National Authentication service for health (NASH) - June 2008
In this electronic age, where significant amounts of sensitive and personal information are being sent electronically, there is a need to guarantee the authenticity and validity of the information being exchanged.
When the information being transferred is your personal medical information, there is an even greater imperative to ensure that information is collected and securely electronically exchanged only by those authorised to do so.
The National Authentication Service for Health (NASH) project being delivered through NEHTA will deliver the first nationwide secure and authenticated service for healthcare organisations and personnel to exchange e-health information.
Together with clinical terminology, messaging standards and unique healthcare identifiers, the NASH will provide one of the fundamental building blocks for a national e-health system, as well as providing security credentials for use at the organisational and local level.
NASH & the Authentication Vision
- A healthcare community and professional smartcard system that supports and facilitates the use of e-health information, for example unique healthcare identifiers and the individual electronic health record (IEHR), within the whole Australian community.
- Coordination of smartcards and reader supply arrangements for health professionals and employees.
- Provision of support for the smartcard implementation and operation to jurisdictions, software vendors and end users.
- Design and delivery of support arrangements that meet the needs of jurisdictions and software vendors.
- Provision of a trusted authentication service that addresses the data protection and privacy requirements of stakeholders and regulators.
What will the future look like with NASH?
Once the NASH is operational, healthcare workers will insert their smartcard into a slot in their desk top computer and enter a PIN. Once accepted this should be sufficient to meet the majority of their daily authentication requirements.
Mobile workers such as nurses will use their smartcard as they move from one workstation to the next, with not only immediate and convenient access to information systems but also session portability. Their NASH smartcard will enable them to seamlessly send and receive secure health messages and attached digital signatures.
It will be possible to add new credentials during the life of the smartcard at any time in response to initial and new/changed authentication requirements. Such credentials will be added to the card by authorised local staff, or by using an automated online service.
More than just a PKI and smartcard!
- The technology, infrastructure, frameworks, processes and support services to enable health organisations to issue credentials within their own community of interest.
- Information and support about the use, integration and support of NASH credentials for software vendors and jurisdictions.
- Provision of robust setup and on-boarding processes for credential issuing points that protect the integrity of the overall scheme.
- Provision of a governance mechanism that will enable jurisdictional participation in the operational policies and services.
- Provision of support to software vendors and jurisdictions in transitioning existing systems to use the NASH.
- 2008 – NASH specification, design and build test and development environments, develop software interface specifications.
- 2009 - Deployment commences through early adopter organisations and through software vendor adoption.
A NATIONAL APPROACH TO SHARING HEALTH INFORMATION - August 2006
Establishing national foundations
NEHTA’s SEHR Contribution
- Recommending SEHR standards for adoption in the Australian health sector. NEHTA has retained an independent e-health consultant to review the standards being developed around the world. From this NEHTA will define the structure and content of SEHRs; assess their use and potential impact on future Australian developments; and recommend the most appropriate SEHR specifications for adoption.
- Defining requirements for a national approach to SEHRs. NEHTA is developing, for consultation, operating concepts for a national approach to SEHRs. Based on these operating concepts, the requirements for a national approach to SEHRs will be defined and a privacy impact assessment process will be undertaken.
Relationship to other NEHTA Initiatives
- Establishing standard clinical terms for diagnoses, medicines, treatments and therapies so that one e-health system can understand the information produced by another system;
- Setting standards for the types of priority clinical information – for example, discharge summaries, referrals, etc. - to be communicated by e-health systems;
- Identifying a secure means of electronically transferring clinical information - such as prescriptions for example - between authorised healthcare professionals in a way that maintain privacy;
- Establishing an overall framework for how the various e-health systems interoperate;
- Developing unique identifiers for individuals and healthcare providers to ensure that the information is attributed to the right patient and the right provider;
- Developing a framework for involving local and international standards organisations, to support implementation; and
- Pursuing opportunities for supply chain reform across the health sector – supporting the purchasing of medications and medical devices in particular.