Easy-to-follow guide to healthcare PKI for general practices
South Eastern Melbourne Primary Health Network (PHN) has developed an easy-to-follow guide for practice managers and principals to help them understand and install the public key infrastructure (PKI) certificates needed to access and use Medicare online services and the My Health Record.
SEM PHN eHealth manager Brendon Wickham said PKI can be confusing and there was a need to provide clear information and instructions for installation more available.
“Our aim was to bring it all into one place and make it easy to follow,” Mr Wickham said. “Previously, practices would have got help from Medicare Locals, but we thought we'd make it easy by putting it all together online.
“It was designed iteratively with practice managers. On the fifth iteration, we finally reached the point where a practice manager who had never done it before was able to install the individual PKI completely on her own.”
There are two types of PKI used in the Australian health system – one for Medicare and one for the National Authentication Service for Health (NASH), which is needed for the My Health Record (aka PCEHR) and secure messaging.
The Medicare PKI is required for accessing the Department of Human Services' Health Professionals Online Services (HPOS) system, the Healthcare Identifiers (HI) Service and for claims and payments.
However, there are also two levels of PKI – one organisational and one individual – and they are delivered to practices and practitioners by different means – by CD for organisations and by USB for individuals.
Mr Wickham said some of this will change shortly as DHS is bringing in a new system called Provider Digital Access (PRODA) that will mean PKI for HPOS purposes will not longer be required.
“Part of the reason doing this was to try to make PKI understandable, and we worked with general practices to tweak and refine the messages, but the department is working on this as well,” he said. “PRODA will mean that no PKI will be needed for HPOS, which will be a huge improvement.”
NASH PKI will still be required for My Health Record for the foreseeable future, however.
The guide takes users through the Chain of Trust certificates that have to be installed into the browser before getting started with PKI. Mr Wickham recommends that everyone use Firefox as PKI doesn't work well with the other web browsers.
The guide also includes links to the installation guidelines for each software vendor for the organisational level PKI. Each vendor uses a slightly different way of installing the organisation PKI for Medicare and for NASH.
Posted in Australian eHealth