A Note on the Security in the Card Management System of the German E-Health Card

  • Marcel Winandy
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 69)


The German compulsory health insurance system will introduce an electronic health card (eHC) in the near future. The eHC is supposed to enable new applications like securely storing electronic health records of patients in a central data center infrastructure so that health professionals can access these data via a common network. In this context, the card management system (CMS) is of special interest since it is used to personalize, issue, and maintain the cards. In this paper, we analyze the functional requirements specification of the CMS in Germany and identify several conflicting and ambiguous requirements. As the most important result, the specification defines technical measures that are insufficient to protect the data and data sovereignty of the patient. We discuss the resulting consequences, which might be helpful to improve the system design before its final deployment.


Electronic health card card management system security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Gematik. The Specification of the German Electronic Health Card eHC (February 2006),, The English version of the specification is outdated. More recent versions are available in German only
  2. 2.
    Gematik. Einführung der Gesundheitskarte - Facharchitektur Kartenmanagement eGK, Version 1.6.0 (July 2008),
  3. 3.
    Gematik. Einführung der Gesundheitskarte - Fachkonzept Kartenmanagement eGK, Version 1.3.0 (June 2008),
  4. 4.
    Gematik. Einführung der Gesundheitskarte - Gesamtarchitektur, Version 1.7.0 (August 2009),
  5. 5.
    German Federal Ministry of Health. Entscheidungsvorlage - Festlegung der Authentisierungs-, Autorisierungs- und Auditmechanismen der Telematikinfrastruktur für die Fachanwendungen, Version 0.9.0 (March 2006)Google Scholar
  6. 6.
    German Federal Ministry of Health. The Electronic Health Card (October 2006),, Order No. BMG-G-G430EN
  7. 7.
    Huber, M., Sunyaev, A., Krcmar, H.: Security analysis of the health care telematics infrastructure in germany. In: ICEIS 2008 - Proceedings of the 10th International Conference on Enterprise Information Systems, Barcelona, Spain, June 12-16. ISAS, vol. 2, pp. 144–153 (2008)Google Scholar
  8. 8.
    Schneier, B.: Applied Cryptography. John Wiley & Sons, Chichester (1996)zbMATHGoogle Scholar
  9. 9.
    Sunyaev, A., Kaletsch, A., Mauro, C., Krcmar, H.: Security analysis of the german electronic health card’s peripheral parts. In: ICEIS 2009 - Proceedings of the 11th International Conference on Enterprise Information Systems, Milan, Italy, May 6-10. ISAS, pp. 19–26 (2009)Google Scholar
  10. 10.
    Sunyaev, A., Leimeister, J.M., Krcmar, H.: Open security issues in german healthcare telematics. In: HEALTHINF 2010 - Proceedings of the 3rd International Conference on Health Informatics, pp. 187–194. INSTICC (2010)Google Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2011

Authors and Affiliations

  • Marcel Winandy
    • 1
  1. 1.Horst Görtz Institute for IT SecurityRuhr-University BochumGermany

Personalised recommendations