The healthcare applications platform is on the verge of adopting a new security framework. The primary goal is to streamline data exchange among all involved parties and enhance access to specialized services. In collaboration with Bundesdruckerei, CompuGroup Medical, D-Trust GmbH, and genua GmbH, Fraunhofer AISEC has laid the groundwork for gematik, including an architecture designed around zero trust principles and a prototype for the next-generation security framework.
Electronic patient records, digital medication plans, and e-prescriptions are fundamental components of the telematics infrastructure (TI). The platform’s objective is to provide straightforward yet secure communication between medical practices, hospitals, and other stakeholders in the healthcare sector. This would ensure the availability of clinical information necessary for patient care, regardless of location. gematik GmbH, the national agency for digital medicine, oversees the TI, with support from the German Federal Ministry of Health (BMG), medical associations, pharmacies, hospitals, and insurance groups.
The existing TI 1.0 has been a self-contained VPN-secured network that identifies users through smart cards. However, the growing number of TI users and increasing digitization bring new demands for scalability, availability, user-friendly security, and mobile compatibility that the current security architecture can no longer fulfill.
The new TI security architecture will be rooted in zero trust principles. Zero trust means that system actors inherently distrust each other, and trust is continuously verified. This entails providing reliable evidence for every communication between parties to justify trust. Access control based on zero trust is data-driven and fine-grained, addressing both external and internal threats, in contrast to traditional security designs that primarily focus on securing company boundaries.
The proposed TI security architecture 2.0 introduces a zero trust approach without relying on proprietary components. Instead, it leverages the security functions of users’ existing healthcare devices to authorize individual service access. Various scenarios, such as access by insured parties, medical practices, or hospitals, have been explored.
Furthermore, the new security architecture allows for the expansion of the user pool. Unlike the existing VPN infrastructure, TI 2.0 provides standard access mechanisms for all user groups, including those using mobile devices.
Another advantage is that access control considers factors beyond user identity, such as time, location, and end device security requirements. The dynamic set of rules for authorizing healthcare data access evolves with technological advancements, quickly integrating developments in information security and healthcare service usage changes.
Access requirements can be tailored to different user groups and applications based on risk. For example, stricter security measures may be necessary for doctors accessing extensive patient data compared to insured parties seeking their own personal data.
In healthcare, secure patient data management and data protection are paramount. Therefore, the new design from Fraunhofer AISEC and its partners aims to prevent single actors from having excessive power by requiring multiple elements for access to healthcare services. Access to TI 2.0 may necessitate not only proof of identity but also verification of a one-time registered device to ensure that stolen or manipulated identity credentials or devices cannot grant access.
Given that the telematics infrastructure primarily processes patients’ personal healthcare data, TI 2.0 adheres to rigorous security standards. The architecture employs established standard components in identity and access management within the context of zero trust to meet these requirements.