If you are receiving a message when you log in to Genie stating '1 PKI Certificate has expired or will expire within 30 days from the GENXXXXX PSI Store' it is likely that you're due to update the certificates that allow you to transmit to Medicare, DVA and Health Funds. The following article will navigate you through updating your certificates.
Before you begin
If you are installing your certificate for the first time, you will need to ensure you have the CD containing the certificate, as well as the Personal Identification Code (PIC) that is provided to you separate to your certificate. Please refer to the Creating the PSI Store section in the Setting Up HIC Online article for further information.
When you receive the message upon logging in, you have the option to check the Certificate Details from the error message, by clicking the Details button.
This will open the PSI Store to the Certificate Manager window showing the expired/expiring certs:
Certificates highlighted in pink indicate they are already expired.
Certificates highlighted in yellow indicate they will expire within 30 days.
To get a more comprehensive look at the certificates currently in your PSI Store, you can also navigate to File > Maintenance and Reports > Administrator > HIC Online PSI Store.
Note: You may see more than one PSI Store records appear in this window, but usually there will only be one that will have your GEN number attached.
Double click on your GEN number to open the relevant PSI Store for your practice. In the next window, click on the Certificate Details button on the right of the page. You will be presented with the Certificate Manager window again and this time you should be able to see a list of all the certificates in your PSI Store.
Once you have the Certificate Manager window open you can identify which certificates are expired. You can use the tabs across the top of the window to isolate certain certificates e.g. clicking the Location tab will only show the Location certificates in your PSI Store.
In the Issued To column, your location certificates will usually have the name of the doctor the certificate is registered to followed by the RA (Registration Authority) number of the certificate e.g. Dr John Smith: 1234567890. If your Location certificate is registered to your practice you will see the practice name listed in this column instead.
The Email Address column will show the email address registered against the certificate. This will usually be either the doctor's email or the practice email.
The Key Usage column tells you the purpose of the certificate. This will usually be listed as either Digital Signature or Key Encipherment.
The Expires column tells you the date the certificate is set to expire.
Medicare Online Certificates
Issued To: "Medicare Australia" should be listed here followed by the RA number of the certificate.
Email Address: This should be listed as email@example.com
For more information about updating these certificates, please refer to our article on Updating Medicare Online Certificates.
NASH (My Health Record) certificates
Issued To: This will be formatted with the HPI-O number for the practice listed in the name and will also have the phrase "electronichealth" entered as part of the name of the certificate e.g. general.8003629900019338.id.electronichealth.net.au
Before you decide to update or delete any expired certificates out of your PSI Store, it is important to ensure you have a copy of your PSI Store available before any changes are made in case something goes wrong in this process. Note: Any changes you make to the PSI Store on one client computer will affect the PSI Store for all other users.
There are a few ways you can backup your PSI Store:
Uploading HIC Online Log Files
This will upload a copy of your HIC Online configuration, including a copy of your PSI Store to us you we have a copy of this on file. You can do this by navigating to File > Maintenance and Reports > Administrator > Upload HIC Online Log files. You will receive a prompt advising if these files have been uploaded successfully.
If you receive an error message, there may be something in your network preventing you from uploading these files to us, or you may not be on a version of Genie that allows these files to be uploaded. Note: you will need to be on Genie version 9.0.1 or higher to be able to use this feature.
Manually copying the PSI file
In the event you are not able to upload a copy of your HIC Online through the application, you can take a copy of your PSI Store manually by following the steps outlined below:
- Navigate to Help > About Genie (Windows) or Genie Client > About Genie (Mac)
- Alt/Option click on the Printer icon
- In the next window, double click on the highlighted Client folder, then open the HIC Online folder
- Your PSI file will be located in this folder and will be named in the format GENXXXXX.psi (where the X's are your GEN number)
- Right click on this file and choose to Copy it
- Paste this somewhere on your computer you will be able to find this easily e.g. the desktop
Once you have taken a backup of your PSI Store, you can proceed with updating the certificates if they are expired.
If you have not requested new location certificates with Medicare, auto-renewed location certificates should be downloaded automatically into your PSI Store 60 days prior to the old location certificates expiring, so you should not need to download these certificates into your PSI Store manually.
They will require the expiring location certificates to still be in the PSI Store in order to renew correctly and become active certificates.
Note: it is recommended that you keep the old location certificates in the PSI Store even after they have expired. If you would like to delete these certificates after they have expired, please ensure you have the original CD these location certificates were issued with (as well as the PIC code), or ensure you have taken a copy of the PSI Store (as seen above) prior to deleting these.
If you notice these new location certificates do not appear in your PSI Store automatically, you can attempt to download these manually by clicking on the Update Location Certs button in your PSI Store, then clicking the Find New Certificates button in the window that appears.
You will be taken to the Verizon website where you can search the Healthcare Public Directory.
From here, you can enter the surname of the person registered against the certificates, or the RA number if you know this. If this search returns no certificates, you may need to try entering the name of the practice, or confirm who the certificates are registered to with Medicare if you are unsure.
If you are able to find the correct up to date certificates for your practice here, click the Download button for both of the files present to download these to your computer.
Once these are downloaded, to import these into your PSI Store click the Update Location Certs button and click Browse to browse to the two files. With these certificates, you should not be required to enter your location passphrase to import them and can click OK to begin importing these.
If these certificates are not an exact match to the expiring location certificates currently in your PSI Store, you will receive an error message during this import as seen below:
This message indicates the private key (attached to the location certificates installed via CD) is different to the public key (attached to the auto-renew certificate). If this is the case, you will not be able to import the auto-renew certificates until you have the corresponding private key for your auto-renew certificate in the PSI Store.
For further assistance with this error, please contact Genie Support who will be able to point you in the right direction.
Update using a CD
If you have requested a new set of location certificates from Medicare after changing locations or updating your information, you will be issued a new CD by Medicare that will contain these new certificates. To import these certificates, you can click the Update Location Certs button in your PSI Store record.
This will open up a window asking for you to select the Signing File and Encryption File that can be found on the CD supplied by Medicare.
The names for these files will automatically populate in this window, however will need to browse to the actual files themselves on your computer to select these correctly. Click the Browse button next to each of these and select the corresponding file from the CD on your computer.
Once you have selected both files, you will be asked to enter the Location Passphrase (also known as the PIC code) for the certificate. This is usually sent to you in the mail separate to your CD. Once this is entered click OK to import these certificates into your PSI Store.
Using this method, you should find the old location certificates are removed, being replaced with your new location certificates. You can check this by clicking the Certificate Details button again in the PSI Store.