Telematics Infrastructure: Secure Data Exchange in the Healthcare Sector
published on 4.12.2023
The telematics infrastructure (TI) is the key to digitalising the healthcare system. According to the gematik atlas on telematics infrastructure, patients are looking for “more control over their own health data”. The majority want to have an active say in their treatment and personally manage their own health data digitally.
For healthcare providers, such as medical staff, pharmacists, psychotherapists and medical employees in hospitals, the network is intended to ensure the secure and rapid exchange of medical data, thereby improving the quality of medical care. In short, requirements for the telematics infrastructure (TI) regarding security and transparency are very high, while implementation requires a high level of expertise. The following is an overview of the significance, applications and future developments of the complex TI.
Telematics Infrastructure: Objectives, Laws and Technology
The following example illustrates the importance of the TI: A patient goes to another doctor’s practice – because his own GP is on holiday – in order to get a new prescription for his thyroid medication. However, as the man does not have his current lab results, the doctor cannot issue him a prescription without conducting a new test. While the matter would have been taken care of by his GP within a few minutes, his urgent request cannot be fulfilled due to a lack of access to the necessary patient information.
There are many reasons for this: Due to the fact that they see an average of over 1,000 patients per quarter, doctors often have no time for detailed holiday handovers. Moreover, they cannot simply grant colleagues access to their databases for data protection reasons. Sending countless paper files by post is not an option due to the sheer time and effort involved.
What is the Telematics Infrastructure?
But how can patient information be exchanged between practices? To tackle this complex challenge, the German government founded gematik (Gesellschaft für Telematikanwendungen der Gesundheitskarte, Association for Telematics Health Card Applications) back in 2005. Since then, the agency has been driving digitalisation of the healthcare system by combining telecommunications and IT, or telematics for short. Sec. 291a of Book V of the German Social Security Code (Sec. 291a SGB V) defines the task of setting up the telematics infrastructure. More than ten years later, on 29 December 2015, the German “Act for Secure Communication and Applications in Healthcare”, or E-Health Act for short, established a specific roadmap for this.
Doctor and doctor show on a tablet in a clinic.
Definition and Objective of the Telematics Infrastructure
According to the German Federal Ministry of Health, the purpose of the TI is to “enable secure networking of medical care within Germany”. In other words, it is about the networking of all stakeholders involved in the well-being of patients in Germany, i.e., doctors in practices and clinics, dentists, pharmacies, physiotherapists, midwives and other healthcare professions or healthcare institutions such as health insurance companies. Thanks to the digital infrastructure, they can all exchange patient data with each other without lengthy uploading and downloading processes. The information generated by one service provider is to be stored in the ePA (elektronische Patientenakte, Electronic Patient Record/EPR) and, with the patient’s consent, be accessible to the other service provider and ready for further processing after just a few clicks.
Ideally, this means no follow-up phone calls and no correspondence, with better, more efficient care, as every healthcare provider can familiarise themselves with patients and their medical history in the shortest possible time. Or as the then German Federal Minister of Health Hermann Gröhe put it at eHealth Conference 2014: “Like a network of roads, the purpose of the telematics infrastructure is to interlink everyone involved in the healthcare system so that medical information that is important for treatment can be exchanged quickly, securely and without red tape”.
Overview of the Most Important Laws on Telematics Infrastructure
Telematics Infrastructure: Timetable for the Introduction
By now, many stakeholders in the healthcare sector are already able to connect to the TI. Emergency paramedics have also had the option since October 2023, as will all medical and medical aid providers (e.g., practices for speech therapy, podiatry, dietary assistance, occupational therapy and medical supply stores, opticians, hearing aid acousticians, orthopaedic technicians/shoemakers and dental technicians) starting in 2024. The connection is already mandatory for most institutions and professional groups and is being regulated accordingly. However, various regulations under the DigiG remain subject to change, as the law is still a cabinet draft that is due to go to the German Federal Council for a vote in mid-February 2024:
- Medical and psychotherapy practices, pharmacies and hospitals are already obliged to connect to the TI.
- By 2025, rehabilitation facilities will also have to report sick leave data to health insurance funds via the TI (Sec. 301 (4a) SGB V).
- Home (according to the DigiG) and inpatient (according to the PUEG) care must be connected to the TI by 1 July 2025.
- Providers of healthcare and medical aids must connect to the TI by 1 January 2026 according to the DigiG.
- Providers of sociotherapy services must connect by 1 April 2027 (according to the DigiG).
Applications and Areas of Application of the TI
Whether obliged to be or not, anyone who is connected to the telematics infrastructure will benefit from a variety of digital applications that legislators have defined in greater detail in the E-Health Act.
Insured Person Master Data Management (Versichertenstammdatenmanagement – VSDM)
The first of these applications was Insured Person Master Data Management (VSDM). This involves synchronising the data on the electronic health card (eHC), which raises the following questions: Is the card still valid? Is the insured person really insured with the health insurance company? Has the data or health insurance changed? Thanks to VSDM, responses are provided within seconds – including possible data updates.
Electronic Medication Plan (eMP)
The electronic medication plan (eMP) lists all medicinal products that have been prescribed to a patient and that are being taken. This makes it much easier for the doctor in the above-stated example to issue a new prescription to a colleague’s thyroid patient. Since allergies and intolerances are also stored in the electronic medication plan, healthcare professionals can avoid products that will cause contraindications and interactions when prescribing medication. The eMP is currently stored on the insured person’s electronic health card (eHC). With the introduction of the electronic patient file (ePA) for everyone, as specified in the DigiG, it is to be transferred over to this. It needs to be completed by the attending doctor and continuously updated by doctors and pharmacists.
Emergency Data Management (EDM)
An application related to the eMP is emergency data management (EDM): Doctors store patient information in a data record on the eHC, which may well be crucial in emergencies: For example, in addition to the allergies and intolerances already recorded in the medication plan, this includes important contact details and information about chronic illnesses, potential pregnancies or implants.
eDoctor’s letter, eCertificate of Incapacity for Work and Communications in the Medical Sector
While the electronic medication plan (eMP) and emergency data management (EDM) are already hallmarks of progress, the telematics infrastructure offers much more: Now, the doctor's letter has had the characteristic “e” added to the beginning of the word as well, and it can be sent digitally and highly securely via the TI service “Communications in the medical sector” (Kommunikation im Medizinwesen – KIM). And since 1 October 2021, patients no longer have to send a certificate of incapacity for work to their health insurance company by post. This is now done by the treating physicians with an electronic certificate of incapacity for work (elektronische Arbeitsunfähigkeitsbescheinigung – eAU) via the TI. After some delays, insured persons have also been able to use their electronic health card to redeem electronic prescriptions in pharmacies since July 2023. At the beginning of 2024, use of this TI application will become the new standard.
Video Consultation with TI Messenger and eID
The German Digital Supply and Care Modernisation Act (Digitale-Versorgung-und-Pflege-Modernisierungs-Gesetz – DVPMG) has created a way to network securely and particularly quickly with other healthcare professionals: TI Messenger (TIM), which is due to be launched in 2023. With TIM, it will be possible for a specialist to contact a patient’s GP or any other service provider by text message to clarify treatment-related questions and, in future, to securely exchange images or documents. Communication is end-to-end encrypted and therefore highly secure. The goal is for TIM to also be available to patients themselves as early as 2024: They will then be able to use the eID function of their ID card to verify their identity for a video consultation, for example.
Basis for Success: the ePA as a Key TI Application
The prerequisite for a video consultation is for the Messenger to be integrated into what is probably the most important application of the telematics infrastructure: the electronic patient file (ePA). Statutory health insurance providers were required to offer their policyholders the ePA by 2021. By mid-2023, only 700,000 electronic patient files were in circulation; with around 73 million people with statutory health insurance, this corresponds to just under one per cent. The German government wants 80 per cent of them to have an ePA by 2025.
The doctors are sitting at the table looking at a tablet.
The ePA as a Central Source of Information
The ePA creates a central storage location where all patient information – and therefore a large portion of other TI applications – converge. Diagnoses, laboratory values, MRI scans, electronic doctor’s letters, the electronic medication plan and the emergency data record can be accessed directly here by healthcare providers, as can the electronic versions of the immunisation and maternity health passports as well as the electronic children’s examination booklet (eE booklet). The only requirement: The insured person, who has access to their ePA at all times via the insurance app, must consent to data transfer and access by the individual service providers.
Opt-Out Regulation as a Booster for the ePA?
With the adoption of the draft of the Digital Act (DigiG) by the German Federal Cabinet, an electronic patient file (ePa) is to be created for all people with statutory health insurance starting in 2025. Insured persons will no longer have to explicitly ask their health insurance company for this. An opt-out regulation now applies instead. This means that insured persons will need to actively lodge an objection if they wish to do without the ePA. This approach will promote the spread of the ePA. In Austria, for example, where such an objection solution is in place, 97 per cent of insured persons have the ELGA, the counterpart to the ePA there. According to a survey conducted by the Bertelsmann Foundation and the Münch Foundation in 2023, the electronic patient file also promises to be a success in Germany. Around three quarters of those surveyed stated that they wanted to use it. However, there are also concerns: Nearly half of the study participants recognise the risk of misuse of stored health data.
Data Protection and Security in the Telematics Infrastructure
Data protection and security issues have been taken into account right from the initial idea for the TI. After all, patient data is a highly sensitive commodity. This is why the legislators have taken comprehensive legal precautions, while gematik provides the technical framework for data protection and security.
The statutory regulations are set out in Sec. 291a and 291b SGB V. Article 9 of the GDPR also applies to the “processing of special categories of personal data”. According to the protection level model of the state data protection commissioners, protection level E – the highest of its kind – applies to data transmission in the TI, to “data whose misuse could jeopardise the health, life or freedom of the data subject”. In comparison, the protection level for the transmission of account information is two classes below this: category C. The German Patient Data Protection Act (Patientendaten-Schutz-Gesetz – PDSG), also known as the “Act on the Protection of Electronic Patient Data in the Telematics Infrastructure”, also stipulated further requirements in 2020.
Person stands in front of a server with a laptop.
Patients Retain Data Sovereignty in the TI
The PDSG also contains clear regulations on the ePA as the central TI application. For example, the German National Association of Statutory Health Insurance Physicians (Kassenärztliche Bundesvereinigung) states the following on its website: “The ePA is a patient-managed record. This means that only the patients decide whether and how they want to use the file and to whom they want to make which data available. They also determine which documents are saved in the ePA and which are deleted.” You can even delete data directly yourself. “The health insurance companies only have access to the billing data, but no access to the medical data in the electronic patient file”, stresses German Federal Health Minister Karl Lauterbach in an interview with Funke Mediengruppe. "And that’s the way things will stay.” While it is the health insurance funds that provide their policyholders with an ePA via an app, the information stored here remains encrypted for them. This approach is intended to allay fears of the much-cited transparent patient, whose health problems ultimately trigger problems of an insurance nature.
Insured persons assign temporary authorisations to allow service providers to access the ePA and make updates there. This can happen in two ways: First, they can store them in the ePA app – via a device registered with the health insurance company, such as a smartphone with the health insurance app installed. Second, they can grant access or processing authorisation on site at a practice by entering a personal eHC PIN. In both cases, service providers must authenticate themselves with their electronic health professional card (elektronischer Heilberufsausweis – eHBA).
Technical Measures for Data Protection in the Telematics Infrastructure
One thing this example of authentication clearly indicates is: The technological solutions that secure service providers’ access to the telematics infrastructure promise to ensure effective data protection. The principle of “privacy by design” currently applies to all applications, services and the necessary hardware. Data protection should therefore be taken into account right from the outset. gematik is working together closely with the German Federal Commissioner for Data Protection and Freedom of Information (BfDI) and the German Federal Office for Information Security (BSI) in developing the specifications. The BSI is involved in both the testing and authorisation process. In particular, this applies to components such as the connector, the SMC-B card, which functions as an electronic practice ID card, and the electronic health professional card (eHBA). There will be other changes to increase security even more once the Digital Act (DigiG) takes effect.
The Technical Components of the Telematics Infrastructure
Basically, all technology investments for connection to the telematics infrastructure are for the purpose of data protection and data security. Every hardware component and service is part of a sophisticated security architecture.
Overview of the Components of the Telematics Infrastructure
Secure Access to the TI with the TI Connector and VPN Access Service
When designing the TI, gematik paid particular attention to the issue of network security. It is therefore not possible for anyone in the healthcare sector to gain access to the TI using a standard Wi-Fi connection. A “TI connector” was introduced for this reason. While the hardware looks similar to a router, it belongs to a different security class regarding cyber security. The number of TI connector models available on the market is limited, as each model requires certification by the German Federal Office for Information Security (BSI) in addition to approval by gematik. For security reasons, the service life of the connectors is limited to five years as well. The connectors will become obsolete once the highly secure zero trust architecture of the planned Telematics Infrastructure 2.0 is launched.
The connector currently connects practices, clinics, pharmacies and other healthcare facilities to the TI via a VPN access service. This means that the software of the respective facility communicates with the telematics infrastructure via an encrypted virtual private network (VPN), which is why all communication remains shielded from the Internet.
At the workplace, the connector is connected to the practice, pharmacy or hospital management system in order to securely transmit patient information from there to TI applications. Moreover, “eHealth” card terminals are also linked to the high-performance router. For example, when the electronic health card is read by the reader, the connector triggers the Insured Person Master Data Management System (VSDM).
Identification in the Telematics Infrastructure
The card terminals connected to the TI fulfil another essential data security function: They ensure that only those who are actually working for patient health are able to connect to the TI data highway via VPN. Access requires secure authentication, and two chip cards are needed for this. The better known of these is the electronic health professional card (eHBA), with which a natural person confirms their professional affiliation: For example, a dentist uses the eHBA to prove that he or she is actually licensed, while a midwife proves her identity as a state-recognised specialist. In addition to its function as proof of identity, the eHBA enables users to process and digitally sign important applications of the telematics infrastructure – from the eAU and ePrescription to the electronic patient file and the Electronic Application and Authorisation Procedure (Elektronisches Beantragungs- und Genehmigungsverfahren – EBZ), which has been mandatory for dental practices since the beginning of 2023.
QES: Electronic Signature Guarantees Legal Validity
The key to these functions is the qualified electronic signature (QES) on the eHBA. Its legal effect is 100 per cent equivalent to a handwritten signature and guarantees fully digital prescription as well as documentation processes. Other functions of the eHBA include the encryption and decryption of medical data as well as secure access to eHC information.
Institution and Practice ID Card (SMC-B)
The institution and practice ID card, the second proof of identity, can only be applied for with at least one eHBA from an authorised signatory: With the SMC-B (Security Module Card – Type B), as the institution and practice ID card is also called, the medical institution authenticates its identity vis-à-vis the telematics infrastructure, thereby making its applications usable. It also encrypts messages that institutions exchange via KIM (communications in the medical sector). The card is therefore known as a practice ID card for doctors and dentists as well as for providers of therapeutic products. For pharmacies, clinics and other organisations, the SMC-B is called the institution ID card.
Additional security is involved in the application process for the eHBA and the SMC-B. There are only a few certified providers offering the production and ordering process, including identity verification. Depending on the professional group, the cards are issued by the associations of statutory health insurance physicians and dentists, the state chambers of pharmacies, gematik or the newly created electronic healthcare professional register (elektronisches Gesundheitsberuferegister – eGBR). Deutsche Krankenhaus TrustCenter und Informationsverarbeitung GmbH (DKTIG) issues the cards for hospitals and rehabilitation facilities. The application for and production of the ID cards is handled by certified providers such as D-Trust GmbH, a company of the Bundesdruckerei Group.
Financing and Lump Sum Reimbursements for the Telematics Infrastructure
In order to keep investments in the secure TI connection at a manageable level, the various organisations representing the interests of service providers – including the National Association of Statutory Health Insurance Physicians (KBV), the German Hospital Federation (DKG) and the German Pharmacists’ Association (DAV) – conclude financing agreements with the National Association of Statutory Health Insurance Funds (GKV-Spitzenverband). These agreements provide for various one-off or ongoing monthly lump sum reimbursements for TI equipment at the respective service providers.
People sitting at a table with a laptop.
Lump Sum Reimbursement and Additional Operating Costs
The example of doctors and psychotherapists shows that essentially all TI costs are refinanced by the GKV. For example, the financing agreement of July 2022 covered the costs for initial equipping with connectors and eHC card terminals, for connecting to the VPN access service and even for customising the practice’s own software. There was a one-off reimbursement for each device regarding the mobile card terminals for the two ID cards. There was also one payment per quarter for the SMC-B, the eHBA and for maintaining and updating individual components. For comparison: Pharmacies negotiated a one-off lump sum operating fee for the SMC-B and eHBA for a period of five years, which is the length of time long the certificates on the cards are valid.
Lump Sums for the Changeover to eMP, EDM, ePA and ePrescription
The electronic medication plan, emergency data management, ePrescription and ePA required various hardware updates and customisations. Practices received additional one-off lump sums in return. An operating cost surcharge was also added per application in each quarter. The health insurance funds also made a one-off reimbursement payment for the KIM (communications in the medical sector) service and a lump sum payment for ongoing operating costs.
New TI Lump Sums for Practices from July 2023
Since medical and psychotherapy practices were supposed to already be fully connected to the TI, the new financing agreement of July 2023 only provides for a monthly lump sum. The basis for this is the German Hospital Nursing Relief Act (Krankenhauspflegeentlastungsgesetz – KHPflEG). The three possible lump sum models vary depending on the dates of the initial equipment and the most recent connector replacement. One example:
- Monthly TI lump sum 1 assumes that no initial equipment has yet been installed in the practice and is therefore the highest.
- TI lump sum 2 applies to initial equipment after 2020. After 30 months, the practices receive lump sum 1.
- TI lump sum 3 – the second-highest TI lump sum – assumes that the connector will be replaced after 2020. It is also replaced by the first lump sum after 30 months.
The prerequisite for the lump sum reimbursements is the installation of specified TI applications. If one of them is missing in the practices, the payment will be reduced by 50 per cent. If at least two applications are not installed, the lump sum reimbursements will be forfeited completely.
Telematics Infrastructure in 2023: En Route to TI 2.0
Healthcare organisations that do not provide medical services and therefore only have limited access to data can also connect to the TI. Health insurance funds, chambers and associations of statutory health insurance physicians and dentists use the SMC-B ORG institutional ID card for this purpose. In addition, they have recently been offered an alternative that dispenses with the letter C – for card – in the name. Referred to as an institutional certificate, the SM-B ORG creates a completely hardware-independent option for accessing the telematics infrastructure and the eHC. The identification process here is purely digital.
Digital Identities as Tickets to TI 2.0
The SM-B facility certificates thus offer a foretaste of what gematik calls Telematics Infrastructure 2.0. One of the cornerstones of this “arena for digital medicine” will be digital identities, which service providers are required to receive in accordance with DigiG. As early as 2025, they will be able to connect to the TI without cards or terminals, such as via the PVS system, a smartphone or a tablet. The doctor will use it to authenticate his/her identity in the telematics infrastructure and would then also be able to issue electronic prescriptions during a home visit via a remote signature or offer video consultations from his/her private office.
The connector is to be replaced by a TI gateway, which is currently scheduled to be launched in spring 2024. This access service links with a high-speed connector, which is located in a highly secure data centre that in turn establishes the VPN. This also has another practical advantage for service providers alongside greater speed and reduced technology requirements: They will have less direct responsibility because the gateway will be managed by specialised providers. However, the introduction of digital identities and a TI gateway does not mean that eHBA, SMC-B and connectors will no longer be valid. They will continue to provide access to the telematics infrastructure, but the new technology will give them an equivalent digital backup.
TI 2.0: More Security and Better Interoperability
This planned virtualisation will not be at the expense of security. On the contrary: According to gematik, a “modern security architecture” will be one of the main pillars of TI 2.0. Zero trust networking is at the heart of this. “Each connection is secured end-to-end, and both sides of each connection must authenticate each other”, gematik writes in a press release.
In 2022, gematik commissioned five knowledge partners in German industry and research to draft the detailed concept for the complex TI 2.0, including three companies from the Bundesdruckerei Group. The consortium has already presented its detailed concept, including a central architectural proposal. Further information can be found in a press release from the Bundesdruckerei Group.
The zero trust architecture developed for this purpose will guarantee that health data is protected even when accessed via the open Internet and private end devices. It also improves flexibility, agility and scalability, allowing for faster responses to new types of threats.
The next stage of the telematics infrastructure will also give interoperability an additional boost. In future, the Fast Healthcare Interoperability Resources (FHIR) communication standard will be used for TI data and interfaces. Thanks to FHIR, data from different systems will also speak the same language in the electronic patient file. The impact of this will extend far beyond the borders of Germany: In March 2023, the European Commission’s eHealth Network agreed that FHIR is to become the standard across Europe to ensure the compatibility of health data. “This is an important milestone on the way to greater interoperability in the healthcare sector in Germany and Europe”, said Sebastian Zilch in a LinkedIn post. Zilch heads the sub-department for gematik, telematics infrastructure and eHealth at the German Federal Ministry of Health (BMG).
With the planned German Health Data Utilisation Act (Gesundheitsdatennutzungsgesetz – GDNG), new ways of using health data for public welfare purposes are also being planned. This will enable data to be transferred from the electronic patient file to the Health Research Data Centre (FDZ). An opt-out procedure for releasing data from the electronic patient file will be introduced for this purpose. The health data itself will be transmitted to FDZ via a secure connection in a secure environment – yet, according to the German Federal Ministry of Health (BMG), the researchers there will only receive it in anonymised and aggregated form.
Summary: Digitalisation of the Healthcare Sector Picking Up Speed
After a slow start, digitalisation of the German healthcare system is clearly gaining speed with new laws and measures relating to the TI: With the ePa for all, the ePrescription, TI 2.0 and co., the processes are being optimised, thereby increasing the quality of care for patients and making the work of service providers easier at the same time.
Everyone involved benefits from a faster and more secure exchange of health data: Waiting times and unnecessary diagnostic tests have been reduced, diagnoses can be made more quickly and treatment efficiency has increased. Medical staff and therapists also receive a comprehensive picture of the patient’s medical history, making it easier to choose the best possible treatment approach.
Insured persons are given greater transparency. They can access their own health data in the TI, control access to their data and have a more active say in their treatment. Many people will also appreciate the greater convenience and time savings at the doctor’s practice. In future, the TI will make yet another step forward possible here as well: Secure video consultations with the doctor will further facilitate access to medical care, something that will be particularly important in rural areas where there is a lack of medical staff.
Frequently Asked Questions about the Telematics Infrastructure
The telematics infrastructure networks those involved in the healthcare system, allowing them to exchange medical information with each other more easily. Thanks to various healthcare applications, the intent of “data highway of healthcare” is to improve patient care.
The purpose of the telematics infrastructure is to make important patient information more readily available by allowing service providers to access it quickly using digital applications such as the electronic patient file. The TI is also designed to streamline processes in practices and clinics.
Only authorised stakeholders can access the TI and its applications: doctors, dentists, psychotherapists, providers of remedies and medical aids, pharmacies, hospitals and health insurance companies. Access requires a secure VPN. In addition, the stakeholders must verify their identify using an eHBA or SMC-B.
The focus of TI 2.0 – in addition to even greater protection of health data based on “zero trust networking” – is on user-friendliness. With TI 2.0, healthcare applications are available more quickly, are universally accessible and can be managed flexibly via numerous end devices.
Further information can be found on the gematik website.
Doctors, dentists, psychotherapists, pharmacists and hospitals in the GKV (statutory health insurance) context must already be connected to the telematics infrastructure. For outpatient and inpatient care, the connection will be mandatory by July 2025. Healthcare providers will need to connect by 2026.
Responsible for operating the TI is gematik GmbH, founded in 2005 by the leading organisations of the German healthcare system. The current shareholders of this National Agency for Digital Medicine are the Federal Ministry of Health (BMG), the German Medical Association (BÄK), the German Dental Association (BZÄK), the German Pharmacists’ Association (DAV), the German Hospital Federation (DKG), the National Association of Statutory Health Insurance Funds (GKV-SV), the National Association of Statutory Health Insurance Physicians (KBV), the National Association of Statutory Health Insurance Dentists (KZBV) and the Association of Private Health Insurers (PKV). A draft law on the reorganisation of gematik into a digital agency is expected soon.
