Research Article
A Note on the Security in the Card Management System of the German E-Health Card
@INPROCEEDINGS{10.1007/978-3-642-23635-8_25, author={Marcel Winandy}, title={A Note on the Security in the Card Management System of the German E-Health Card}, proceedings={Electronic Healthcare. Third International Conference, eHealth 2010, Casablanca, Morocco, December 13-15, 2010, Revised Selected Papers}, proceedings_a={E-HEALTH}, year={2012}, month={10}, keywords={Electronic health card card management system security}, doi={10.1007/978-3-642-23635-8_25} }- Marcel Winandy
Year: 2012
A Note on the Security in the Card Management System of the German E-Health Card
E-HEALTH
Springer
DOI: 10.1007/978-3-642-23635-8_25
Abstract
The German compulsory health insurance system will introduce an electronic health card (eHC) in the near future. The eHC is supposed to enable new applications like securely storing electronic health records of patients in a central data center infrastructure so that health professionals can access these data via a common network. In this context, the card management system (CMS) is of special interest since it is used to personalize, issue, and maintain the cards. In this paper, we analyze the functional requirements specification of the CMS in Germany and identify several conflicting and ambiguous requirements. As the most important result, the specification defines technical measures that are insufficient to protect the data and data sovereignty of the patient. We discuss the resulting consequences, which might be helpful to improve the system design before its final deployment.