Electronic Healthcare. Third International Conference, eHealth 2010, Casablanca, Morocco, December 13-15, 2010, Revised Selected Papers

Research Article

A Note on the Security in the Card Management System of the German E-Health Card

Download66 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-23635-8_25,
        author={Marcel Winandy},
        title={A Note on the Security in the Card Management System of the German E-Health Card},
        proceedings={Electronic Healthcare. Third International Conference, eHealth 2010, Casablanca, Morocco, December 13-15, 2010, Revised Selected Papers},
        proceedings_a={E-HEALTH},
        year={2012},
        month={10},
        keywords={Electronic health card card management system security},
        doi={10.1007/978-3-642-23635-8_25}
    }
    
  • Marcel Winandy
    Year: 2012
    A Note on the Security in the Card Management System of the German E-Health Card
    E-HEALTH
    Springer
    DOI: 10.1007/978-3-642-23635-8_25
Marcel Winandy1,*
  • 1: Ruhr-University Bochum
*Contact email: marcel.winandy@trust.rub.de

Abstract

The German compulsory health insurance system will introduce an electronic health card (eHC) in the near future. The eHC is supposed to enable new applications like securely storing electronic health records of patients in a central data center infrastructure so that health professionals can access these data via a common network. In this context, the card management system (CMS) is of special interest since it is used to personalize, issue, and maintain the cards. In this paper, we analyze the functional requirements specification of the CMS in Germany and identify several conflicting and ambiguous requirements. As the most important result, the specification defines technical measures that are insufficient to protect the data and data sovereignty of the patient. We discuss the resulting consequences, which might be helpful to improve the system design before its final deployment.