Data Protection and Security in the Telematics Infrastructure

Patient data is highly sensitive. Protecting it appropriately is not only essential for its security but also for the success and acceptance of the telematics infrastructure in the healthcare sector. Standards for data protection and security for all healthcare data are continually being raised. The next step in development will be the introduction of the “Zero Trust” security architecture as a part of Healthcare Confidential Computing (HCC), which, due to its technical structure, cross-checks and verifies every single action within the telematics infrastructure (TI).

The Legal and Technical Framework of the Telematics Infrastructure

Data protection and data security in the telematics infrastructure for the healthcare sector have two aspects: legal and technical. 

Legal TI Regulations for Data Protection and Security

The legal protection of healthcare data is the responsibility of the state as the legislator. The interests of insured persons always come first. The rules for this are set out in paragraphs 291 a and 291 b of the German Social Code, Book V. The laws are also aligned with the requirements of Article 9 of the EU-wide General Data Protection Regulation (GDPR) regarding the “processing of special categories of personal data”. Since 2020, the Patient Data Protection Act (PDSG) has established more specific requirements. For example, for the electronic patient record (ePA), the PDSG stipulates: “Only patients decide if and how they use the record and to whom they wish to make which data available. They also determine which documents are stored in the EPR (ePA) and which are deleted.”

Technical TI Regulations for Data Protection and Security

Effective data protection is ensured through technological solutions that precisely verify who is granted access to the telematics infrastructure—and to which TI applications. Gematik, the National Digital Medicine Agency, is responsible for always implementing the best possible technological solution, and adheres to Gematik follows the principle of ‘privacy by design’, meaning that data protection is considered from the outset. For this reason, gematik works closely with the Federal Commissioner for Data Protection and Freedom of Information as well as with the Federal Office for Information Security (BSI). The BSI sets the security standards and certifies the conformity assessment bodies, which in turn certify the products and components of the telematics infrastructure. This includes connectors and card terminals as well as the smartcards used for authentication, namely eHPC/ePC for healthcare providers and SMC-B for institutions.

Data Protection and Security in TI 1.0: The VPN Network

Currently, the telematics infrastructure is a closed network. Accessing it requires two-factor authentication. Healthcare institutions—such as practices, clinics, pharmacies, health insurers, or other organisations—and their staff authenticate themselves to the TI using the institutional or practice card SMC-B. Healthcare providers who need permission to modify TI applications, for example to issue e-prescriptions or upload documents to the EPR (ePA), authenticate themselves using the electronic health professional card (eHBA) or the electronic professional card (eBA).

These smartcards are inserted into a card reader, which reads and verifies the cards. After successful verification, a connection to the telematics infrastructure is established via a connector. This Virtual Private Network (VPN) enables the exchange of patient data such as medical letters, test results or medication information. Prescriptions are issued digitally and can be collected from the pharmacy using the electronic health card (eGK). For sick notes (eAUs), printing on paper is also no longer required. Electronic medical letters, e-prescriptions, and sick notes can be legally signed digitally using the qualified electronic signature (QES) of the eHBA. It is also possible to store, verify, and update insured person’s basic data and emergency data using the electronic health card (eGK).

The connector encrypts all transmitted information, which is then decrypted by the recipient’s connector. In addition, health data is generally not stored on internet servers, in order to protect it as effectively as possible from unauthorised access.

Data Protection and Security in TI 2.0: Zero Trust

Telematics Infrastructure 1.0 is followed by the Telematics Infrastructure 2.0. TI 2.0’s goal is to further digitalise healthcare processes and to eliminate the need for hardware such as connectors and smartcards. At the same time, the VPN network will be replaced by a “Zero Trust” security architecture as part of Healthcare Confidential Computing (HCC). The concept of ’Zero Trust’ is based on a specific security mindset: rather than ’trust, but verify’, it follows a ’never trust, always verify’ mindset. With the help of the “Zero Trust” security architecture, the telematics infrastructure in the healthcare sector becomes more robust and user-centric, while simultaneously raising the standard for data security and information security in TI 2.0. This applies in particular to patient data: Here, insured persons retain full data sovereignty.

The “Zero Trust” security architecture offers two major advantages over the VPN network: It enables greater mobility and the gradual elimination of hardware requirements. It ensures the protection of patient data even when accessed via the open internet or private devices. This is made possible by dynamic verification of current information about the user, device, and the context of requests. With its modern identity management, “Zero Trust” information technology combines high security requirements with a high degree of user-friendliness.

Further information

Artikel

Die technischen Komponenten der Telematikinfrastruktur

Das Gesundheitswesen wird zusehends digital. Ganz ohne Hardware kommt die Telematikinfrastruktur (TI) derzeit allerdings noch nicht aus. Die wichtigsten technischen Komponenten im Überblick.

Doctor shows a patient x-ray images on a tablet

Article

Applications in Telematic Infrastructure: All That’s Included in TI

The goal of the telematic infrastructure (TI) is to provide a secure digital network for all participants involved in medical care – including patients. Thanks to the telematic infrastructure, medical information can be exchanged without loss of time or data. In order to achieve this, a range of applications are available for different tasks.

Frequently Asked Questions About Data Protection and Security in the TI

Digitalisation is changing many processes in the healthcare sector. Naturally, this raises questions. Here we answer some of the most frequently asked questions about data protection and security in the telematics infrastructure.

The logic behind the “Zero Trust” security architecture: Trust no one and trust no process. All healthcare providers are verified for every single action within the telematics infrastructure. This allows attacks or irregularities to be detected quickly and security gaps to be promptly closed. As a concept, Zero Trust has existed since 2010. Shortly afterward, the security architecture was deployed by Google, and since then many other companies have followed suit. In the context of healthcare, there are two particular challenges: the especially high level of protection required for patient data and the insured persons’ entitlement to data sovereignty.

The current telematics infrastructure consists of various applications, each of which is accessible to different healthcare providers. Over the coming years, these applications will gradually transition to the “Zero Trust” security architecture. The rollout has already begun and, at the same time, telematics infrastructure 2.0 is introducing other innovations: Healthcare providers and institutions, as well as insured persons, will in future receive digital identities—making smartcards such as eHBA and SMC-B obsolete. These digital identities are key components of the Zero Trust architecture.

The security experts at gematik are in constant communication with service providers and stakeholders. They monitor the TI for anomalies and test the existing emergency response procedures. The gematik Computer Emergency Response Team (CERT) ensures that vulnerabilities and threats are quickly identified and eliminated.

If you notice potential vulnerabilities or security incidents, you can confidentially report them to cert@gematik.de. Upon request, Gematik CERT guarantees confidential handling of the information you provide.