Upcoming changes to Medicare web services

Pete Williams | Mar 02, 2020

By March 2021, Medicare will migrate vendor integrations to a new web services model. The aim of this move is to modernise the platform, ensure higher security standards and provide for a more scalable method of processing transactions. 

This will mean that software vendors currently integrated to Medicare via legacy adaptor technology will need to develop new integrations, re-test, re-certify and deploy the new integration across their software suite. 

The following channels will migrate to web services:

  • Medicare Online
  • Department of Veterans’ Affairs (DVA) via Medicare Online
  • Australian Immunisation Register (AIR) via Medicare Online
  • ECLIPSE
  • PBS Online
  • Aged Care Online

Additionally, the process for enabling healthcare providers for online claiming via software vendors will change. Either software vendors or provider associated organisations - community clinics, hospitals, private practices - will need to specifically activate each practice location in PRODA and associate it with a particular software package. 

What does this mean for software vendors?

Increased security requirements - the Medicare web services migration comes with increased security requirements that a software vendor must or should - depending on requirement - attest to, including:

  • Software and application development, testing, operation and support is conducted within Australia;
  • If cloud-hosted, cloud computing providers must be listed on the Australian Signals Directorate’s (ASD) Certified Cloud Services List;
  • All data must remain onshore, within the Australian jurisdiction;
  • Software hosted by the cloud computing provider must reside on server infrastructure physically dedicated to Australian Government use;
  • Permanent privileged access to the cloud infrastructure must be limited to individuals who are Australian citizens and hold Australian Government Negative Vetting Level 1 security clearance or above;
  • Data at rest is encrypted using approved algorithms; 
  • Security code review is conducted on all parts of software during the development lifecycle;
  • Security penetration testing is performed after each major software release; and
  • Development strategies comply with the Australian Cyber Security Centre’s Essential Eight. 

Redevelopment of the integration - the current Medicare integration is based on adapter technology which will be incompatible with the new web services. Software vendors will need to re-integrate, re-test and re-certify with Medicare. With this integration a new software vendor agreement is required.

How can Medipass help?

Instead of integrating directly to each payment and funding solution, software vendors can integrate to Medipass to enable a range of payment and claim options. That means less development effort for you as software developer as well as more features for your customers. 

Medipass provides:

  • An out of the box integration solution - via a Software Development Kit (SDK) and web application experience that contains a set of predefined user experience with processing rules for Medicare, DVA, private health funds and other claim types. This means that clinical, booking or other service data can be sourced from any system to create a claim and validated interactively in a managed user interface prior to submission - you as a software vendor are not required to build or maintain a set of user interfaces with changing processing rules for each funding type
  • Fully compliant integration - including attesting to the security requirements for Medicare web services, private health funds and PCI DSS. Medipass handles compliance with the various funders and provides technical patterns for software vendors to easily achieve compliance without re-integration, testing and certification
  • Fully supported by Medipass - support for payments is complex and only growing in complexity as the number of integrations grows. One PMS vendor mentioned that over 40% of their support calls related to claim and payment transactions. Because Medipass only manages payment and claim integrations, we also provide associated real-time support and specialised assistance, and at no cost to the software vendor
  • In addition to Medicare, DVA and private health, Medipass supports additional funders like icare and NDIS with more in the pipeline. This single integration is designed to support all funding options in Australia
  • Medipass has a strong investment in confidentiality, integrity and availability controls that have been attested, certified by accredited third parties (Medipass ISO 27001 security certification). This provides greater assurance over the processing of highly sensitive data. At current, Medipass is one of only two vendors that is both ISO 27001 certified for the entirety of services and certified for direct claims processing to Medicare

Ready to integrate with the new Medicare web services while reducing your development effort? Get in touch with the Medipass team today

About Medipass - Medipass is a health payment platform helping software developers and health practitioners deliver a simpler claim and payment experience. Medipass is the official Claim and Payment Partner of the Australian Physiotherapy Association and a Fintech Organisation of the Year finalist at the Finnies 2019.

Sign up to the Medipass newsletter