Public Key Infrastructure (PKI)
PKI (Public Key Infrastructure) has been adopted by the Australian Government to provide a robust system of security for online transactions. In the healthcare sector, the HIC has adopted this system and intends to employ this for all e-business activities, with the intent of PKI keys for all healthcare professionals.
The HIC are moving to phase out MedClaims and move to an internet-based system called HIC Online. This is HIC's main push for adopting PKI at the moment, but there are many more applications that can take advantage of its robust security. Other applications of PKI technologies include electronic communications between health providers. The Divisions SEPIX project is an example of such an application. To learn more about SEPIX click here.
We're here to help you through the process, and have put together a collection of resources to guide you and answer some of your questions.
What is PKI?Public Key Infrastructure (PKI) is a set of procedures and technology that provides security and confidentiality for electronic business. Information can be sent between trusted individuals or organisations with confidence that; you know who sent it, the content has not been altered, only the intended recipient can read the email, and the sender cannot later dispute what was written or sent.
Each individual requires a physical key (called an iKey) which contains a unique code. This code is used to digitally sign, encrypt and decrypt emails (or other types of requests). An encrypted message cannot be read unless it is unlocked with the key and appropriate password. Keys are only issued to those who can prove their identity via 100 points of identification, and cannot be used without a password.
A list of frequently asked questions has been provided by the HIC.
What do I need for PKI?
(Also see PKI - What do you need? document - pdf)
Certificates
Location and Individual certificates must be obtained from HeSA..Individual e-mail addresses
Each certificate (location and individual) must be associated with a unique e-mail address. You will require an e-mail address for your practice (location certificate) and one for each GP (individual certificate).
(also see Individual E-mail Address Solutions for PKI - pdf)Hardware
Modem for internet access.
USB port on each computer using an individual certificate. The individual certificate comes in the form of an iKey, a physical device which plugs into the USB port on your computer. Most computers made within the last few years (Pentium II upwards) have a USB port built in. If your computer does not have a USB port, one can be added in the form of an additional card for around $60.Software
Operating system -
Windows 95B / 95C / 98 / 98SE / 2000 / NT/ XP are all acceptable operating systems.
Windows 3.x, 95A, ME are not supported. .
PKI-compliant e-mail program -
Outlook 98 or 2000 (Outlook 97 is not supported)
Eudora
Netscape Communicator 4.7x
Outlook Express 5.x & 6.x
Lotus Notes
Get individual e-mail addresses
Before you apply for individual certificates, you will need to set up an individual e-mail addresses for each user who will be using PKI. Also, a unique e-mail for the practice should be set up.
(also see Individual E-mail Address Solutions for PKI - pdf)Apply for certificates
You will need to apply to HeSA (Health e-Signature Authority) for your certificates, which will be sent out to you. Complete the HeSA forms, providing proof of your identity and that you are a healthcare professional (provider number etc.). Application forms and guides are available in the PKI resources section. Registration packs containing hard copies of all forms and software are also available from the Division.Check hardware requirements
USB port - for iKey
Modem - for internet connectionCheck Software Requirements
Windows 95B/95C/98/98SE/NT/2000/XP
PKI-Compliant E-mail program (see above)See our Installation and Troubleshooting section in the PKI resources for helpful troubleshooting documents.
