Tag Archive for: Gematik

SRC provides expert opinion for Gematik's E-Rezept

SRC provides expert opinion on e‑prescription for gematik

IT security plays a special role in the digital­i­sation of the healthcare system. In the context of the intro­duction of the electronic prescription (e‑prescription) for which gematik is respon­sible, the security of all compo­nents will be tested by independent experts approved by gematik.
The intro­duction of the e‑prescription and the e‑prescription app started on 1 July 2021. By then, data security for patients, doctors and pharma­cists had to be ensured. In order to check the security of these appli­ca­tions in their daily work, gematik, with the approval of the Federal Office for Infor­mation Security, commis­sioned several expert opinions to test the appli­ca­tions. Some of these expert opinions were prepared by the experts of the SRC. The result: Nothing stands in the way of a controlled commis­sioning into production operation. The appli­ca­tions can be integrated into the telem­atics infra­structure (TI).

The prereq­uisite for the test phase that now follows is the security assessment, in which the SRC assessors were involved for two compo­nents. SRC employees have been accredited as experts by gematik since 2014 and have assessed the identity provider service of RISE as well as the specialist service e‑prescription of IBM. gematik published the summary of the expert reports prepared by the SRC experts on its website on 1 July 2021.

In the test phase that has just started, the e‑prescription is now being tested in everyday practice in the model region of Berlin-Brandenburg. Here, practical findings on the inter­action of all compo­nents involved in the e‑prescription are to be collected first. The nationwide intro­duction of the e‑prescription is being prepared for the 4th quarter of 2021.

Every person with statutory health insurance can use their NFC-enabled electronic health card (eGK) with the corre­sponding PIN for the e‑prescription. The eGK is issued as standard by the statutory health insurance funds to their insured persons.
From 2022, the e‑prescription will be oblig­atory for all those insured by the statutory health insurers, but private health insurers have already made clear their interest in partic­i­pating in the e‑prescription. For the time being, private health insurers can decide volun­tarily whether to issue the eGK to their insured.
“The intro­duction of the e‑prescription and the associated app is undoubtedly a milestone for the digital­i­sation of the German health system. At SRC, we are a little proud to have contributed to securing this solution with our work,” says Randolf Skerka, Head of IS Management at SRC.
“This assessment was charac­terised by smooth and intensive coordi­nation with the manufac­turers RISE and IBM as well as gematik. Only in this way was it possible to ensure the high quality in the short time available,” says Dr. Jens Putzka on behalf of all colleagues involved at SRC.

IT security in the health sector: Regulation is necessary and overdue

IT security in the health sector: Regulation is necessary and overdue

Open inter­faces, outdated technology and different interests: IT security in the health sector is a complex topic, after all it is about the needs and safety of the patient. A major problem is the lack of regulation on the part of author­ities such as the Federal Institute for Drugs and Medical Technology and the Federal Office for Infor­mation Security — currently there are only recom­men­da­tions but no binding guidelines.

The Federal Office for Infor­mation Security (BSI), the Federal Institute for Drugs and Medical Devices (BfArM) and gematik are the competent author­ities for IT security of medical devices in Germany. It must be ensured that unautho­rised persons cannot use the IT in medical devices and systems against the patient and that compo­nents and systems are only open to autho­rised persons. Companies special­ising in IT security, such as SRC Security Research & Consulting GmbH from Bonn, can help here. Regulation is necessary to create security standards — although a sense of proportion is needed here. Because over-regulation can also cause damage.

Under the title “IT Security in the Healthcare Sector: Regulation is necessary and overdue” (german), the magazine “all about security” gave Randolf-Heiko Skerka, Head of IS Management at SRC Security Research & Consulting GmbH, the oppor­tunity to comment comprehensively.

If you are inter­ested, we would be pleased to hear from you.

Tag Archive for: Gematik