On the 16th Aug 2023 you may have received an email from Services Australia with the subject:

Action required regarding Medicare SHA-1 PKI certificates for subscribers

If you do not use My Health Record, e-Scripts, HI Numbers then you can safely ignore this email.

This is because Medicare Online is nowadays claimed via Web Services / PRODA; it does not use PKI Certificates anymore (since 2022).

Practices that use My Health Record, e-Scripts, HI Numbers have likely already migrated to the newer SHA-2 (aka SHA-256) certificates.

If you already have SHA-2 certificates you can also ignore this email.

You can verify this yourself via your PRODA, to see if you still have SHA-1 certificates and/or if you do not have replacement SHA-2 ones.

(Note: Medilink cannot do this for you, and/or if you use different clinical software the below may not apply).


What NASH certificate type do I have?

To manage a NASH PKI certificate, an Organisation Maintenance Officer (OMO) needs to log in to their individual PRODA account, then: 

1. Select Go to service on the HPOS tile. You may need to complete the linking process to proceed. Proceed as individual only

2. Select My programs. 

3. Select Healthcare Identifiers and My Health Record tile.

4. Select Healthcare Identifiers - Manage existing records. 

5. Select My organisation details. Note: If connected to multiple organisations you will first need to select the required organisation record.

6. Select the Certificates tab. On this page you will be able to see what certificates have been requested for your organisation, including the Certificate Type and Expiry Date. 

If you have SHA-2 certificates you can ignore this email.

If there are SHA-1 certificates but no SHA-2, then the SHA-1 should be revoked and replacement SHA-2 ones issued (if you do not have one). Please follow the full process as outlined on their website and notify us.