What's new?

July 2014

Improvements will be made to the way some PBS medicines are processed under the Highly Specialised Drugs Programme from 1 July 2015.

Public Key Infrastructure

Our Medicare Public Key Infrastructure certificate expires on 18 December 2014. This certificate is used to encrypt the transmissions you send to us electronically from your software, and is used to digitally sign the responses we send back. The certificate is used for Medicare Online, PBS Online, Aged Care Online Claiming, ECLIPSE Healthcare Identifiers Service and claiming through the EDI Gateway.

We've replaced our certificate and started actively using the new certificate from 13 September 2014. If you don’t send us an electronic transmission from your software before 18 December 2014 or have recently sent a transmission that encountered an unexpected error message, refer to Medicare PKI certificate expiry.

Note for EDI Gateway users: unlike the Online Claiming channels, EDI Gateway users cannot import or use the new Medicare PKI certificate dated 7 February 2014 until advised to do so. We will issue updates, including a guide, alerting users to the upcoming change. We have tentatively scheduled 17 November 2014 as the Medicare PKI certificate changeover date for users of the EDI Gateway.

Medicare Public Key Infrastructure certificates

Health professionals need a Medicare Public Key Infrastructure (PKI) certificate to access:

PKI certificates make sure information you submit through our online services is secure.

We issue PKI certificates to individuals and organisations in the health sector.

How to apply for a Medicare PKI certificate

For most online business, you can apply for your Medicare PKI certificate when you register for our online services. See the links below for more information:

For all other Medicare PKI certificate requests, including revoking and re-issuing your PKI certificate, go to registration forms for PKI certificates.

New look for Medicare PKI individual certificates

 We have changed the look of Medicare PKI individual certificates. If you receive a certificate with the new look, make sure you install the software on the CD that is sent with the certificate. The software has changed and your certificate will only work if you install the software.

Previous look New look

Current look certificate

New look certificate

Previous  look certificates were issued with the ‘PKI USB Token Software Installer Release 1.3 Software’ CD (May 2012)

New look certificates are issued with the ‘PKI USB Token Software Installer Release 1.5 Software’ CD (February 2014)

PKI policies and terms and conditions

PKI certificate policies set out the rules for how we issue PKI certificates, and how they should be used. Read the policies and terms and conditions before you use your Medicare PKI certificate.

View the PKI Policy documents on our website.

National Authentication Service for Health (NASH) PKI certificates

Healthcare providers and participating supporting organisations must have a National Authentication Service for Health (NASH) Public Key Infrastructure (PKI) certificate to access the Personally Controlled Electronic Health (eHealth) Record system.

View the NASH PKI certificates on our website.

How to install a PKI individual certificate

Follow the steps below to install and configure your PKI individual certificate to access online services, like HPOS, through your web browser.

You need full administrator access on Windows computers to successfully install a PKI individual certificate. If you do not know if you have administrator access, contact your system administrator for installation support. If you, or your system administrator, need to install your PKI certificate the support information is below.

To start using your PKI individual certificate, you need a Personal Identification Code (PIC). The PIC is a password you need to setup your certificate. We have sent your PIC separately.

When you receive your PIC, follow the steps below.

If your computer has Mac 10.4 or Mac 10.5 installed, contact the Medicare eBusiness Service Centre on 1800 700 199* for installation advice. If you are unsure what operating system your computer has, click on the Apple icon in the top left hand corner and select ‘About this Mac’ from the menu. The version number will be under ‘Mac OS X’.

Step 1: Install the software on the CD that was sent with your new certificate

The CD contains new software that is compatible with all active individual certificates we have issued in the past.

You must install the new software on each computer you use for the certificate to work.

If you are using a Mac and have installed the Token Administration Utility previously, you need to uninstall the Token Administration Utility software before installing the new software.

Depending on your operating system there are different steps you need to follow to install the software.

Below are the instructions for Microsoft Windows XP and Windows 2000, Microsoft Windows Vista and Microsoft Windows 7 or Microsoft Windows 8, MacOS X 10.6 and Mac  OS X 10.7.

If you are a Windows user and don’t know what version of Windows you are using, click on ‘Start’, then click ‘Run’ or ‘Search files and programs’ and enter ‘winver’ and press ‘Enter’ on your keyboard. A box will display showing the Windows operating system you are currently using.

Microsoft Windows XP and Windows 2000

  1. Insert the PKI USB Token Software Installer CD in your computer
  2. Double click 'My Computer'
  3. Right click on your CD Drive (or appropriate optical drive) and select 'Explore'
  4. Open the folder 'Windows’ then double click the folder ‘Windows XP and Windows 2000’
  5. Double click the file 'GemCCIDen-us_32.msi' to install the driver
  6. To begin the GemCCID install process, click ‘Next’
  7. If you agree to the Gemalto End User License agreement click ‘I accept the terms in the license agreement’ and click ‘Next’
  8. Click ‘Install’ to start the installation process
  9. Click ‘Finish’ when the PC CCID setup is completed
  10. Double click the file 'SafeSign-Identity-Client-3.0.76-std-general-admin.exe'
  11. The Safesign – InstallShield Wizard will start to run. Select the appropriate language from the drop down list and click ‘Next’
  12. The Safesign – InstallShield Wizard will ask if you want to install SafeSign on your computer. Click ‘Next’ if you agree
  13. Review the license agreement, and if you agree with the terms, select ‘Yes’ and click ‘Next’
  14. Accept all default settings and follow instructions as prompted
  15. Accept all default settings and follow instructions

Microsoft Windows Vista

  1. Insert the PKI USB Token Software Installer CD in your computer
  2. Double click 'My Computer'
  3. Right click on your CD Drive (or appropriate optical drive) and select ‘Open'
  4. Open the folder 'Windows’, then select the folder that represents your operating system, it will be ‘Windows Vista’
  5. Double click the file 'SafeSign-Identity-Client-3.0.76-std-general-admin.exe'
  6. The Safesign – InstallShield Wizard will start to run. Select the appropriate language from the drop down list and click ‘Next’
  7. The Safesign – InstallShield Wizard will ask if you want to install SafeSign on your computer. Click ‘Next’ if you agree
  8. Review the license agreement, and if you agree with the terms, select ‘Yes’ and click ‘Next’
  9. Accept all default settings and follow instructions

Windows 7

You need to know whether you are using the 32 or 64 bit version of Windows 7.  If you already know, skip to step 4.

  1. Click the 'Start' button on your desktop
  2. Right click the 'computer' icon and select 'properties'
  3. A new screen will appear called View basic information about your computer. On this screen there will be a section called system type. Under system type it will list 64 bit or nothing. If nothing is listed it means your system is 32 bit
  4. Insert the PKI USB Token Software Installer CD into your computer
  5. Double click 'My Computer'
  6. Right click on your CD Drive (or appropriate optical drive) and select 'Open'
  7. Open the folder Windows, then select the folder that represents your operating system, it will be Windows 7 – 32 bit or Windows 7 – 64 bit
  8. Double click the Safesign file in the folder
  9. The Safesign – InstallShield Wizard will start to run. Select the appropriate language from the drop down list and click 'Next'
  10. The Safesign – InstallShield Wizard will ask if you want to install SafeSign on your computer. Click 'Next' if you agree
  11. Review the license agreement, and if you agree with the terms, select 'Yes' and click 'Next'
  12. Accept all default settings and follow instructions

If you have FireFox installed on Windows 7 and your progress bar stops at about 90%, check for a window in the background or an extra program on the task bar. The window is called FireFox Installer. If you want to use FireFox browser then click the ‘Install’ button and the ‘OK’ button for a successful install. Then select the ‘Close’ button. If you do not want to use FireFox click the ‘Close’ button on the bottom right corner. Once you close the FireFox Installer window the installation wizard will complete.

Windows 8.1

You need to know whether you are using the 32 or 64 bit version of Windows 8.  If you already know, skip to step 5

  1. Click the ‘Start’ button on the bottom left hand corner to switch to your desktop view. (If you do not have a start button just go to your desktop view from your Start screen)
  2. Click the ‘folder’ icon on the left hand corner and select ‘Computer’ on the Menu bar
  3. Click on ‘System Properties’
  4. A new screen will appear called View basic information about your computer. On this screen there will be a section called System. Under system type it will list 64 bit or nothing. If nothing is listed it means your system is 32 bit
  5. Insert the PKI USB Token Software Installer CD into your computer
  6. Right click on your CD Drive (or appropriate optical drive) (explorer) and select ‘Open in new window’
  7. Open the folder ‘Windows’, then select the folder that represents your operating system, it will be Windows 7 – 32 bit or Windows 7 – 64 bit
  8. Double click the Safesign file in the folder
  9. The Safesign – InstallShield Wizard will start to run. Select the appropriate language from the drop down list and click ‘Next’
  10. The Safesign – InstallShield Wizard will ask if you want to install SafeSign on your computer. Click ‘Next’ if you agree
  11. Review the license agreement, and if you agree with the terms, select ‘Yes’ and click ‘Next’
  12. Accept all default settings and follow instructions

If you have FireFox installed on Windows 8 and your progress bar stops at about 90%, check for a window in the background or an extra program on the task bar. The window is called FireFox Installer. If you want to use FireFox browser then click the ‘Install’ button and the ‘OK’ button for a successful install. Then select the ‘Close’ button. If you do not want to use FireFox click the ‘Close’ button on the bottom right corner. Once you close the FireFox Installer window the installation wizard will complete.

MacOS X 10.6 and MacOS X 10.7

  1. Insert the PKI USB Token Software Installer CD in your computer
  2. Open the 'Finder'
  3. Select the CD Drive (or appropriate optical drive) and open the folder MAC OSX, then select the folder that represents your operating system, it will be Mac 10.6 or Mac 10.7
  4. Mac 10.6 users only: double click on the file 'libusb.pkg' in the default downloads folder to install the USB library
  5. The Safesign – InstallShield Wizard will start to run. Select the appropriate language from the drop down list and click 'Next'
  6. The Safesign – InstallShield Wizard will ask if you want to install SafeSign on your computer. Click 'Next' if you agree
  7. Review the license agreement, and if you agree with the terms, select 'Yes' and click 'Next'
  8. Accept default settings and follow instructions

Steps 9 to 11 are only for users who have an older version of SafeSign installed on their computer

  1. Uninstall the Token Administration Utility software before installing the new software Uninstall the software by installing SafeSign Uninstaller.app and reboot your computer
  2. Double click the file ‘SafeSign_Identity_Client-Standard-3.0.72-general-i386-x86_64.pkg’ in the default downloads folder to install the smartcard driver
  3. Accept default settings and follow instructions

Step 2: Insert the SIM card into the USB token

1. Open using a screwdriver (if required)

the image shows how to open the usb with a screw driver ir nessary

2. Insert the SIM card under the tab

the image shows how to insert the sim card into the usb

the image shows how the sim card should look after inserting into the usb

3. Before closing, make sure you slide the front edge of the casing door into the main casing. Snap shut.

closing the usb with sim inside

Step 3: Plug the USB token into your computer

Your USB token should have a solid green light when it’s plugged in. If there isn’t a green light, try inserting it into a different USB port. You can also try double checking that Step 1 and Step 2 have been completed successfully. If the USB token still doesn’t have a solid green light, call the Medicare eBusiness Service Centre for support on 1800 700 199*.

 

Step 4: Install the Medicare chain of trust

For your PKI certificate to work, you need to install the chain of trust on your computer. The chain of trust validates your PKI certificate.

The chain of trust is made up of 3 certificates:

  1. Medicare Root CA
  2. Medicare Organisation CA
  3. Medicare Organisation CA2

Use the guides below to help you install the chain of trust.

Apple Mac

Windows

 

Step 5: Configure your web browser

Your web browser may need additional configuration so you can access online services with your PKI certificate. Use the guides below to configure your web browser.

Apple Mac

Firefox is the only web browser that can support PKI for Macs.

Windows

To configure your web browser, use the configuration guides below.

You can change your PIC to something easier to remember through the Token Administration Utility at any time. Store your original PKI letter and PIC in a secure place. If you accidently lock your token you will need them to unlock it.

For support call the Medicare eBusiness Service Centre on 1800 700 199*.

Healthcare public directory

The healthcare public directoryExternal link lists individuals and organisations that have an active Medicare PKI certificate. You can also access the certificate revocation list from this directory.

Go to Certificates AustraliaExternal link for more information about the directory.

Standards and legislation

We have IT standards for electronic transmission, scanning and storage of:

  • referrals to specialists/consultant physicians, and
  • requests for pathology and diagnostic imaging services

These standards, which need to be read, are:

Our PKI Certificates are based on the Australian Gatekeeper (Public Key Infrastructure)External link framework and meet the International Organisation for Standardisation (ISO) Health Informatics—Public Key Infrastructure technical specification (ISO/TS 17090).

Certificate Manager

Certificate Manager (also known as PKI Certificate Manager) has been provided to all online claiming software developers as a solution for storing and managing certificates. Certificate Manager provides end-users with a tool that can easily replace or update certificates. 

Features of PKI Certificate Manager

  • Provides visibility of Certificate Store, including expiry date of certificates.
  • Allows easy replacement of expired certificates.
  • The supported operating systems are:
    1. Microsoft Windows Vista and Windows 7
    2. Microsoft Windows XP and Windows 2000
    3. MacOS X 10.6
    4. MacOS X 10.5 & MacOS X 10.4

Download the Certificate Manager.

Medicare PKI certificate expiry

What this means for you

Medicare Online, PBS Online, Aged Care Online Claiming and ECLIPSE

Our Medicare Public Key Infrastructure (PKI) certificate expires on 18 December 2014. This certificate is used to encrypt the transmissions you send to us electronically from your software, and is used to digitally sign the responses we send back.

We’ve replaced our certificate and started actively using a new certificate from 13 September 2014. In most cases, the Medicare PKI certificate will automatically update if you transmit between the 13 September and 18 December 2014. If you experience an unexpected error message after 18 December 2014, you may not have automatically received our new certificate or may not have followed the manual update process. To help resolve errors you may be encountering, make sure you refer to Manually updating your system.

Healthcare Identifiers

  • Contact your software vendor for further advice and assistance on updating your Medicare PKI certificate

EDI Gateway

  • Unlike the Online Claiming channels, EDI Gateway users cannot import or use the new Medicare PKI certificate dated 7 February 2014 until advised to do so
  • We will issue updates, including a guide, alerting users to the upcoming change
  • We have tentatively scheduled 17 November 2014 as the Medicare PKI certificate changeover date
  • Sites can book in to test their system with the new Medicare PKI certificate from mid-September. Please contact Online Technical Support on 1300 550 115 to schedule this

Manually updating your system

Before you start manually loading our certificate into your software, make sure you work through the following steps:

Note to EDI Gateway users: You will be provided with separate guides and advice on when to manually update your  systems. Please do not update until you have received further advice.

  1. Depending on the software you use, your software vendor may have a specific support process that you need to follow. Contact your software vendor first to see if they have a specific support process before continuing with the process below
  2. Identify which of your computers hosts your software. This might be your local computer or a central server computer. Contact your IT support area to help you identify the correct computer, or check to see if you have Certificate Manager installed on the computer you are using. You can find Certificate Manager in your Control Panel if you are using Microsoft Windows or the Applications folder if you are using a Mac
  3. Locate your certificate store password. This password was used to set up your certificate store when your software was first installed onto the computer. If you don’t know what the password is, contact your software vendor or IT support area. If you can’t find your store password after speaking with your software vendor and IT support area, call us on 1800 700 199
  4. Find out whether you have administrator access on the computer you are using. If you have administrator access you will be able to install the new version of our Certificate Manager. To continue to claim Medicare benefits and use patient verification, follow the steps under Administrator access. If you don’t have administrator access but already have an older version of Certificate Manager installed, go to No administrator access
  5. If you have your software open at the moment, make sure you close it before you start manually loading our certificate

Administrator access

We recommend that you speak with your software vendor if you are unsure of the location of your current certificate store or do not know your certificate store password.

  1. Download the new Certificate Manager from our website
  2. Install our new Certificate Manager
  3. Open the new Certificate Manager
  4. Select the 'Setup' button on the right hand side
  5. Select 'Search for an existing store' and select 'Next' or 'Continue'
  6. In the new window that appears, select the drive that you would like the Certificate Manager to search and select 'Next' or 'Continue'
  7. The search may take some time. Once complete, the search results will display. Select the location of your certificate store and select 'Next' or 'Continue'
  8. Select the 'Store' button on the right
  9. Select 'Initialize Defaults'
  10. Enter your store password and select 'Next' or 'Continue'
  11. Select 'Finish' or 'Done' to complete the process
  12. Close Certificate Manager

No administrator access

  1. Download the following files onto your computer:
    • Medicare Public Signing Certificate – DownloadExternal link
    • Medicare Public Encryption Certificate – DownloadExternal link
  2. Open Certificate Manager
  3. Select the 'Other People' tab
  4. Drag and drop the Medicare Public Signing Certificate and Medicare Public Encryption Certificate into this tab, or select 'Import' and find these files
  5. Enter your store password when prompted and select 'Next' or 'Continue'
  6. Select the Root Certification Authorities tab
  7. Drag and drop the Organisation Certificate Authority Public Certificate into this tab, or select 'Import' and find this file
  8. Enter your store password when prompted and select 'Next' or 'Continue'
  9. Close Certificate Manager

Confirming that your system has been updated

Try transmitting to us from your software to confirm that your system has been updated. If you bulk bill with us electronically, try to retrieve a bulk bill payment report.

If the transmission works, you do not need to perform any further checks.

If your transmission does not work, follow the steps below. You can use these to confirm that either an automatic or manual update process has been successful. You must have Certificate Manager installed to do this.

  1. Open Certificate Manager
  2. Select the 'Other People' tab
  3. At the bottom of the list, you will see our new public encryption certificate is listed with the email ebus@medicareaustralia.gov.auEmail and expiration date 7 February 2019 (encryption certificates are shown with a picture of a padlock next to them)
  4. If you have completed the Manually updating your system process, you will also see our new public signing certificate listed with the email ebus@medicareaustralia.gov.auEmail and expiration date 7 February 2019 (signing certificates are shown with a picture of a pen next to them)
  5. Close Certificate Manager

If your system has not been updated successfully, you can complete the Manually updating your system process, call your software vendor or IT support area, or call us on 1800 700 199.

For more information

Phone: eBusiness Service Centre on 1800 700 199*
Open 8.30 am to 5.00 pm Monday to Friday, Australian Eastern Standard Time
Email: ebusiness@humanservices.gov.auEmail

* Call charges apply from mobile and pay phones only.

Some documents on this page may require the free Adobe PDF reader.

Last updated: 12 September, 2014