Skip to main content
SpringerLink
Log in

Risk evaluation and security analysis of the clinical area within the German electronic health information system

  • Original Paper
  • Published:
Health and Technology Aims and scope Submit manuscript

Abstract

Germany is currently introducing a nationwide health information infrastructure. This infrastructure connects existing information systems of various service providers and health insurances via a common network. An essential step towards the implementation of this system will be the introduction of an electronic health care smart card (eHC) for patients and a counterpart health professional card (HPC) for care providers. This article provides a risk analysis on the handling of these cards by both patients and physicians from an organizational point of view. On the basis of the information security audit methodology of the Federal Office for Information Security (BSI), the currect security status of German healthcare telematics on the clinical side is evaluated. For this purpose, an appropriate framework specifically designed for the clinical area is first developed and explained in detail. Based on these perceptions it is possible to precisely check the workflows “patient admission”, “accessing emergency data” and “prescription of medicine” for inherent organizational threats. As a result, we proposed appropriate steps to mitigate potential risks and derived valuable hints for future process re-eingineering by the introduction of the new smart cards in hospitals. This article is based on our paper presented at Bled Conference 2011.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. BDSG - Bundesdatenschutzgesetz. Datenschutzrecht. DTV-Beck, München; 2009.

  2. BSI - Bundesamt für Sicherheit in der Informationstechnik. Technische Richtlinie - Komfortsignatur mit dem Heilberufsausweis. Version 2.0. BSI, Bonn; 2007.

  3. BSI - Bundesamt für Sicherheit in der Informationstechnik. BSI-Standard 100-2 IT-Grundschutz Methodology. Version 2.0. BSI, Bonn; 2008.

  4. Dinnie G. The second annual global information security survey. Inf Manag Comput Secur. 1999;7(3):112–20.

    Article  Google Scholar 

  5. Gematik. Ergebnisse des Kommentierungsverfahrens (Fachkonzept Daten für die Notfallversorgung). Version 0.9.0; 2006.

  6. Gematik. Facharchitektur Daten für die Notfallversorgung (NFDM). Version 1.7.0; 2008.

  7. Gematik. Facharchitektur Verordnungsdatenmanagement (VODM). Version 1.5.1; 2008.

  8. Gematik. Fachkonzept Versichertenstammdatenmanagement (VSDM). Version 2.8.1; 2008.

  9. Gematik. Fachkonzept Verordnungsdatenmanagement (VODM). Version 2.6.0; 2008.

  10. Gematik. Übergreifendes Sicherheitskonzept der Telematikinfrastruktur. Version 2.4.0; 2008.

  11. Häber A, et al. Leitfaden für die Einführung der elektronischen Gesundheitskarte im Krankenhaus. Westsächsische Hochschule, Zwickau; 2009.

  12. Huber M, Sunyaev A, Krcmar H. Security analysis of the health care telematics infrastructure in Germany. In: ICEIS 2008 - Proceedings of the tenth international conference on enterprise information systems. Barcelona, Spain; 2008. vol. ISAS-2, pp. 144–53.

  13. ISO/IEC. 27001 - Information technology - Security techniques - Information security management systems - Requirements; 2005.

  14. Jürjens J, Rumm R. Model-based security analysis of the German health card architecture. Methods Inf Med. 2008;47:409–16.

    Google Scholar 

  15. Kuckein C, Schermann M, Sunyaev A, Krcmar H. An exploratory study on physicians’ diligence when dealing with patient data. In: Proceedings of the 18th European conference on information systems; 2010.

  16. Sunyaev A, Göttlinger S, Mauro C, Leimeister JM, Krcmar H. Analysis of the applications of the electronic health card in Germany. In: Proceedings of Wirtschaftsinformatik; 2009. pp. 749–58.

  17. Sunyaev A, Kaletsch A, Mauro C, Krcmar H. Security analysis of the German electronic health card’s peripheral parts. In: Proceedings of the 11th international conference on enterprise information systems (ICEIS 2009); 2009. pp. 19–26.

  18. Sunyaev A, Leimeister JM, Krcmar H. Open security issues in German healthcare telematics. In: Proceedings of the third international conference on health informatics (HealthInf 2010). Valencia, Spain; 20–23 Jan 2010. pp. 187–94.

  19. Sunyaev A, Kaletsch A, Duennebeil S, Krcmar H. Attack scenarios for possible misuse of peripheral parts in the German health information infrastructure. In: Proceedings of the 12th international conference on enterprise information systems (ICEIS 2010). Funchal, Madeira, Portugal, 8–12 June 2010. Volume DISI, pp. 229–35.

Download references

Author information

Authors and Affiliations

  1. Faculty of Management, Economics and Social Sciences, University of Cologne, Albertus-Magnus-Platz, 50923, Cologne, Germany

    Ali Sunyaev

  2. Faculty of Computer Science, University of Vienna, Dr.-Karl-Lueger-Ring 1, 1010, Vienna, Austria

    Johannes Pflug

Authors
  1. Ali Sunyaev
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Johannes Pflug
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali Sunyaev.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Sunyaev, A., Pflug, J. Risk evaluation and security analysis of the clinical area within the German electronic health information system. Health Technol. 2, 123–135 (2012). https://doi.org/10.1007/s12553-012-0016-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12553-012-0016-5

Keywords

Search

Navigation