What's new?

August 2013

The Department of Human Services Compliance Program for 2013-15 has been released.

Public Key Infrastructure

Our Medicare Public Key Infrastructure certificate expired on 12 March 2014. It’s used to encrypt the transmissions you send to us electronically from your software, and is used to digitally sign the responses we send back. The certificate is used for Medicare Online, PBS Online, Aged Care Online Claiming, ECLIPSE and the Healthcare Identifiers Service.

We’ve replaced our certificate with a new one and have started actively using the new certificate from the 9th of March 2014. If you haven’t sent us an electronic transmission from your software since the 17th of February 2014 or have recently sent a transmission that encountered an unexpected error message, refer to Medicare PKI certificate expiry.

Medicare Public Key Infrastructure certificates

Health professionals need a Medicare Public Key Infrastructure (PKI) certificate to access:

PKI certificates make sure information you submit through our online services is secure.

We issue PKI certificates to two user groups, individuals and organisations in the health sector.

How to apply for a Medicare PKI certificate

For most online business, you can apply for your Medicare PKI certificate when you register for our online services. See the links below for more information:

For all other Medicare PKI certificate requests, including revoking and re-issuing your PKI certificate, go to registration forms for PKI certificates.

New look for Medicare PKI individual certificates

 We have changed the look of Medicare PKI individual certificates. If you receive a certificate with the new look, make sure you install the software on the CD that is sent with the certificate. The software has changed and your certificate will only work if you install the software.

Previous look New look

Current look certificate

New look certificate

Previous  look certificates were issued with the ‘PKI USB Token Software Installer Release 1.3 Software’ CD (May 2012)

New look certificates are issued with the ‘PKI USB Token Software Installer Release 1.5 Software’ CD (February 2014)

PKI policies and terms and conditions

PKI certificate policies set out the rules for how we issue PKI certificates, and how they should be used. Read the policies and terms and conditions before you use your Medicare PKI certificate.

View the PKI Policy documents on our website.

National Authentication Service for Health (NASH) PKI certificates

Healthcare providers and participating supporting organisations must have a National Authentication Service for Health (NASH) Public Key Infrastructure (PKI) certificate to access the Personally Controlled Electronic Health (eHealth) Record system.

View the NASH PKI certificates on our website.

How to install a PKI individual certificate

Follow the steps below to install and configure your PKI individual certificate to access online services, like HPOS, through your web browser.

You need full administrator access on Windows computers to successfully install a PKI individual certificate. If you do not know if you have administrator access, contact your system administrator for installation support. If you, or your system administrator, need to install your PKI certificate the support information is below.

To start using your PKI individual certificate, you need a Personal Identification Code (PIC). The PIC is a password you need to setup your certificate. We have sent your PIC separately.

When you receive your PIC, follow the steps below.

Note: If your computer has Mac 10.4 or Mac 10.5 installed, contact the Medicare eBusiness Service Centre on 1800 700 199* for installation advice. If you are unsure what operating system your computer has, click on the Apple icon in the top left hand corner and select ‘About this Mac’ from the menu. The version number will be under ‘Mac OS X’.

Step 1: Install the software on the CD that was sent with your new certificate

The CD contains new software that is compatible with all active individual certificates Medicare has issued in the past.

You must install the new software on each computer you use for the certificate to work.

If you are using a Mac and have installed the Token Administration Utility previously, you need to uninstall the Token Administration Utility software before installing the new software.

Depending on your operating system there are different steps you need to follow to install the software.

Below are the instructions for Microsoft Windows XP and Windows 2000, Microsoft Windows Vista and Microsoft Windows 7, MacOS X 10.6 and Mac  OS X 10.7.

If you are a Windows user and don’t know what version of Windows you are using, click on ‘Start’, then click ‘Run’ or ‘Search files and programs’ and enter ‘winver’ and press ‘Enter’ on your keyboard. A box will display showing the Windows operating system you are currently using.

Microsoft Windows XP and Windows 2000

  1. Insert the PKI USB Token Software Installer CD in your computer
  2. Double click 'My Computer'
  3. Right click on your CD Drive (or appropriate optical drive) and select 'Explore'
  4. Open the folder 'Windows’ then double click the folder ‘Windows XP and Windows 2000
  5. Double click the file 'GemCCIDen-us_32.msi' to install the driver
  6. To begin the GemCCID install process, click ‘Next
  7. If you agree to the Gemalto End User License agreement click ‘I accept the terms in the license agreement’ and click ‘Next
  8. Click ‘Install’ to start the installation process
  9. Click ‘Finish’ when the PC CCID setup is completed
  10. Double click the file 'SafeSign-Identity-Client-3.0.76-std-general-admin.exe'
  11. The Safesign – InstallShield Wizard will start to run. Select the appropriate language from the drop down list and click ‘Next
  12. The Safesign – InstallShield Wizard will ask if you want to install SafeSign on your computer. Click ‘Next’ if you agree
  13. Review the license agreement, and if you agree with the terms, select ‘Yes’ and click ‘Next
  14. Accept all default settings and follow instructions as prompted
  15. Accept all default settings and follow instructions

Microsoft Windows Vista

  1. Insert the PKI USB Token Software Installer CD in your computer
  2. Double click 'My Computer'
  3. Right click on your CD Drive (or appropriate optical drive) and select ‘Open'
  4. Open the folder 'Windows’, then select the folder that represents your operating system, it will be ‘Windows Vista
  5. Double click the file 'SafeSign-Identity-Client-3.0.76-std-general-admin.exe'
  6. The Safesign – InstallShield Wizard will start to run. Select the appropriate language from the drop down list and click ‘Next
  7. The Safesign – InstallShield Wizard will ask if you want to install SafeSign on your computer. Click ‘Next’ if you agree
  8. Review the license agreement, and if you agree with the terms, select ‘Yes’ and click ‘Next
  9. Accept all default settings and follow instructions

Windows 7

You need to know whether you are using the 32 or 64 bit version of Windows 7.  If you already know, skip to step 4.

  1. Click the Start button on your desktop
  2. Right click the computer icon and select properties
  3. A new screen will appear called View basic information about your computer. On this screen there will be a section called system type. Under system type it will list 64 bit or nothing. If nothing is listed it means your system is 32 bit
  4. Insert the PKI USB Token Software Installer CD into your computer
  5. Double click My Computer
  6. Right click on your CD Drive (or appropriate optical drive) and select Open
  7. Open the folder Windows, then select the folder that represents your operating system, it will be Windows 7 – 32 bit or Windows 7 – 64 bit
  8. Double click the Safesign file in the folder
  9. The Safesign – InstallShield Wizard will start to run. Select the appropriate language from the drop down list and click Next
  10. The Safesign – InstallShield Wizard will ask if you want to install SafeSign on your computer. Click Next if you agree
  11. Review the license agreement, and if you agree with the terms, select Yes and click Next
  12. Accept all default settings and follow instructions

MacOS X 10.6 and MacOS X 10.7

  1. Insert the PKI USB Token Software Installer CD in your computer
  2. Open the Finder
  3. Select the CD Drive (or appropriate optical drive) and open the folder MAC OSX, then select the folder that represents your operating system, it will be Mac 10.6 or Mac 10.7
  4. Mac 10.6 users only: double click on the file libusb.pkg in the default downloads folder to install the USB library
  5. The Safesign – InstallShield Wizard will start to run. Select the appropriate language from the drop down list and click Next
  6. The Safesign – InstallShield Wizard will ask if you want to install SafeSign on your computer. Click Next if you agree
  7. Review the license agreement, and if you agree with the terms, select Yes and click Next
  8. Accept default settings and follow instructions
  9. Steps 10 to 12 are only for users who have an older version of SafeSign installed on their computer
  10. Uninstall the Token Administration Utility software before installing the new software Uninstall the software by installing SafeSign Uninstaller.app and reboot your computer
  11. Double click the file SafeSign_Identity_Client-Standard-3.0.72-general-i386-x86_64.pkg in the default downloads folder to install the smartcard driver
  12. Accept default settings and follow instructions

Step 2: Insert the SIM card into the USB token

1. Open using a screwdriver (if required)

the image shows how to open the usb with a screw driver ir nessary

2. Insert the SIM card under the tab

the image shows how to insert the sim card into the usb

the image shows how the sim card should look after inserting into the usb

3. Before closing, make sure you slide the front edge of the casing door into the main casing. Snap shut.

closing the usb with sim inside

Step 3: Plug the USB token into your computer

Your USB token should have a solid green light when it’s plugged in. If there isn’t a green light, try inserting it into a different USB port. You can also try double checking that Step 1 and Step 2 have been completed successfully. If the USB token still doesn’t have a solid green light, call the Medicare eBusiness Service Centre for support on 1800 700 199*.

Step 4: Install the Medicare chain of trust

For your PKI certificate to work, you need to install the chain of trust on your computer. The chain of trust validates your PKI certificate.

The chain of trust is made up of three certificates:

  1. Medicare Root CA
  2. Medicare Organisation CA
  3. Medicare Organisation CA2

Use the guides below to help you install the chain of trust.

Apple Mac

Windows

Step 5: Configure your web browser

Your web browser may need additional configuration so you can access online services with your PKI certificate. Use the guides below to configure your web browser.

Apple Mac

Firefox is the only web browser that can support PKI for Macs.

Windows

To configure your web browser, use the configuration guides below.

Note: You can change your PIC to something easier to remember through the Token Administration Utility at any time. Store your original PKI letter and PIC in a secure place. If you accidently lock your token you will need them to unlock it.

For support call the Medicare eBusiness Service Centre on 1800 700 199*.

Healthcare public directory

The healthcare public directoryExternal link lists individuals and organisations that have an active Medicare PKI certificate. You can also access the certificate revocation list from this directory.

Go to Certificates AustraliaExternal link for more information about the directory.

Standards and legislation

We have IT standards for electronic transmission, scanning and storage of:

  • referrals to specialists/consultant physicians, and
  • requests for pathology and diagnostic imaging services

These standards, which need to be read, are:

Our PKI Certificates are based on the Australian Gatekeeper (Public Key Infrastructure)External link framework and meet the International Organisation for Standardisation (ISO) Health Informatics—Public Key Infrastructure technical specification (ISO/TS 17090).

Certificate Manager

Certificate Manager (also known as PKI Certificate Manager) has been provided to all online claiming software developers as a solution for storing and managing certificates. Certificate Manager provides end-users with a tool that can easily replace or update certificates. 

Features of PKI Certificate Manager

  • Provides visibility of Certificate Store, including expiry date of certificates.
  • Allows easy replacement of expired certificates.
  • The supported operating systems are:
    1. Microsoft Windows Vista and Windows 7
    2. Microsoft Windows XP and Windows 2000
    3. MacOS X 10.6
    4. MacOS X 10.5 & MacOS X 10.4

Download the Certificate Manager.

Medicare PKI certificate expiry

What this means for you

Medicare Online, PBS Online, Aged Care Online Claiming and ECLIPSE

Our Medicare Public Key Infrastructure certificate expired on 12 March 2014. It’s used to encrypt the transmissions you send to us electronically from your software, and is used to digitally sign the responses we send back.

We’ve replaced our certificate with a new one and have started actively using the new certificate from the 9th of March 2014. If you have experienced an unexpected error message on one or more computers, you may not have automatically received our new certificate between 17 February and 12 March 2014, or may not have followed the manual update process. To help resolve errors you may be encountering, make sure you refer to Manually updating your system.

Healthcare Identifiers

  • If your software connects to the Healthcare Identifiers Service, the public certificate of our current Organisation Certificate Authority (OCA) will need to be loaded into your software.
  • You should already have our current OCA loaded if you also connect to the eHealth record system.
  • Further advice and assistance can be provided by your software vendor.

Manually updating your system

Before you start manually loading our certificate into your software, make sure you work through the following steps:

  1. Depending on the software you use, your software vendor may have a specific support process that you need to follow. Contact your software vendor first to see if they have a specific support process before continuing with the process below
  2. Identify which of your computers hosts your software. This might be your local computer or a central server computer. Contact your IT support area to help you identify the correct computer, or check to see if you have Certificate Manager installed on the computer you are using. You can find Certificate Manager in your Control Panel if you are using Microsoft Windows or the Applications folder if you are using a Mac
  3. Locate your certificate store password. This password was used to set up your certificate store when your software was first installed onto the computer. If you don’t know what the password is, contact your software vendor or IT support area. If you can’t find your store password after speaking with your software vendor and IT support area, call us on 1800 700 199
  4. Find out whether you have administrator access on the computer you are using. If you have administrator access you will be able to install the new version of our Certificate Manager. To continue to claim Medicare benefits and use patient verification, follow the steps under Administrator access. If you don’t have administrator access but already have an older version of Certificate Manager installed, go to No administrator access
  5. If you have your software open at the moment, make sure you close it before you start manually loading our certificate

Administrator access

We recommend that you speak with your software vendor if you are unsure of the location of your current certificate store or do not know your certificate store password.

  1. Download the new Certificate Manager from our website
  2. Install our new Certificate Manager
  3. Open the new Certificate Manager
  4. Select the Setup button on the right hand side
  5. Select Search for an existing store and select Next or Continue
  6. In the new window that appears, select the drive that you would like the Certificate Manager to search and select Next or Continue
  7. The search may take some time. Once complete, the search results will display. Select the location of your certificate store and select Next or Continue
  8. Select the Store button on the right
  9. Select Initialize Defaults
  10. Enter your store password and select Next or Continue
  11. Select Finish or Done to complete the process
  12. Close Certificate Manager

No administrator access

  1. Download the following files onto your computer:
    • Organisation Certificate Authority Public Certificate – DownloadExternal link
    • Medicare Public Signing Certificate – DownloadExternal link
    • Medicare Public Encryption Certificate – DownloadExternal link
  2. Open Certificate Manager
  3. Select the Other People tab
  4. Drag and drop the Medicare Public Signing Certificate and Medicare Public Encryption Certificate into this tab, or select Import and find these files
  5. Enter your store password when prompted and select Next or Continue
  6. Select the Root Certification Authorities tab
  7. Drag and drop the Organisation Certificate Authority Public Certificate into this tab, or select Import and find this file
  8. Enter your store password when prompted and select Next or Continue
  9. Close Certificate Manager

Confirming that your system has been updated

To confirm that you system has been updated; try transmitting to us from your software. If you bulk bill with us electronically, try and retrieve at least one bulk bill payment report.

If the transmission works, you do not need to perform any further checks.

If your transmission does not work, follow the steps below. These can be used to confirm that either an automatic or manual update process has been successful. You must have Certificate Manager installed to do this.

  1. Open Certificate Manager
  2. Select the Other People tab
  3. At the bottom of the list, you will see our new public encryption certificate is listed with the email ebus@hic.gov.auEmail and expiration date 7 February 2019 (encryption certificates are shown with a picture of a padlock next to them)
  4. If you have completed the Manually updating your system process, you will also see our new public signing certificate listed with the email ebus@hic.gov.auEmail and expiration date 7 February 2019 (signing certificates are shown with a picture of a pen next to them)
  5. Select the Root Certification Authorities tab
  6. The first or second item in the list is our current OCA public certificate, which has the expiration date 13 March 2022
  7. Close Certificate Manager

If your system has not been updated successfully, you can complete the Manually updating your system process, call your software vendor or IT support area, or call us on 1800 700 199.

For more information

Phone: eBusiness Service Centre on 1800 700 199*
Open 8.30 am to 5.00 pm Monday to Friday, Australian Eastern Standard Time
Email: ebusiness@humanservices.gov.auEmail

* Call charges apply from mobile and pay phones only.

Some documents on this page may require the free Adobe PDF reader.

Last updated: 17 March, 2014