Cards, libraries, readers, dongles, passwords, pins, PUCs and PUKs were the incomprehensible staples of secure online connections 10 years ago. They were needed for the first implementation of the Federal government's online services for Australian health practitioners. They were hated by end users and rarely used in practice.
The Australian government and the Department of Human Services are therefore to be congratulated on implementing a more modern approach to online authentication. The roll-out of the new service began a few months ago to little fanfare but is now available to Australian medical practitioners.
Provider Digital Access (PRODA) dispenses with the paper correspondence and passwords sent through the mail. It also dispenses with the hardware required for the first generation of online security. Both of these components were significant obstacles to making the system easy to use.
The Department has enough information about practitioners from its existing databases to authenticate health practitioners and allow them to create a user account. As part of the account creation PRODA establishes three security questions and answers and links the new identity to an email address and mobile phone number for SMS messaging. Activation codes are sent via each of these communication channels and entered back into the online registration form by the user as part of the account creation process.
The final step is validating your identity using three personal documents. There are a range of approved documents that include the Medicare card, Australian driving license, passport and birth certificate as well as other less frequently used identity documents.
Once your PRODA account has been created you can link it to your Health Practitioner Online Services (HPOS) account in order to access HPOS messages and programs such as the Practice Incentives Program and DVA programs.
Despite the lengthy steps required, registration can be completed in one session if you have the required documentation to hand. This makes for a far smoother process than the previous system's and should result in greater uptake and use by the profession.
Once the PRODA has been set up it is an easy matter to log into HPOS. Enter your username and password and then on the next screen the six digit authentication code that is sent to you via your preferred communication channel of email or SMS.
Another alternative for this second factor authentication is to use a time-based one-time password algorithm (TOTP). Once activated the six digit code is generated on your smartphone and entered into the authentication screen. Examples of this are increasingly common on the web and TOTP is an option for NRGPN members logging into the GPSpeak website. (See secret key option)
The Australian Digital Health Agency has a helpful guide to creating your PRODA account and using it to access HPOS.