Digitization in the healthcare sector is advancing inexorably. New digital solutions, such as the electronic patient record (ePA), the e-prescription, electronic certificates documenting incapacity to work (eAU), and the digital vaccination certificate, are increasingly replacing their analog equivalents. The smartphone is developing into a centralized health hub providing an interface to doctors, health insurance companies, and hospitals. This far-reaching transformation is enabling immense increases in efficiency: critical health data is available at all times, allowing unnecessary multiple diagnoses and examinations to be avoided when changing doctors or hospitals.
In addition to concrete added value, the basic prerequisite for user acceptance and thus the success of the new e-health solutions is above all trust in the technology. The German Federal Ministry of Health (BMG) wants to strengthen this by imposing strict data protection requirements. The protection of critical patient data is one of the guiding principles of all digital medical solutions and requires IT security at the highest level. For this reason, the German Hospital Future Act (KHZG) ties funding for hospitals to investments in IT security.
E-health: the critical significance of web portals
Coping with demand and external attacks: challenges for digital infrastructure
Possible consequences of cyber attacks on e-health solutions and telematics:
- Delayed transfer of critical emergency data
- Difficulty prescribing medication in emergency situations
- Superfluous multiple examinations
- Delayed treatment
- Patients do not have access to their own health data
- Fines for data breaches & data leaks
Data protection hurdles when choosing a service provider
The requirements for data protection and IT security are particularly high for health data and thus also for e-health solutions. This is reflected in Article 9 of the General Data Protection Regulation (GDPR) and the increasingly demanding regulatory requirements of the German Federal Ministry of Health (BMG) and gematik, the Society for Telematics Applications. E-health operators, hospitals, and physicians must therefore address internal data architecture and compliance issues more intensively.
Outsourcing IT security is an efficient alternative to managing costly in-house operations. If desired, Managed Service Providers can handle the implementation, maintenance, and operation of all necessary security solutions. This eliminates the need for additional expenditures on software, hardware, and personnel. Of course, it is important to carefully select a service provider. Partnerships with U.S. providers have been on shaky ground since the suspension of the Privacy Shield agreement for transatlantic data transfers, as the legal basis is lacking and data protection provisions are difficult to implement due to the conflicting positioning of EU and U.S. law. These hurdles can be overcome by choosing local providers who are subject to local jurisdiction and meet the highest data protection requirements.