eHealth: Not at the expense of patient safety
November 19, 2019. Munich. In terms of digital health, Germany is lagging far behind compared with international benchmarks. According to a Bertelsmann study, the Germans are penultimate—only Poland digitizes even slower. Experts name different reasons. Among other things, there is a lack of a secure infrastructure able to meet the legal requirements.
When it comes to digitization and eHealth, it’s about more than the electronic health record (EHR). On the one hand, service providers with digital health services are pushing the market while fitness trackers and smartwatches have been making daily life easier for many Germans for a long time now. Their associated health apps collect and use sensitive data, many of which are personally identifiable. On the other hand, providers are often struggling with data protection. Now, the implantation register containing patient data that will be created in Germany in 2020 will be the next huge project for which data protection problems are very likely to arise.
Data protection through technology?
While doctors and pharmacists are subject to confidentiality under section 203 of the German Criminal Code, different rules usually apply to app providers, service providers and server operators. Of course, there are strict laws and requirements for handling personal data, which are regulated mainly in the EU Data Protection Regulation (GDPR) and in the German Federal Data Protection Act. In practice, however, these have often proved to be ineffective because, for example, organizational protective measures (see Art. 32 of the GDPR) such as permissions and role concepts can be circumvented relatively easily. Administrators can usually gain privileged access to the servers and view, manipulate, or steal sensitive information. Already any possible awareness of sensitive information constitutes a breach of secrecy and must therefore be excluded from the outset.
Patient safety through IT security
In order to protect personal data such as patient data from being accessed, manipulated or lost, a purely technical solution is needed that reliably prevents any access, even privileged ones. However, this is representing a big issue for many public and even business clouds since most server infrastructures provide privileged admin access, for example for maintenance or monitoring purposes.
Sealed infrastructures have a different approach: In this case, the organizational protection measures have been completely replaced by technical means that cannot be circumvented or avoided. The servers are hermetically sealed, thus preventing any privileged admin access and making any recognition, theft or manipulation of confidential data just impossible. This does not just apply to administrators, but to all external and internal attackers.
„The German Health Minister Spahn calls for more patient security. In the long term, we will only be able to achieve this through better IT security—and IT security must be based on state-of-the-art technology as required by law,“ says Dr. Hubert Jäger, data protection expert and CTO at uniscon GmbH, a TÜV SÜD subsidiary.
As examples of sealed infrastructures, Jäger includes the sealed cloud of Deutsche Telekom, the ucloud of regio iT, as well as idgard® and the sealed platform of uniscon, a highly secure cloud platform on which applications of sensitive nature can be operated in a secure and legally compliant way.
uniscon — a company of the TÜV SÜD Group
uniscon GmbH is a company of the TÜV SÜD Group. As part of TÜV SÜD’s digitalization strategy, uniscon offers high-security cloud applications and solutions for secure, legally compliant data traffic. TÜV SÜD is one of the world’s leading technical service providers with over 150 years of industry-specific experience and more than 24,000 employees at around 1,000 locations in 54 countries. Within this strong network, uniscon is able to reliably implement large-scale international projects in the IoT and Industry 4.0 sectors with the Sealed Cloud and its products.
Further information on partners and products: www.uniscon.com
uniscon GmbH, Claudia Seidl
80339 Munich (Germany)
Phone: +49 (0)89 / 41 615 988 104
Kafka Kommunikation GmbH & Co KG, Julia Fehrle
Auf der Eierwiese 1
82031 Grünwald (Germany)
Tel. +49 (0) 89 74747058-0
Fax + 49 (0) 89 74747058-20