Consortium Presents Concept for Telematics Infrastructure 2.0

• gematik relies on German Consortium for Detailed Concept for Next Generation of Digital Health Infrastructure
• Bundesdruckerei Group, CompuGroup Medical Germany and Fraunhofer AISEC Draft Comprehensive Architecture Proposal
• TI 2.0 to Become Considerably More User-Centric, Mobile and Robust with Zero Trust Security Architecture  

Berlin, 1 September 2023 – Digitalisation in the health care sector is about to take a technological leap: There are plans to make its core, the telematics infrastructure, considerably more user-centric, mobile, robust and economical. To this end, the National Agency for Digital Medicine, gematik GmbH, has been working on the technological transformation of the underlying IT architecture since 2020. It enlisted five knowledge partners from the German industry and research environment last year for this complex task. The consortium consisting of genua GmbH as consortium leader, Bundesdruckerei GmbH and D-Trust GmbH (all three companies belong to Bundesdruckerei Gruppe GmbH) along with CompuGroup Medical Deutschland AG and the Fraunhofer Institute for Applied and Integrated Security (AISEC) was awarded the contract to draft the detailed concept. The results are now available.

Special Zero Trust Architecture for the Health Sector

The particular challenge in creating a future architecture for TI 2.0 was the following: For the first time, a user-friendly and robust access architecture based on the “zero trust” IT security paradigm that would meet the special requirements of the modern health care system and the high demands regarding the protection of personal data and data sovereignty had to be designed for 200,000 service providers and 80 million insured persons. The main distinguishing feature from typical zero trust architectures for the enterprise sector is the very high demand for data sovereignty and the protection of user data. As a result, pioneering work had to be done during the project.

160 Pages of Detailed Concept and Proof of Feasibility

Four specific components were implemented in preparation for the new architecture during close collaboration between the consortium and gematik:

• A 160-page detailed concept with a central architecture proposal
• A detailed proof of concept as evidence of technical feasibility
• A 30-page step-by-step migration plan
• A demo showing the power of the zero trust architecture from the user’s perspective

In doing so, the German consortium with its broad range of expertise, led by IT security provider genua together with gematik, covered all the necessary knowledge domains in order to design a future-oriented architecture for TI 2.0.

From TI 1.0 to TI 2.0

In its current form, Telematics Infrastructure (TI 1.0) is operated as a closed network rated as trustworthy with decentralised data processing. Server-side specialist services, such as the electronic patient file (EPF) and the specialist clients at the service providers, like doctors’ practices or physiotherapists, are connected via virtual private networks (VPNs). The critical security functions required for this, such as identities, encryption and signatures, are provided via stationary connectors using hardware.

This architecture is no longer able to adequately meet the requirements for rapid digitalisation of the health care system in terms of high availability and scalability, user-friendly security and location-independent use. For example, service providers are limited by the location of their connector, among other things. This significantly reduces mobility, usability and thus user acceptance.

The zero trust architecture described in the detailed concept presented enables security to be enforced more granularly and flexibly than before, even in mobile and distributed environments. It ensures protection of data even when accessed via the open Internet and private end devices. One way this is implemented is by dynamically checking current information about the user, device and context of the request. The concept factors in all relevant aspects, such as the users’ considerably increased expectations of mobility and ease of use, the utilisation of modern security concepts and contemporary identity management. The zero trust architecture concept therefore allows a good compromise between stringent security requirements and a high level of user-friendliness.

“Thanks to a broad-based team from science and practice as well as user and operator perspectives and in close cooperation with gematik, we were able to reconcile both: the requirements for flexibility, user-friendliness and the use of private mobile devices on the one hand as well as stringent data security and sovereignty on the other”, says Steffen Ullrich, IT expert and zero trust architect at consortium leader genua.

The new architecture improves the flexibility, agility and scalability of the infrastructure, both in operation and in the further development of services, allowing a faster response to new types of threats. The detailed concept follows established zero trust concepts and uses recognised open standards as much as possible to ensure a high degree of future security.

Ultimately, the concept offers opportunities even beyond the scope of TI 2.0: In future, other areas with high data protection and privacy requirements will benefit from the user- and privacy-focused zero trust architecture.

Holm Diening, Chief Security Officer at gematik adds: “The zero trust approach is a central strategic future investment in the basic architecture of the telematics infrastructure and, at the same time, will be the core of a future TI 2.0. Its impact will gradually unfold over the coming years. As this happens, it will be of particular importance to steer and shape this development in a targeted manner.”