An introduction to secure messaging

A brief overview to secure messaging in healthcare, why it is important and the barriers to secure messaging working seamlessly in the industry.

What is secure messaging?

Secure messaging is a much talked about topic in the Australian digital health space at the moment, but have you ever wondered what it is exactly? Too put it simply, secure messaging is a way to securely exchange documents between healthcare providers, organisations and consumers. It can replace existing forms of exchanging documents such as fax, post and email.

Documents most typically sent and received via Secure Message Delivery (SMD) include:

  • Referrals
  • Specialist Reports
  • Results
  • Discharge Summaries
  • Patient Summaries
  • Letters

Why is secure messaging important?

There are several reasons why secure messaging is important. These include:

  • Helps prevent the unauthorised interception of messages
  • Reduces paper files
  • Decreases errors associated with re-keying or transcribing
  • It notifies senders upon the successful delivery of the message
  • Integrated with clinical systems for better overall workflow

How does secure messaging work?

Firstly, a clinician will create a document in their own clinical software and will choose the recipient from the address book. In the background, the address book does a look-up to find the intended recipient. Once the recipient is selected and sent, the message is encrypted before leaving the messaging agent.

The message is transferred from one message provider (e.g. ReferralNet) to the other (e.g. Argus).

The message is decrypted after being received by the receiving messaging agent. The recipient receives the document into their clinical system, can view the document and attach it digitally to the client record.


There are five main challenges in the process outlined above. Read a brief overview of what they are and has been done or is being done to overcome them.

Message Protocols

Background: Historically, each messaging vendor has had proprietary protocols that prohibited them ‘talking’ to each other.

Industry changes to overcome this challenge: Australian Standards were created and agreed upon by vendors in 2010.


Background: NASH certificates are needed to certify healthcare providers. According to the Australian Digital Health Agency, a “NASH PKI certificate is a digital certificate that authenticates an individual provider or organisation”. One issue with using NASH certificates is that it is a lengthy and costly registration process. Further, providers must have a Healthcare Identifier to be eligible for a NASH Certificate, this means that not all providers are eligible for one. There have also been problems with the certificate renewal process which means that messaging systems were not being updated.

Industry changes to overcome this challenge: There are proposed changes in place to support messaging vendor issued certificates in order to overcome these barriers.

Local Address Book

Background: In the past, a local address book was needed to send information to someone else. As a healthcare provider, you need to keep your details up-to-date with your messaging provider and you need to ensure that recipient details are kept up-to-date in your clinical system.

Industry changes to overcome this challenge: A common interface is being developed that will allow clinical systems to connect to a cloud-based address book. The aim is to have communication between the address book services of different secure messaging providers so that you can find details of providers using different messaging vendors. This should also allow for ‘non-messaging’ address books to be integrated.

What you can do: To remove the need for you to maintain your own local address book and search for any recipient, regardless of message provider, you will need your clinical system provider to support the integration.


Background: Messages created by clinical systems are incompatible with other clinical systems. This means that a message created in one, cannot always be read in another. The main reason for this is the use of CDA messaging. There has been poor support by clinical systems for this format and requires new workflows for clinicians.

Industry changes to overcome this challenge: New message format standards (HL7 v2.4) have been created with clearer conformance points. Support is currently being added into clinical systems, however, it will take some time before most systems support the new standards.


Background: Originally there were no good, common identifiers for providers. It was hard to match providers recorded in different systems. Consequently, a Medicare Provider Number was often used as the ‘defacto’ standard.

Industry changes to overcome this challenge: New identifiers have been introduced; HPI-O and HPI-I. Though, these are not yet being well supported by all clinical systems and their address books. Furthermore, enrolment to obtain an identifier is still a barrier to many organizations and there are cases where some could not get an identifier. Consequently, often a Medicare Provider number is still used where available.

Although there is still work to do for a seamless flow of information throughout the industry, secure messaging has come a long way since it first began.

Success in interoperability?

There have been, and still are, interoperability trials being run to improve the exchange of information.

In late 2017, ReferralNet and Argus achieved and delivered 2-way interoperability. Currently, the interoperable messaging is working in an active environment across many industry sectors include General Practice, Specialist Services, Allied Health, Pathology and Diagnostic Imaging, Optometry, Psychology and many others. Since November the volume of messages exchanged between Argus and ReferralNet keeps increasing month-to-month.

The success of this interoperable messaging is due to the format of the message, vendor issues certificates, vendor issued identifiers and integrated address book searches. For example, when a ReferralNet user searches their active address book, the Argus subscriber directory is also searched.

Want to know more?

If you want to know more about how secure messaging can work for you, read more on our secure messaging page or contact us.