Configuring Medicare Certificates

About Medicare Certificates

Choose the below scenario that relates to your requirement regarding configuring Medicare Certificates in Bp Premier:

  1. You are a new Bp Premier practice and are setting up online claiming for the first time.
  2. You are an existing Bp Premier practice and have set up online claiming, but you now need to renew your certificates.
  3. You are an existing Bp Premier practice and have an existing online claiming store, but you need to create a new online claiming store.

Frequently asked questions

What Types of Certificates Are Issued by Human Services?

Several different certificates can be obtained from Human Services; the following are used by Bp Premier.

Certificate

Usage

PKI Site Certificate

Required for Online Claiming and My Health Record.

NASH Certificate

Used by My Health Record functionality.

Medicare Certificates

Used by Medicare to establish secure communications. These are supplied in the "C:\Program Files\Best Practice Software\BPS\MedicareCerts\" folder.

How Often Do I Need to Update my Certificates?

Human Services PKI certificates expire every 2 or 5 years. If your have the PKI Certificate Manager installed, the certificates should auto-update. To check certificate expiry:

  1. Log in to Bp Premier and navigate to Setup > Configuration > Online claiming.
  2. Click Check certificate expiry. Bp Premier displays the certificates and their expiry dates.

What If I Run into Problems with My Medicare Online Setup?

See Troubleshoot online claiming for more information.

What if my site certificates have been auto-updated on my server and I need to use them on other machines?

My Health Record functionality also uses site certificates. If you have auto-renewing certificates and you need your updated site certificate to update My Health Record:

  1. Export the site certificate on the server. Export Medicare site certificates
  2. Import the certificate on the server for my health. See Import Your Site Certificate.

What If I Have Existing Medicare Certificates Installed?

If you already installed Medicare certificates on your system and have received a new CD and PIC passphrase, there are a few additional actions to perform before installing the new certificates.

Install certificates at a new Bp Premier practice

The Human Services Public Key Infrastructure (PKI) is a required component of the integration between Bp Premier and Medicare Online. Contact Medicare eBusiness centre on 1800 700 199 to obtain the application forms to register for PKI and Medicare Australia Online. The Public Key Infrastructure works by utilising certificates which enable secure communication between your practice and Human Services computers.

Setting up a New Online Claiming Store

Follow these instructions to install new site certificates. These instructions must be performed by a user with Allow access on the Configuration permission. Perform these instructions on your server machine.

Create Certificate Store

  1. Log in to Bp Premier and navigate to SetupConfigurationOnline claiming.

    Online claiming icon

  2. Click Change. The Path to certificate store screen appears.

    Path to certificate store screen

  3. Click the ellipse button [...] and browse to the path where you want to create your certificate store. This is typically C:\ProgramData\BPOnline.
  4. Take a note of the store path as it is required later.
  5. Click Save. Bp Premier will prompt that the certificate store does not exist and ask ‘Would you like to create one now?'
  6. Click Yes to create the store. You are prompted for a password for the certificate store. This password MUST be the same as the password provided to you from Medicare with your certificates. This is called your Personal Identification Code (PIC).

    NOTE   Do not misplace this password. You are responsible for this password; Best Practice Software cannot retrieve this for you.

Import Medicare Certificates

  1. Click Import Medicare certificate. The HeSA Certificates screen appears.

    Import Medicare Certificate

  2. The Folder where certificates can be located field points to "C:\Program Files\Best Practice Software\BPS\MedicareCerts\" by default, navigate to this path if this is not selected. The window displays Medicare Australia certificates in that folder.

    NOTE  Do not use the certificates on the CD supplied from Medicare. You must use the certificates found in C:\Program Files\Best Practice Software\BPS\MedicareCerts\.

    HeSA Certificates Window

  3. Work through the list selecting each certificate and clicking Attach. If the certificate is imported successfully, Bp Premier will display 'The certificate was successfully imported'.
  4. Click Close to close the HeSA Certificates screen. Keep the Configuration screen open.

Install Site Certificates

  1. The next steps require your Medicare practice certificates:
    1. If you received your certificates on a CD, insert the CD into your computer.
    2. If you download your certificates from the certificates Australia web site, ensure they are accessible from this computer.
  2. Click Import site certificates. The HeSA Certificates screen appears.
  3. Click Change folder, browse to the CD drive or the folder where your downloaded certificates are located and click OK. The HeSA Certificates screen displays any site certificates found in that location.

    HeSA Certificates Window

  4. Select fac_encrypt.p12 and click Attach. A message will display showing if the certificate was successfully imported. Repeat for fac_sign.p12.
  5. Click Close.
  6. Click Check certificate expiry. The HeSA Certifcates screen appears.

    Medicare Certificate Expiry

  7. There should be at least five items listed similar to those on the example above. Two should mention 'Medicare Australia’ in the Certificate owner column (these are Medicare Australia’s certificates) and two should mention the clinic name (in the example, 'Test Location Certificate 134').
  8. Check that all the Expiry dates are future dates.
  9. Press Cancel to return to the Configuration screen.
  10. Press Save.

Install the PKI Certificate Manager on Your Server

The CD that contains the site certificates also contains an installation for the PKI Certificate Manager. Install this utility to ensure that your certificates auto-update. See the PKI website for more information on the PKI Certificate Manager.

Share Your Certificate Store Path

Share your certificate path store on your server so that all machines that utilise Medicare functionality can use the same certificates. Perform these steps on your server machine.

  1. Open Windows file explorer and browse to your certificate path store. This was noted previously when importing certificates and is typically C:\ProgramData\BPOnline.
  2. Share the certificate store path so that it is visible to other machines on the network.
  3. NOTE  Your practice's IT support can help if you are unsure how to share folders and change access permissions.

  4. Give all Windows users who access Bp Premier ‘full control’ permissions to the folder and its contents.

    HIC.psi file - give 'Everyone' 'Full Control'

  5. Note the UNC path to the shared folder, for example, \\Desktop123\bponline, this is the store path you need to enter on all client machines.

Set up Medicare Certificates on Workstations

Perform these steps on every workstation that will utilise Bp Premier Medicare functionality.

  1. Log in to Bp Premier and navigate to SetupConfigurationOnline claiming.

    Online claiming icon

  2. Click the Change button.
  3. Enter in the UNC path to the certificate store on your server; this is the store path shared from your server.

  4. Click Save.
  5. Click Check certificate expiry. If sharing has been set up correctly for the certificate store, Bp Premier will display the certificates and their expiry dates.

You have now completed the certificate configuration.

Renew certificates into an existing store

Three scenarios can occur when site certificates need updating.

  1. If the PKI Certificate Manager is installed, there should be nothing to do; the certificates should update automatically. To check your certificate expiry navigate to Setup > Configuration > Online claiming from the main window. Click the Check certificate expiry button.
  2. NOTE  Do not remove your current certificate.

  3. If you have received a new certificate and passphrase then you will create a new certificate store. Follow the steps in Install new certificates into an existing store
  4. If the PKI Certificate Manager is installed, but the certificates have not updated correctly, use the steps on the following pages (Section 2).

Download Your Site Certificates

  1. Open the following link in an internet browser: Certificates Australia.
  2. Enter at least one of the following and click Search!:
    • First Name of person registered against the site certificate
    • Surname or RA Number
    • Email address registered against the site certificate (email is the quickest search)
    • Organisation name registered against the site certificate.
  3. Verizon Certificate Search

    Click Click here for search tips for guidelines on effective searches and using the * wildcard.

  4. Any matching certificates will be returned. Click Download next to the Signing Certificate and the Encryption Certificate and download both files to a known location. You will need to supply the location of these certificates in the final step.
  5. Details have been blanked in the example below.

    Verizon Certificates Returned

Renew Your Site Certificate Using the PKI Certificate Manager

Perform the instructions on the Bp Premier server machine with the certificate store installed (the file HIC.psi).

NOTE  Do not delete your old certificates.

Install PKI Certificate Manager

  1. If Medicare's PKI certificate manager has not been installed, download the certificate manager software from the Department of Human Services.
  2. Unzip and install PKI Certificate Manager Software on the computer where the certificate store is located.

Renew Certificate

  1. From the Windows desktop, open the Control Panel.
  2. Select Small icons from the View by drop-down in the top right-hand corner.

  3. Click PKI Certificate Manager. The Store Setup Wizard opens.

  4. Select Use an Existing Store and click Next.

  5. Browse to the location of the Bp Premier certificate store file hic.psi. By default, this file is in C:\ProgramData\BPOnline on the server. If you’re unsure of the path to the HIC file, in Bp Premier, select Setup > Configuration > Online Claiming and check the Path to certificate store value.
  6. Click Finish. The PKI Certificate Manager will open, showing the certificates stored in the HIC file.
  7. Leave the certificate manager open. Browse to the location where you downloaded your certificates.
  8. Drag the Encrypt and Sign.cer public certificate files and drop into the PKI Certificate Manager. The certificate manager will prompt you for the Medicare site certificate PIC passphrase.
  9. Log in to Bp Premier and navigate to SetupConfigurationOnline claiming.
  10. Enter the passphrase and click OK. The expired site certificates will remain in the store. Two new certificates will be created with updated expiry dates in the future.
  11. NOTE  Do not delete your old certificates.

  12. Close PKI Certificate Manager.

Check Certificate Expiry

To check that your certificates have been set up correctly, check their expiry date in Bp Premier.

  1. Open Bp Premier.
  2. Navigate to Setup > ConfigurationOnline claiming.
  3. Click Check certificate expiry.
  4. If certificates have been updated correctly, Bp Premier will display the certificates and their expiry dates.

Click Check certificate expiry. If sharing has been set up correctly for the certificate store, Bp Premier will display the certificates and their expiry dates.

You have now completed the certificate configuration.

Install new certificates into an existing store

If you already installed Medicare certificates on your system and have received a new CD and PIC passphrase, there are a few additional actions to perform before installing the new certificates.

If you have auto-renewing certificates follow the steps in Renew site certificates.

Renaming the Old Medicare Certificate Store

  1. On your server machine open Bp Premier and navigate to Setup > Configuration > Online claiming.
  2. Note the value stored in the Path to certificate store field.
  3. Close Bp Premier
  4. In Windows Explorer navigate to the path where the certificate store is located.
  5. Right-click the folder and select Properties > Sharing. Remove the sharing for this folder so that it is no longer visible over the network.
  6. Rename the HIC.PSI file to HIC.old (or similar) by right-clicking and choosing Rename.
  7. Rename HIC.PSI file

Setting up a New Online Claiming Store

Follow these instructions to install new site certificates. These instructions must be performed by a user with Allow access on the Configuration permission. Perform these instructions on your server machine.

Create Certificate Store

  1. Log in to Bp Premier and navigate to SetupConfigurationOnline claiming.

    Online claiming icon

  2. Click Change. The Path to certificate store screen appears.

    Path to certificate store screen

  3. Click the ellipse button [...] and browse to the path where you want to create your certificate store. This is typically C:\ProgramData\BPOnline.
  4. Take a note of the store path as it is required later.
  5. Click Save. Bp Premier will prompt that the certificate store does not exist and ask ‘Would you like to create one now?'
  6. Click Yes to create the store. You are prompted for a password for the certificate store. This password MUST be the same as the password provided to you from Medicare with your certificates. This is called your Personal Identification Code (PIC).

    NOTE   Do not misplace this password. You are responsible for this password; Best Practice Software cannot retrieve this for you.

Import Medicare Certificates

  1. Click Import Medicare certificate. The HeSA Certificates screen appears.

    Import Medicare Certificate

  2. The Folder where certificates can be located field points to "C:\Program Files\Best Practice Software\BPS\MedicareCerts\" by default, navigate to this path if this is not selected. The window displays Medicare Australia certificates in that folder.

    NOTE  Do not use the certificates on the CD supplied from Medicare. You must use the certificates found in C:\Program Files\Best Practice Software\BPS\MedicareCerts\.

    HeSA Certificates Window

  3. Work through the list selecting each certificate and clicking Attach. If the certificate is imported successfully, Bp Premier will display 'The certificate was successfully imported'.
  4. Click Close to close the HeSA Certificates screen. Keep the Configuration screen open.

Install Site Certificates

  1. The next steps require your Medicare practice certificates:
    1. If you received your certificates on a CD, insert the CD into your computer.
    2. If you download your certificates from the certificates Australia web site, ensure they are accessible from this computer.
  2. Click Import site certificates. The HeSA Certificates screen appears.
  3. Click Change folder, browse to the CD drive or the folder where your downloaded certificates are located and click OK. The HeSA Certificates screen displays any site certificates found in that location.

    HeSA Certificates Window

  4. Select fac_encrypt.p12 and click Attach. A message will display showing if the certificate was successfully imported. Repeat for fac_sign.p12.
  5. Click Close.
  6. Click Check certificate expiry. The HeSA Certifcates screen appears.

    Medicare Certificate Expiry

  7. There should be at least five items listed similar to those on the example above. Two should mention 'Medicare Australia’ in the Certificate owner column (these are Medicare Australia’s certificates) and two should mention the clinic name (in the example, 'Test Location Certificate 134').
  8. Check that all the Expiry dates are future dates.
  9. Press Cancel to return to the Configuration screen.
  10. Press Save.

Install the PKI Certificate Manager on Your Server

The CD that contains the site certificates also contains an installation for the PKI Certificate Manager. Install this utility to ensure that your certificates auto-update. See the PKI website for more information on the PKI Certificate Manager.

Share Your Certificate Store Path

Share your certificate path store on your server so that all machines that utilise Medicare functionality can use the same certificates. Perform these steps on your server machine.

  1. Open Windows file explorer and browse to your certificate path store. This was noted previously when importing certificates and is typically C:\ProgramData\BPOnline.
  2. Share the certificate store path so that it is visible to other machines on the network.
  3. NOTE  Your practice's IT support can help if you are unsure how to share folders and change access permissions.

  4. Give all Windows users who access Bp Premier ‘full control’ permissions to the folder and its contents.

    HIC.psi file - give 'Everyone' 'Full Control'

  5. Note the UNC path to the shared folder, for example, \\Desktop123\bponline, this is the store path you need to enter on all client machines.

Set up Medicare Certificates on Workstations

Perform these steps on every workstation that will utilise Bp Premier Medicare functionality.

  1. Log in to Bp Premier and navigate to SetupConfigurationOnline claiming.

    Online claiming icon

  2. Click the Change button.
  3. Enter in the UNC path to the certificate store on your server; this is the store path shared from your server.

  4. Click Save.
  5. Click Check certificate expiry. If sharing has been set up correctly for the certificate store, Bp Premier will display the certificates and their expiry dates.

You have now completed the certificate configuration.

Feedback

Set up Medicare Certificates. Configure Medicare Certificates. Install Medicare Certificates. Online claiming certificates. Import Medicare certificates.