[Impressum]
[E-Mail]
The German Electronic Health Card (EGK)
The German electronic Health Card is a complex application with many functionalities.
The application was planned to be introduced in Germany in 2006. The
introduction was delayed because of reasons like open questions
concerning the secrecy of patient data, total costs as well as missing
encouragement of the doctors. Until the end of year 2012 fifty percent
of the insured persons must have an electronic health card. However,
this first version of the card stores the same personal data that is
also available on the current card. More functionality is not supported yet.
In the SecureMDD project the electronic health card was considered as case study. Most of the protocols that were developed by gematik
(the association that is responsible for the EGK) are obsolete at the
moment. For this reason we decided to design our own protocols instead
of using those developed by gematik.
This case study is much larger and more complex than other case studies
we have investigated. For example, there are much more people and
components that are participating in the protocols (e.g. doctors,
pharmacists, patients, health cards, Heilberufsausweise (smartcards
that are used to authenticate a doctor / pharmacist), the health cards,
..). Moreover, the electronic health card offers a lot of functionality
and the protocols themselves are more complex than the ones of our
other case studies.
The modeled electronic health card applications supports the following functionality:
- a doctor is able to create a prescreption, sign it with its Heilberufsausweis and store it in the health card of the patient
- a doctor is able to enter the Notfalldaten (i.e. data that is
needed in case of emergency, e.g. intolerances, diabetes) of a patient
and store them on the patients health card
- an emergency doctor is able to read the Notfalldaten
- a pharmacist is able to validate a prescription that is stored on a patients health card and fill the prescription afterwards.
- a patient is able to read the personal data which is stored on the card (e.g. name and address, Notfalldaten)
- a patient is able to read the prescriptions that are currently stored on the card
- a patient is able to remove his Notfalldaten from the card because the storage of the Notfalldaten is optional.
- a
health insurance company is able to compare the personal data
of a patient (e.g. name and address) that is stored on a health card
with the data stored at the insurance company and update the data if
necessary.
Some security issues of the application are sketched in the following:
- every electronic health card has a certificate that is issued by
a trusted third party. The certificate stores, among other data, the
public key of the card.
- every patient has a personal PIN that has to remain secret and is used to authenticate the patient (against his health card).
- every
doctor and pharmacist has a Heilberufsausweis. This smartcard is used
to authenticate a doctor resp. pharmacist. Each Heilberufsausweis has
a certificate that is issued by a trusted third party. The certificate
stores, among other data, the public key of the Heilberufsausweis as
well as a flag that denotes if the Heilberufsausweis belongs to a
doctor or a pharmacist.
- every doctor and pharmacist has a
personal PIN that is used to authenticate the doctor / pharmacists
(against the Heilberufsausweis)
- Before being able to execute the functionality of the health card application, three steps have to be done:
- Authentication of the participating health card and Heilberufsausweis
- Entering the PIN numbers of the patient and the doctor / pharmacist
- Generating and exchanging a symmetric session key
Begin the walkthrough
Jump to selected documents