Secure Transfer

• Home
• What is PKI
• FAQ's
• Apply for Certificates
• S8 Online
• Prerequisites
• Generate S8 File
• Login to S8 Online
• Upload S8 Data
• Secure Email
• Hardware/Software
• Configure MSOutlook
• Reference Websites

Responsibilities of HCL Representatives

This guideline details the responsibilities of HealthCare Location (HCL) Representatives.

See Also
Responsibilities of GP Practice or Community Pharmacy

Responsibilities of HSE Representative

The HSE Representative is primarily responsible for signing the HealthCare Location (HCL) Agreement.

While the HCL Agreement does not involve substantial financial outlay, its effect is to establish the ability to use HCL Keys and Certificates. The person selected to be HSE Representative needs to be sufficiently senior to be able to sign agreements of this nature on behalf of the practice or pharmacy where the Site Certificates and Certificates are to be used.

Responsibilities of Duly Authorised Officer (DAO)

The Duly Authorised Officer has a significant role in the HCL as the main point of contact for the HSE and is responsible for looking after the Private Keys and nominating Authorised Users.
(Authorised Users are the only personnel apart from the DAO that may use the Private Keys.)

Responsibilities of the DAO include:

• Signing the HealthCare Location (HCL) Agreement. (The HSE is the main Subscriber party to the HCL Agreement but the DAO may also be a party in a personal capacity.)
• Applying for HCL Keys and Certificates.
• Taking delivery of the Personal Identification Code (PIC), which allows access to the Private Key.
• Appointing Authorised Users.
• Applying for renewal of the HCL Keys and Certificates.
• Requesting Certificate suspension or revocation. (This may also be done by the HSE Representative.)
• Checking relevant websites on a weekly basis to keep informed of notices issued by Medicare Australia.
• Ensuring Authorised Users only use the Keys and Certificates in accordance with the HCL Agreement.
• Providing consent to Medicare Australia disclosure of personal information. (Personal information obtained in the EOI process rather than patient information.)

The DAO needs to be a person of a reasonably senior level. They are responsible for most of the HSE’s obligations under the agreement and control access to the Keys and Certificate.

The DAO also needs to have a reasonable degree of technical knowledge. To properly store and secure the Keys and Certificates, seek renewal, revocation or suspension and to check updates supplied by Medicare Australia.

The DAO is responsible under the HCL CP for storage of Keys and Certificates, managing the use of personal information provided by the HSE, and has ownership of intellectual property rights in the Private Key.

---

Practice / Pharmacy Responsibilities:

• Before applying for the Site certificates, the Practice or Pharmacy needs to obtain a non-individual (location) email address from their Internet Service Provider (ISP).  This email address is then associated with the Surgery or Pharmacy within the PKI Keys and Certificates that are supported under the Medicare Australia Certificate Policy.
• The email address on the application form needs to exactly match the actual email address, including case.
  It is advisable to test the email address before completing the form.
• If the Practice or Pharmacy plans to have a continuous dial-up/broadband connection to the internet, Medicare Australia advises a Firewall and virus checking software.

---

This page last updated: 01 August 2008
Review date: 01 July 2009