Tuesday, October 22, 2013

Does Anyone Else Find This Rather Confusing? NASH Strikes Again It Would Seem!

The following appeared a little while ago.

NASH PKI certificates

About NASH PKI certificates

Healthcare providers and participating supporting organisations need to have a National Authentication Service for Health (NASH) Public Key Infrastructure (PKI) certificate to access the Personally Controlled Electronic Health (eHealth) Record system.
For example, your organisation needs a NASH PKI certificate to securely access the eHealth record system to add information to your patient's eHealth record.
Depending on the NASH PKI certificate you’re issued with:
  • you can access the eHealth record system
  • you can identify other healthcare providers and supporting organisations who send health information to you
  • any information you send to other healthcare providers is secure and any unauthorised change can be detected, and
  • any information you send can be made confidential and can only be opened by the person or organisation it is addressed to
However NASH PKI certificates can't be used to access the Healthcare Identifiers (HI) Service or claim Medicare benefits.
NASH PKI certificates were previously called Department of Human Services eHealth Record Individual or Organisation PKI Certificates. If you currently use an eHealth record PKI certificate and you renew your certificate, you will receive a NASH PKI certificate, and it will be valid for 2 years.
Lots more is found here:
Two things stuck me here.
First NASH now seems to have been implemented as a simply as a name change - so it seems that commentary that NEHTA did not know what they were doing and should have just gone straight to Medicare Australia for help right from the start was close to the truth.
Secondly why are we now expecting people to have different PKI certificates for the IHI Service and Medicare Claiming and for the PCEHR? Why can’t a practice have an organisational certificate for billing and individual certificates for access to the PCEHR?
Here is the page that tells you all about the older system.
Surely there could have been a simpler way that might have made life a lot easier for practices. So much for the Government ambition to reduce red-tape!


Anonymous said...

its a nish nash

Anonymous said...

AFAIK the NASH Individual certificate is only needed to access the Provider Portal website. I have not heard of anyone doing this. It will be largely irrelevant as access to the PCEHR is built into the systems most providers use and this uses an organisational certificate.