Skip to main content
SpringerLink
Log in

A Note on the Security in the Card Management System of the German E-Health Card

  • Conference paper
Book cover Electronic Healthcare (eHealth 2010)

Included in the following conference series:

Abstract

The German compulsory health insurance system will introduce an electronic health card (eHC) in the near future. The eHC is supposed to enable new applications like securely storing electronic health records of patients in a central data center infrastructure so that health professionals can access these data via a common network. In this context, the card management system (CMS) is of special interest since it is used to personalize, issue, and maintain the cards. In this paper, we analyze the functional requirements specification of the CMS in Germany and identify several conflicting and ambiguous requirements. As the most important result, the specification defines technical measures that are insufficient to protect the data and data sovereignty of the patient. We discuss the resulting consequences, which might be helpful to improve the system design before its final deployment.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Gematik. The Specification of the German Electronic Health Card eHC (February 2006), http://www.gematik.de , The English version of the specification is outdated. More recent versions are available in German only

  2. Gematik. Einführung der Gesundheitskarte - Facharchitektur Kartenmanagement eGK, Version 1.6.0 (July 2008), http://www.gematik.de/cms/media/dokumente/release_2_3_4/release_2_3_4_kartenmanagement/gematik_CMS_Facharchitektur_Kartenmanagement_eGK_V1_6_0.pdf

  3. Gematik. Einführung der Gesundheitskarte - Fachkonzept Kartenmanagement eGK, Version 1.3.0 (June 2008), http://www.gematik.de/cms/media/dokumente/release_2_3_4/release_2_3_4_kartenmanagement/gematik_CMS_Fachkonzept_Kartenmanagement_eGK_V1_3_0.pdf

  4. Gematik. Einführung der Gesundheitskarte - Gesamtarchitektur, Version 1.7.0 (August 2009), http://www.gematik.de/cms/media/dokumente/release_4_0_0/GA_ZentraleDienste.zip

  5. German Federal Ministry of Health. Entscheidungsvorlage - Festlegung der Authentisierungs-, Autorisierungs- und Auditmechanismen der Telematikinfrastruktur für die Fachanwendungen, Version 0.9.0 (March 2006)

    Google Scholar 

  6. German Federal Ministry of Health. The Electronic Health Card (October 2006), http://www.bmg.bund.de , Order No. BMG-G-G430EN

  7. Huber, M., Sunyaev, A., Krcmar, H.: Security analysis of the health care telematics infrastructure in germany. In: ICEIS 2008 - Proceedings of the 10th International Conference on Enterprise Information Systems, Barcelona, Spain, June 12-16. ISAS, vol. 2, pp. 144–153 (2008)

    Google Scholar 

  8. Schneier, B.: Applied Cryptography. John Wiley & Sons, Chichester (1996)

    MATH  Google Scholar 

  9. Sunyaev, A., Kaletsch, A., Mauro, C., Krcmar, H.: Security analysis of the german electronic health card’s peripheral parts. In: ICEIS 2009 - Proceedings of the 11th International Conference on Enterprise Information Systems, Milan, Italy, May 6-10. ISAS, pp. 19–26 (2009)

    Google Scholar 

  10. Sunyaev, A., Leimeister, J.M., Krcmar, H.: Open security issues in german healthcare telematics. In: HEALTHINF 2010 - Proceedings of the 3rd International Conference on Health Informatics, pp. 187–194. INSTICC (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany

    Marcel Winandy

Authors
  1. Marcel Winandy
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. City eHealth Research Centre (CeRc), School of Community and Health Sciences, City University, EC1V 0HB, London, UK

    Martin Szomszor  & Patty Kostkova  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Winandy, M. (2011). A Note on the Security in the Card Management System of the German E-Health Card. In: Szomszor, M., Kostkova, P. (eds) Electronic Healthcare. eHealth 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 69. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23635-8_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-23635-8_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-23634-1

  • Online ISBN: 978-3-642-23635-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation