Secure development practices

Protecting health information is a key part of caring for healthcare consumers.

Updates to My Health Record Connecting Systems – Security Conformance Profile

The Agency published the My Health Record Connecting Systems Security Conformance Profile v1.0 on the Agency’s Developer Portal in September 2024. Learn more.

The following guides and resources have been designed to assist developers in following secure development practices while creating healthcare solutions.

Developer guides

My Health Record Connecting Systems - Security Conformance Profile - FAQs

The Security Requirements for My Health Record Connecting Systems Conformance Profile contains software requirements that harden clinical information systems from cyber security attacks, uplift information security and protect patient information and your software product.

NASH SHA-2 Certificates - Developer Guide

This developer guide is for developers whose products connect to the HI Service, My Health Record, electronic prescribing and secure messaging using a NASH (National Authentication Service for Health) PKI certificate.

Security resources

Security resources from our Cyber Security Awareness team.

Resources

NASH Organisation Certificate Tracker v1.0.1

Services

National Authentication Service for Health (NASH)

Topics

Secure development practices

EP-2297:2016

Type

Product

Version

1.0.1

Status

Active

The National Authentication Service for Health (NASH) Organisation Certificate Tracker is a simple tool for listing the expiration dates of NASH PKI Certificates for Healthcare Provider Organisations (NASH certificates). Healthcare provider organisations need active NASH certificates to both access the My Health Record system and securely send and…

NASH SHA-2 Readiness Assessment v1.3

Services

National Authentication Service for Health (NASH)

Topics

Secure development practices

EP-3719:2022

Type

Product

Version

1.3

Status

Active

National Authentication Service for Health (NASH) NASH SHA-2 PKI Certificate Readiness Assessment v1.0 PDF This provides detailed guidance for developers on the NASH SHA-2 readiness assessment use cases, technical requirements, testing approach and processes. NASH SHA-2 Readiness Test Specs v1.3 XLS Introduces changes to the test environment endpoints for…

National Authentication Service for Health v1.0

Topics

Secure development practices

EP-1011:2012

Type

Product

Version

1.0

Status

Active

The National Authentication Service for Health (NASH) makes it possible for healthcare providers and supporting organisations to securely access and exchange health information. NASH provides Public Key Infrastructure (PKI) Certificates that help you or your organisation to: access the My Health Record system; and send and receive messages securely using…

National eHealth Security and Access Framework v4.0

Topics

Secure development practices

EP-1544:2014

Type

Product

Version

4.0

Status

Active

The National eHealth Security and Access Framework (NESAF) provides standards, tools, and guides for the Australian healthcare sector to build and implement secure systems that protect patient data and eHealth-related assets, while providing the provenance required for ensuring patient safety and privacy. (For more details and to download fact sheets, see…

Secure development practices

Updates to My Health Record Connecting Systems – Security Conformance Profile

Developer guides

My Health Record Connecting Systems - Security Conformance Profile - FAQs

NASH SHA-2 Certificates - Developer Guide

Security resources

Resources

NASH Organisation Certificate Tracker v1.0.1

NASH SHA-2 Readiness Assessment v1.3

National Authentication Service for Health v1.0

National eHealth Security and Access Framework v4.0

On this page

Site menu