Abstract
The German compulsory health insurance system will introduce an electronic health card (eHC) in the near future. The eHC is supposed to enable new applications like securely storing electronic health records of patients in a central data center infrastructure so that health professionals can access these data via a common network. In this context, the card management system (CMS) is of special interest since it is used to personalize, issue, and maintain the cards. In this paper, we analyze the functional requirements specification of the CMS in Germany and identify several conflicting and ambiguous requirements. As the most important result, the specification defines technical measures that are insufficient to protect the data and data sovereignty of the patient. We discuss the resulting consequences, which might be helpful to improve the system design before its final deployment.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Gematik. The Specification of the German Electronic Health Card eHC (February 2006), http://www.gematik.de , The English version of the specification is outdated. More recent versions are available in German only
Gematik. Einführung der Gesundheitskarte - Facharchitektur Kartenmanagement eGK, Version 1.6.0 (July 2008), http://www.gematik.de/cms/media/dokumente/release_2_3_4/release_2_3_4_kartenmanagement/gematik_CMS_Facharchitektur_Kartenmanagement_eGK_V1_6_0.pdf
Gematik. Einführung der Gesundheitskarte - Fachkonzept Kartenmanagement eGK, Version 1.3.0 (June 2008), http://www.gematik.de/cms/media/dokumente/release_2_3_4/release_2_3_4_kartenmanagement/gematik_CMS_Fachkonzept_Kartenmanagement_eGK_V1_3_0.pdf
Gematik. Einführung der Gesundheitskarte - Gesamtarchitektur, Version 1.7.0 (August 2009), http://www.gematik.de/cms/media/dokumente/release_4_0_0/GA_ZentraleDienste.zip
German Federal Ministry of Health. Entscheidungsvorlage - Festlegung der Authentisierungs-, Autorisierungs- und Auditmechanismen der Telematikinfrastruktur für die Fachanwendungen, Version 0.9.0 (March 2006)
German Federal Ministry of Health. The Electronic Health Card (October 2006), http://www.bmg.bund.de , Order No. BMG-G-G430EN
Huber, M., Sunyaev, A., Krcmar, H.: Security analysis of the health care telematics infrastructure in germany. In: ICEIS 2008 - Proceedings of the 10th International Conference on Enterprise Information Systems, Barcelona, Spain, June 12-16. ISAS, vol. 2, pp. 144–153 (2008)
Schneier, B.: Applied Cryptography. John Wiley & Sons, Chichester (1996)
Sunyaev, A., Kaletsch, A., Mauro, C., Krcmar, H.: Security analysis of the german electronic health card’s peripheral parts. In: ICEIS 2009 - Proceedings of the 11th International Conference on Enterprise Information Systems, Milan, Italy, May 6-10. ISAS, pp. 19–26 (2009)
Sunyaev, A., Leimeister, J.M., Krcmar, H.: Open security issues in german healthcare telematics. In: HEALTHINF 2010 - Proceedings of the 3rd International Conference on Health Informatics, pp. 187–194. INSTICC (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Winandy, M. (2011). A Note on the Security in the Card Management System of the German E-Health Card. In: Szomszor, M., Kostkova, P. (eds) Electronic Healthcare. eHealth 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 69. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23635-8_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-23635-8_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23634-1
Online ISBN: 978-3-642-23635-8
eBook Packages: Computer ScienceComputer Science (R0)