bp Premier Server:
Note: This only applies to active, non-expired Medicare SHA-1 PKI certificates. If your certificate has expired, you are not required to take any action.
- Click the Windows logo in the bottom left of the toolbar, or click the Windows logo button on the keyboard.
- Click the Search icon (magnifying glass) in the top right to slide in the Search bar.
- Type internet options into the Search bar and select Internet Options from the list. The Internet Properties screen will appear.
4. In the Internet Properties screen, select the Content tab. Click Certificates. The Certificates screen will appear.
5. The Medicare SHA-1 PKI site certificate has the name of the practice in the Issued To column (the first column).
a) If you do not have a certificate with the Practice Name in the Issued to Column, your practice is not utilising a Medicare SHA-1 PKI site certificate and no action is required.
b) If you have a Medicare SHA-1 PKI site certificate and the certificate is expired, your practice is not utilising the certificate and no action is required.
c) If you have a Medicare SHA-1 PKI site certificate and the certificate has not expired, your practice may still be using the certificate. Complete the Services Australia survey and contact Best Practice Software Support on 1300 401 111 for assistance.
How do we know if we are using a NASH SHA-1 PKI Certificate?
- Click the Windows logo in the bottom left of the toolbar or click the Windows logo button on the keyboard.
- Click the Search icon (magnifying glass) in the top right to slide in the Search bar.
- Type internet options into the Search bar and select Internet Options from the list. The Internet Properties screen will appear.
4. In the Internet Properties screen, select the Content tab. Click Certificates. The Certificates screen will appear.
5. The NASH certificate is named ‘general’ followed by your practice’s HPI-O number. In 2023, support for NASH SHA-1 PKI certificates will also be discontinued. You can determine if your practice is using a NASH SHA-1 PKI certificate by double-clicking on the Nash certificate and selecting the Details tab.
a. The Signature Hash Algorithm field should contain sha256; this shows that your practice uses a SHA-2 Nash Certificate, and no action is necessary.
b. If the Signature Hash Algorithm field displays SHA1, this indicates that your practice utilises a SHA-1 Nash Certificate and that you need to transition to a SHA-2 Nash Certificate. Please refer to the Australian Digital Health Agencies’ guide on revoking your NASH SHA-1 and upgrading to a SHA-2.
What do we need to do?
If you are no longer using your Medicare SHA-1 PKI certificate, there’s no need for any action on your part. Services Australia will automatically revoke your certificate from 31st of October 2023.
For those using their Medicare SHA-1 PKI certificate with the eRX Script Exchange, the option to acquire a NASH PKI is available through HPOS in the Healthcare Identifiers Service. See the Australian Digital Health Agency’s instructions for requesting or renewing a NASH PKI certificate.
If your Medicare SHA-1 PKI certificate is used for other purposes, Services Australia requires that you participate in their PKI certificate survey by August 31, 2023. Important information is supplied at the beginning of the survey to ensure that you are well-informed if action is required.
Explore our range of news and training resources:
Bp Learning Video Library | Bp Learning Training Options | Bp Newsroom Blog
Subscribe to Our Newsletters | Bp Learning Webinars