Electronic health card

from Wikipedia, the free encyclopedia
Sample of an electronic health card (generation G1) from Gematik

The electronic health card ( eGK ) is an expandable insurance card for those with statutory health insurance . It is designed as a chip card in credit card format with a photo and replaces the health insurance card introduced in Germany on January 1, 1995 . In special cases, the electronic health card is issued without a photo .

All previous health insurance cards remained valid until the printed validity date in accordance with the federal contract of October 1, 2013 (§ 19) or until October 1, 2014. Since January 1, 2015, if the electronic health card is not available, written proof of entitlement to benefits has been requested from the health insurance company; however, such evidence no longer applies e.g. B. the presentation of a valid health insurance card according to the date printed. It is not necessary that a photo is actually applied to the electronic health card. If a photo is missing, the service providers are only asked to verify the patient's identity using the information on the card (date of birth, name).

aims

The objectives of the introduction are:

  • Strengthening patient rights by allowing important documents such as doctor's letters and findings to be stored in an individual, encrypted form in future expansion stages.
  • Better administrative communication, for example in that the examination and laboratory results previously only intended for personal use can be made available to other service providers by general practitioners and specialists. The better exchange of information leads to the avoidance of undesirable interactions between drugs.
  • Greater efficiency and the associated cost savings, for example by avoiding duplicate examinations and by making treatment data available more quickly in an emergency.

Chancellor Angela Merkel described the health card 2005 as a “lighthouse project” to prove to the world “in which areas we are ahead”.

history

The introduction, originally planned for January 1, 2006, was delayed and the test phase was extended several times.

motivation

The Lipobay scandal in 2001 is considered to be the trigger for the electronic medical record. Investigating the harmful side effects of the drug was difficult because there was hardly any record of what other drugs the affected patients were taking to determine any interactions. A study by the management consultancy Roland Berger suggested a chip card on which all prescribed drugs are saved, potential interactions are automatically analyzed when a new preparation is entered and a warning is issued if necessary. Additional functions were added to this proposal after hearing doctors, health insurers, data protection officers and other parties involved.

In 2003, the then Federal Ministry for Health and Social Security issued a Europe-wide invitation to tender in order to prepare the optimal framework conditions and requirements for the nationwide introduction of the electronic health card regardless of the manufacturer. The project consortium "bIT4health" (= better IT for better health), consisting of the companies IBM Germany, the Fraunhofer Institute for Work Management and Organization (IAO), SAP Germany, Intercomponentware and ORGA card systems (now: Sagem Orga ). The focus was on defining the telematics framework architecture and security infrastructure. The project consortium accompanies the introduction of the electronic health card beyond the definition phase of the framework architecture, during the test phase up to the introduction and the first year of operation.

Initial difficulties

The law for the modernization of the statutory health insurance of November 14, 2003 stipulated the introduction of the eGK on January 1, 2006 in § 291a SGB V. For the introduction and future further development of the eGK, the central associations of self-administration founded the company organization gematik (society for telematics applications of the health card mbH) in January 2005 .

The implementation on January 1, 2006 failed. On September 27, 2005 - a few days after the 2005 Bundestag elections , which led to a grand coalition - the Federal Ministry of Health (BMG) announced a replacement . The framework conditions for the implementation of the project will then be reorganized by the BMG and further work will be controlled under its leadership. Previously, several votes among the shareholders of gematik had failed and the schedules of BMG and gematik did not seem compatible.

As part of this reorganization, a new version of the ordinance on test measures for the introduction of the electronic health card was issued on October 5, 2006 with effect from October 12, 2006 . The ordinance provides for a four-stage test procedure, according to which tests should be carried out under laboratory conditions with test data via the test by authorized persons with test data and real data to testing in test regions.

Rejection by the German Medical Association 2007–2013

The 110th German Medical Association in Muenster in May 2007 decided with a majority of 111 to 94 votes to reject the eGK in its present form and to break new ground with greater data security and clear statements about financial viability. The 111th Doctors' Day, which took place in Ulm in May 2008 , renewed its criticism in its current form. The 111th Doctors' Day called for the tests to be stopped. For the majority of the delegates, concerns about data protection against the central storage of patient information outweighed them. According to the planning at the time, the eGK should only be a key to this data reservoir. In October 2008, at the instigation of the German Medical Association (BÄK), the eGK company gematik decided to test an alternative concept in which the data should remain in the patient's hand - for example on a USB stick. The Fraunhofer Institute for Open Communication Systems (FOKUS) carried out an investigation into the suitability of decentralized storage. The result is that a USB stick is not suitable as a decentralized memory. As an optional addition to the EGK, an EGK version (EGK-M, EGK-M +) is proposed, which has a larger memory and, according to FOKUS, should be sufficient for the foreseeable applications. The 113th German Medical Congress decided on May 14, 2010 with 105 votes to 86 to "finally abandon the pursued objective" of the health card project. The main reason he gave was the feared central data storage, the possibility of unauthorized access to sensitive patient data and the high costs of the project. Despite the "factual argumentation [and the appeal of the telematics officer of the German Medical Association, Franz-Joseph Bartmann] to actively and constructively participate in the development of telematics and telemedicine", for example the representative of Lower Saxony, Axel Brunngraber, announced further decisions resulting from the continued resolution of the doctors' conference Blockades to: "In the past few years we have created important bulwarks and stopped the project for years, and we will continue to do so." However, the majority of participants emphasized that the electronic health professional card and telemedicine in general can be useful for patient care.

The 116th German Doctors' Day in Hanover in May 2013 also confirmed the rejection of the large-scale "Electronic Health Card" project, which was formulated in its resolutions over the past few years. “In the past 7 years it has been found that the eHC project is not suitable for promoting modern, secure, patient and doctor-serving electronic communication in the healthcare system. The funds invested so far have been lost to medical care. "

Regionally restricted basic rollout in the North Rhine region on October 1, 2009

The introduction of the eGK started on October 1, 2009, initially only in the KV district of North Rhine-Westphalia. Over time, other regions will follow (“rollout”), starting with adjacent ones. Finally, the eGK is to be used nationwide.

The PKV-Verband paused its participation in the basic rollout of the eGK for private health insurers on July 1, 2009. He justified this with the lack of investment security.

After the 2009 federal election and coalition agreement of October 24, 2009

In the coalition agreement (federal government), the Union and the FDP (October 24, 2009) agree that "data security and informational self-determination of patients" have "top priority" when they are introduced. After the following top meeting as a result of this coalition agreement, the Federal Ministry of Health, the National Association of Statutory Health Insurance Funds and the National Association of Statutory Health Insurance Physicians are planning to "consistently align the infrastructure to ensure that it is practical for the treating doctors, improving the quality of treatment for the patients as well the focus is on safety. "

At the beginning of 2010, the partners involved in gematik ( GKV -pitzenverband, Bundesärztekammer ), in coordination with the Federal Office for Information Security and the Federal Ministry of Health, discussed the further procedure with regard to the composition and tasks of gematik, the other functions of the health card and in particular, whether doctors should be obliged to go “online”.

The Minister of Health Rösler saw the focus in "modern insured master data management and [the] emergency data". The Federal Association of Consumer Centers demanded that doctors , pharmacists and hospitals should prepare for the use of the electronic health card.

On April 19, 2010, the Gematik shareholders' meeting made the stipulations mentioned in the coalition agreement for the further course of action in the coming years.

In consultation with the Gematik project company, the cards should only be issued when all doctors have the readers. According to a plan by the Federal Ministry of Health, health insurance companies should be obliged to equip at least 10 percent of their members with an eGK by the end of 2011. If the value falls below this, a contractual penalty threatens.

Edition of the electronic health card 2011

The issuing of the electronic health card by the health insurance companies began in October 2011.

Development since 2013

Statutory health insurance companies had to report the introduction rate to the Federal Insurance Office by January 31, 2013 . Some health insurance funds urged their members with unfair formulations to have the new card with passport photo issued, although this is not mandatory for members. According to the central association of health insurance companies , the health insurers achieved the required spending rate of 70 percent “on average” at the beginning of January 2013.

As of October 2, 2013, according to the National Association of Statutory Health Insurance Funds, 95 percent of the insured had an eGK.

Since January 2014, the traditional health insurance card has been replaced by the electronic health card with a photograph of the insured person. Several times, health insurances asked insured persons to submit a passport photo. Most of the cash registers also received this picture.

As the State Social Court of Rhineland-Palatinate decided in March 2014, insured persons have to bear the costs of preparing the passport photo themselves. Health insurance companies are not obliged to reimburse (Ref .: L 5 KR 32/14 NZB).

The responsible Bertelsmann subsidiary arvato Systems completed the directory service for communication between service providers (KOM-LE) on June 9, 2016. According to the E-Health Act, “secure communication between service providers” (doctors and hospitals) should go into first trials from July 1, 2016 and go into general operation from mid-2017.

The system called “telematics infrastructure” was designed as a virtual private network (VPN) in which patient data is encrypted and stored on the central servers of some providers. The eGK is used for authentication. To be connected to the network, participants need a VPN router , the “connector”, which contains a “security chip” with certificate data . The possibility of accessing the telematics infrastructure via mobile devices without a connector was not provided. Patients should only be able to exchange data via a “patient compartment” if a doctor has given them access. This concept has since become obsolete. The connector in medical practices corresponds to the technology of 2005.

Legal concept

saved data

In Germany, health cards should one day store patient data. It was later decided to only store the keys to the data on the card. This concept has also been out of date since 2019: patient data is stored on central servers. The data is encrypted so that unauthorized persons - such as server operators - cannot see or change the data. The health card is used for authentication. It does not contain any keys, it only allows their use. Keys are stored - separately from documents - in the infrastructure itself. The encryption only affects documents, such as findings and diagnoses. Operators can decipher metadata to find the documents, although metadata can reveal data that patients prefer to keep secret, such as metadata that reveals the existence of a psychotherapist's documents.

Compulsory portion

The eGK enables access to the data that was already stored on the KVK. The following are to be saved:

  1. The name of the issuing health insurance company and an identifier for the Association of Statutory Health Insurance Physicians in whose district the insured person is domiciled,
  2. Surname and first name of the insured person,
  3. Date of birth,
  4. Gender,
  5. Address,
  6. Health insurance number ,
  7. Insured status , for groups of insured persons according to § 267 Paragraph 2 Clause 4 in an encrypted form,
  8. Day of the start of insurance cover,
  9. if the card is only valid for a limited period, the expiry date.

The information on gender and co-payment status was made mandatory by the law on the modernization of statutory health insurance (GMG) of November 14, 2003. The information had to be included in the KVK by January 1, 2006 at the latest. The health insurance card should already since January 1, 1995, now as the electronic health card, containing a photograph for about fifteen years old.

Photo and identity check

The bill for the Health Modernization Act of 2003 requires a photograph to be attached to prevent abuse.

Insured persons up to the age of 15 as well as insured persons whose participation in the creation of the photo is not possible (e.g. with care level 2 and 3) receive an eGK without photo. Accepted exceptional cases of receiving an eGK without a photo are also distortions or religious reasons (upon informal request).

According to § 291 Abs. 2 SGB V, a health insurance card with changed security features is to be introduced. Section 291a SGB V is to be expanded into an electronic health card (eGK). Section 291 (2) SGB V was changed by the Statutory Health Insurance Modernization Act of November 14, 2003 with effect from January 1, 2004 in such a way that a photo and the signature of the insured person must be placed on the health insurance card.

In accordance with the binding safety concept of gematik , health insurance companies, as the publisher of the eGK, are responsible for compliance with the legal requirements and the specifications of gematik GmbH. Each health insurance company is responsible for compliance with data protection regulations and, in addition to the gematik GmbH security concept, takes into account the requirements of the Federal Commissioner for Data Protection and Freedom of Information (BfDI) and the European requirements.

The Federal Commissioner for Data Protection and Freedom of Information, Peter Schaar , called on June 3, 2009 in the Tagesschau that "the health insurance companies must ensure that the photos can be assigned to those affected".

The gematik security concept

The approved and valid security concept of gematik (V2.4.0, p. 145 of September 5, 2008) prescribes: “In general, the assignment of the data of an insured person in the telematics infrastructure to the identity of the insured person MUST be ensured. [This requires] confirmation of the identity by an entity independent of the user. [A] confirmation of the address by an entity independent of the user is also necessary ”. Compliance with the gematik security concept is a prerequisite for approval of a health insurance company as the publisher of eGK. The above "MUST-requirements" are not met by photographs that are collected using paper procedures and Internet uploads without an identity check. However, gematik GmbH has so far not provided any evidence that the planned basis and execution in accordance with the specification as well as the acceptance from 2008 comply with the latest technology according to ISO / IEC 15408 from 2009.

EU requirements

At EU level, the Article 29 data protection group (the independent advisory body of the European Community on data protection issues) demands that “patients must be absolutely unequivocally identifiable. If the data of another person were mistakenly used due to errors in patient identification, this would have fatal consequences in many cases. " This requirement is part of the approved safety concept from gematik. It also demands: "Access by unauthorized persons must be factually impossible and prevented from the outset if the system is to be acceptable from the point of view of data protection." And "The data protection group expressly points out that the institution (...) in full compliance with the principles of data protection, as anchored in Directive 95/46 / EC, must be carried out. ”Furthermore, data protection group 29 equates an electronic health card with an official identification document. It says in 00323/07 / DEWP 131: "Authentication: ... that a person provides proof that he is really who he claims to be. This is usually done by presenting an official identification document with a photo ”and further“ An electronic health card in the form of a chip card could make the electronic identification of patients and also their authentication (...) considerably easier ”.

doctors

Annex 4a of the federal shell contract assumes the implementation of the MUST requirements of the gematik security concept. The medical profession is obliged to verify the identity, but cannot do this without prior, unambiguous assignment of the eGK to the person through confirmation by an entity independent of the user. The 112th German Medical Congress from 19. – 22. May 2009 therefore adopted the following resolution: "The health insurance companies are requested to ensure that the photos that are to adorn the insurance cards actually depict the insured person."

In view of the decision (GSSt. 2/11) of the Grand Criminal Senate of the Federal Court of Justice of March 29, 2012, according to which statutory health insurance physicians are not public officials or agents of the health insurance funds, whether the medical profession can be legally and legally obliged to carry out an identity check according to the BMV-Ä, be doubted.

Insured

The discrepancy between the MUST requirements of the gematik security concept and the planned implementation by the health insurance companies has led to complaints and objections from insured persons. The Article 29 Working Party stressed that "a lack of appropriate authentication methods could lead to the creation of fraudulent patterns and undermine user confidence in electronic communications".

Health insurance

Health insurance companies responsible for issuing the eGK, contrary to the security concept of gematik, the requirements of the EU data protection group, the requirements of the Federal Data Protection Agency and thus also contrary to the relevant laws, have not established a confirmation of identity by an entity independent of the user and have not provided an identity check for the photos . They all rely on unchecked self-information from the insured. The address check required in the gematik security concept by an entity independent of the user is not provided. According to the binding safety concept of gematik, health insurance companies as the publisher of the eGK are responsible for compliance with the requirements. "The achievement of the protection goals and the effectiveness and consistency of the selected processes and the individual process steps must be guaranteed by the card issuer."

eHealth BCS terminals

The replacement of the health insurance card ( KVK ) by the electronic health card (eGK) requires the widespread introduction of card reading devices, called eHealth-BCS terminals. Doctors and psychotherapists receive a flat rate reimbursement for card readers who, among other things, receive a reimbursement from the Association of Statutory Health Insurance Physicians (KVn) and dentists from the Association of Statutory Health Insurance Physicians (KZVn). a. Received certifications from gematik, the Federal Office for Information Security (BSI) and TÜVIT. Whether the devices work with the practice software must be clarified with the manufacturer of the practice software. Its software must be matched to the card reader.

  • Card readers

  • CardStar medic 2, celectronic

  • Hypercom medHybrid

  • Orga 930 M

Other medical data

While only the above-mentioned data were allowed to be stored on the KVK, the eGK must be suitable for storing medical prescriptions (so-called e- prescriptions ) and the proof of eligibility for EU foreigners (so-called European health insurance card ) .

The health card must be suitable to support voluntary use, in particular the collection and use of

  1. medical data, insofar as they are required for emergency care (emergency care data),
  2. the electronic doctor's letter ,
  3. Data for checking drug therapy safety (personal drug risks and intolerance),
  4. the electronic patient record ,
  5. other data provided by the insured himself or for them (patient compartment), as well as
  6. Data on services used and their preliminary costs for the insured.

Because the storage space is limited on the eGK (32 kB) - not according to the legal requirements, but according to the planned technical implementation - only up to 8 e-prescriptions and the emergency data can be saved on the eGK itself. The other voluntary applications such as B. a patient file are stored on servers of the so-called telematics infrastructure.

The complicated structure of the law can be explained by differentiating regulations on data storage and data access. While the storage of data according to Paragraph 3 is only permitted with the prior consent of authorized persons, the data according to Paragraph 2 may also be stored without the prior consent of the insured person. Medical prescriptions saved in accordance with Paragraph 2 must, however, be deleted in accordance with Section 291a Paragraph 6 SGB V.

Security models

Many identity cards for patients rely on centralized data management. This is necessary to establish identity (name, date of birth, place of birth, place of residence, etc.) in order to avoid confusion between persons with the same data. Central health data storage is controversial for reasons of responsibility and security (responsibility of one body for all data of all persons concerned).

Nevertheless, it must be possible to transfer patient data reliably and securely in the event of a referral to another hospital. A security model that can implement this is the BMA ( British Medical Association ) model , which defines rules for handling patient data. The BMA model is a security model (policy) for clinical information systems. The model was developed in 1996 by Ross Anderson on behalf of the British Medical Association.

The model describes safety-critical rules as to how a clinical information system can be implemented. In principle, it is based on a decentralized management of access rights ( authentication and authorization ) and introduces measures against identity theft and abuse by internal employees . In addition, rules relating to encryption and rules for access authorization when transferring patient data ( transfer ) are also specified.

Access to patient data is granted by the patient himself and by the medical professional. This means that no access is provided for technical administrators (IT staff) . For emergencies (unconsciousness) and special cases (defective card) there are special categories of data (life @ risk) , which the medical staff can always see. In order to prevent identity theft, the patient is to be notified if medical personnel release the patient data via their area of ​​competence (department, practice, hospital). In this way, the patient can react in the event of theft.

The model combines properties of the Clark-Wilson model , which is primarily used in the financial sector, with the Bell-LaPadula security model, which is primarily used in the military sector. The BMA model is generally applicable to data that is subject to data protection. The UEMO European Medical Organization adopted this model.

A decentralized solution was discussed in Austria after 2007: “The fact is that ELGA does not provide for any central storage of personal health data, but the document registry only contains references to the data stored locally by the GDAs [health service providers]. ELGA therefore does not make any organizational changes to the documentation. "

Data security

So far there is no published evidence that the eGK meets the requirements for the state of the art according to the internationally valid standards ( ISO / IEC 15408 ) that were co-authored by the BSI . On November 25, 2011, the successful Austrian concept was presented at the Austrian Embassy in cooperation with the Federal Office for Information Security in Berlin. A European standardization of a suitable solution or an adoption of a suitable solution in Germany is pending. As one of the last countries, Germany is not prepared for a comprehensive solution as a pioneer for standardization.

Legal basis for data protection

Various and complicated regulations apply to data protection in connection with the eGK. However, (as of 2012) no sanctions have been defined that should apply in the event of a violation of the requirements. First of all, for all data, reference is made to the regulations of the Federal Data Protection Act on mobile personal storage and processing media. This results in

  • a right to information about the content of the stored data and their origin
  • a right to correct incorrect data and a right to erasure with regard to inadmissibly stored data

towards public and non-public bodies.

In addition, Section 291a (4) SGB V restricts access to the data to authorized persons . In addition to the insured person, who also has the right to access, only doctors, dentists, pharmacists, their assistants and other providers of medically prescribed services may access the data according to Paragraph 2 - in particular medical prescriptions (e-prescription); on the data according to paragraph 3 also psychotherapists and on the emergency data according to paragraph 3 sentence 1 No. 1 in emergencies also members of another medical profession.

The restriction of access to authorized persons must be safeguarded by technical precautions .

  • With regard to the data according to Paragraph 3 (except for the emergency data), double authorization by the insured person (a PIN is currently planned ) and the authorized person (e.g. doctor) using the electronic health professional card , which has a possibility for secure authentication and must have a qualified electronic signature .
  • With regard to the emergency care data, the electronic health professional ID is sufficient,
  • and with regard to the data according to Paragraph 2 Clause 1 No. 1 (e-prescription), a suitably secured professional ID or a suitable technical process authorized by the insured person for the respective access.

In addition, at least the last 50 accesses must be logged for data protection control purposes (Section 291a, Paragraph 6, SGB V). Use of the log data for other purposes is not permitted. The log data are to be protected against improper use and other misuse by taking suitable precautions. The aim of this logging is that "the insured and only he is allowed to track access to his data and to be able to determine retrospectively violations of data protection and data security regulations."

Finally, the data on the eGK are free of confiscation according to Section 97 (2) sentence 2 StPO.

Arguments for the electronic health card

Informational self-determination

Criticism of data protection is countered by data protection authorities that the informational self-determination of patients is effectively protected both by the applicable law and by technical measures. The electronic health card is to be seen as a “model project” that implements the requirements of the right to informational self-determination in an exemplary manner.

The data protection officer of the state of Schleswig-Holstein Thilo Weichert also responded in the health committee to an application made by the then State Secretary in the Ministry of Health, Daniel Bahr (FDP), on the moratorium on the electronic health card: "In fact, this security instrument can be viewed as sufficient to safeguard data protection, yes, even as exemplary. What is particularly impressive about the conception is that the sensitive medical data is stored in encrypted form and reading this data is technically only possible with the help of a private key on the eGK. […] This construction means that - technically - the control over the medical data actually lies with the patient. This concept is specified by the legal regulation: Apart from the use of the eGK as an identification card and for the transmission of electronic prescriptions, all applications and functionalities should be voluntary for the patient. In other words, by providing the card and entering the PIN, the patient should decide for himself who is allowed to write his data on the card and who is allowed to read it. [...] As a result, to maintain the confidentiality of the data, it may and may not matter whether it is stored on a central server or on many decentralized servers or even only on the card. [...] In any case, the individual authorization of access by the person concerned is technically mandatory. Even with a central data storage, a third place would only be able to decrypt a single data record whose key is available. A knowledge of all patient data is not only prohibited by law, but should also be technically impossible. Access to applications regularly requires the authorization of the patient using the eGK and the (dental) doctor via an HPC. "

In 2005, Peter Schaar , the Federal Commissioner for Data Protection at the time, did not recognize any fundamental data protection problems with the electronic health card. He pointed out that, in principle, all medical data may only be stored with the patient's express consent. Without consent, only the data required for the electronic prescription may be saved and passed on . The access concept is technically and legally designed in such a way that patient confidentiality is also preserved vis-à-vis and between members of the health professions. The principles of data economy and data avoidance would also be observed.

The annual report (2008) of the Berlin data protection officer Alexander Dix also argues in favor of the comprehensive introduction of the telematics infrastructure and emphasizes against the background of today's insecure patient files: "The security concepts for the electronic health card and in particular the electronic patient file as its application should be used as a benchmark for all patient records Health records on the Internet can be used. "

criticism

The toughest argument against the known solutions is the pending proof of suitability according to ISO / IEC 15408 for data security and data protection when transferring to the BSI as the higher federal authority .

Not using a suitable solution means an avoidable risk of fraud through the use of conventional insurance cards without a photo and a risk to the patient by confusing his or her identity. In routine clinical practice, the electronic health card does not solve any problems of confusion between admission and discharge, as there are no readers for the electronic health card within the wards.

The introduction of the eGK by the statutory health insurance companies was required by law in a pilot amount by the end of 2011. The technical qualification for using the eGK has not yet been completed. In the criticism, the terms data security and data protection must be separated. Both features must comply with the requirements of SGB ​​V and SGB ​​X and comply with the state of the art (ISO / IEC 15408).

privacy

Data protection activists have long criticized the handling of sensitive patient data in German medical practices and clinics, as well as the current type of communication between doctors: "Examinations by data protection supervisory authorities have sometimes shown catastrophic conditions: patient records are visible to visitors in the ward or treatment room. People go in and out of patient files in an uncontrolled manner. IT service providers can access, read, and even manipulate data unhindered. Doctor's letters are sent unencrypted via email on the Internet. Sensitive information is not sealed off in the clinic. "

For years, extensive data sets have been sent to the health insurers by name within the framework of general practitioner contracts, disease management programs and integrated care contracts. Participation in these programs is voluntary for statutory health insurance physicians. The new family doctor contract in Baden-Württemberg stipulates that patient data should be stored centrally. The German Medical Association has concerns about safety.

For decades, contract doctors of the statutory health insurance, contract psychotherapists and child and adolescent psychotherapists have been sending all billing data of their patients, including diagnoses and suspected diagnoses, to the Association of Statutory Health Insurance Physicians (KV). Nowadays this is done almost exclusively in the machine-readable KVDT format. The patients are usually not informed about this data transfer.

In many cases, the data of private patients are also transmitted electronically to private medical clearing houses , often without the consent of the patient. The private health insurances in turn store the data and diagnoses of their insured persons electronically.

Professional Cooperatives Report (BG) -Doctors now also all data and diagnoses predominantly electronically - DALE-UV method . The transmission usually takes place without the patient's explicit consent. The BGs store and process this data in their computers.

Hospitals and rehabilitation facilities are obliged to electronically transmit billing data including the coded diagnoses and therapies to the payers. Practically none of these applications is access-protected by the electronic health professional card or an eGK with PIN. The data are also stored on the computers with the names of the patients in plain text and not - as planned with the eGK - pseudonymized.

In 2013, the Hessian State Social Court ruled against fears of data misuse. There is no violation of data protection regulations or the right to informational self-determination with regard to the collection, storage and use of so-called administrative data. The general interest in the functionality of the benefits in kind system of the statutory health insurance outweighs the legal concern of the plaintiff. "The electronic health card currently has no other functions than the health insurance card." The online function of the eGK for the transport of administrative data between doctor and health insurance company to check the validity and topicality are legally harmless at the current stage in which the data protection-compliant practicality is being tested.

Data security

In contrast to the previous health insurance card, which was “only” a memory chip card, the eGK is a processor chip card that opens up additional options, for example by showing the digital identity within the telematics infrastructure. It can also be issued by private health insurers. The eGK partially contains the data that were already contained in the KVK.

It is possible to save further data (drug documentation). Evidence of data security for this additional data in connection with corresponding applications and other storage has not been provided. As the commissioned company, Gematik only lists the results of a study from 2008 on its website without any liability. In addition, in 2012 deficiencies in data security were found because only spaces were stored on the card instead of a PIN.

There is no public discussion about the data security of the technical solutions with the eGK. The qualification of the eGK according to ISO / IEC 15408 is pending. The use of the eGK for purposes other than establishing identity is unlawful until gematik GmbH, as a contractor of the federal government, has obtained sufficient certification.

General criticism

  • The technical requirements for the eGK have not been revised since the certification of the proposal by gematik GmbH in 2008 (as of 2011) and may be out of date compared to the current state of the art . The certificates may have to be updated because the internationally valid ISO / IEC 15408 standard for verification is one year younger than the published certificates.
  • The character set is ISO 8859-15 (Latin-9). In contrast to Unicode , this outdated standard cannot, for example, reproduce southern and eastern European characters (e.g. Ć and Ł).
  • The legal concept anticipates the needs of the insurance companies and the insured as well as the service providers in the health sector. The health insurance card used up to now meets the basic needs of administrative action.
  • The functions intended to support medical activity beyond the function of the health insurance card have not yet (as of 2012) been approved by consensus with the medical profession.
  • The functions provided beyond the function of the health insurance card do not meet any need for the patient in inpatient care, as they neither better fulfill a function of the patient call system according to VDE 0834 nor any other function of identity verification under special hygiene requirements.
  • Critics doubt the correctness of the information on the expected benefits of the electronic health card as well as the correctness of the official cost estimates, also with regard to the expected savings. In particular, the lack of calculation of the handling and operating costs is warned by the doctors. A scenario in which patients use the card and enter their PIN for processes such as writing medical data (emergency data / patient files) delay the workflow in a practice is feared as well as technical difficulties in the reliability of the connection with the data servers on the Internet and the endangered availability of important data on the patients to be treated. On the subject of entering the PIN for the electronic health card, Chancellor Angela Merkel said in her speech at the Health Industry Future Congress of the Federal Ministry of Health: “If you can remember three PIN numbers, you might be able to remember a fourth. If it doesn't work at all, you have to write down these numbers - I know you shouldn't actually do that - somewhere where nobody can find them. "
  • Even an application that was initially as simple and plausible as the electronic prescription revealed problems in the “10,000 field test”, since the medical software used (for which the National Association of Statutory Health Insurance Physicians is responsible for approval) did not yet meet the requirements. In the interim report on the “10,000 test” (as of July 18, 2008), gematik criticizes a “clear delta” in the support provided by the software manufacturers.
  • Government advisor Jürgen Wasem had sharp criticism of the planned introduction of the electronic health card on October 1, 2009 . He told the ARD magazine Monitor that the card would be launched "primarily for political reasons". “Economically, it will be a negative business that will ultimately be paid for by the insured,” said Wasem, who is one of the most important advisors to ex-Federal Health Minister Ulla Schmidt (SPD). Wasem is chairman of the evaluation committee for medical services and of the “scientific advisory board” for risk structure compensation. Since the card does not provide all of the services, the planned start should be avoided, according to Wasem.
Representation of the transparent patient at the demonstration freedom instead of fear
  • There are also fundamental concerns under data protection law with regard to the transmission and storage of personal data on servers of the telematics infrastructure. However, some data protectionists (see arguments against criticism of data protection ) speak out in favor of the introduction of the health card, because it could end today's lax practice in handling patient data. For example, the state data protection officer Thilo Weichert says about the security concept of the electronic health card: "In fact, this security instrument can be seen as sufficient to safeguard data protection, even as exemplary."
  • Some health insurances, medical associations and politicians doubt that the planned date for the introduction can be met. They fear similar difficulties as with the introduction of the truck toll in Germany . In addition, critics fear that the card violates the citizens' right to informational self-determination . There are already voices from politicians and top managers of the health insurance companies who want to leave the voluntary principle of data storage on the health card. Doctors and data protectionists warn of the danger of the "transparent doctor" or " transparent patient ". In the opinion of the BMG, the patient should be and remain “master of his data”. This assumes that he is enabled to view the data stored about him. A special reader is required for this in the home; a way must also be opened up for the desired server solution to enable the patient to access the encrypted data stored there. Kiosk systems are to be set up in medical practices and pharmacies , through which patients can access their data. In the meantime, the interpretation of the existing data protection legal situation has gone so far that in future patients can and are allowed to delete their illness data independently, which in turn can considerably limit the targeted treatment by the doctor. A “beautified” or incomplete patient file is of less use to the doctor and can even be dangerous, also in terms of liability law, if the doctor relies exclusively on this data. Of course, scenarios are also conceivable in which the attending physician would be clearly supported in his work by a possibly shortened patient record (avoidance of double examinations, exclusions in the anamnesis).
  • There are also comments that see an independently managed patient file as a considerable personal benefit - especially for the chronically ill, especially in times of required mobility.
  • Due to the considerable ambiguity, also in the financing - the costs are now estimated at 1.5 to 5 billion euros - and the resistance of various lobby groups to the individual proposals of gematik, the introduction date has been postponed again and again for years. Experts see one of the main reasons for the slow introduction in the composition of gematik , each consisting of 50 percent health insurance representatives and service providers (including doctors, pharmacists ), as it makes decision-making even more difficult, even with regard to small technical details. “The society for telematics applications of the health card, gematik for short, had to collect project specifications in a row during its almost five years of existence. Responsible for this are primarily their shareholders, the associations of health insurance companies, doctors, hospitals and pharmacists - the self-administration. The lobby groups make gematik almost incapable of making decisions because they cannot agree on key issues. "" The decision-making procedures of the joint self-administration are too cumbersome for such a large project, the mutual blockade is all too often rewarded, "says Susanne Mauersberg from the Federal Consumer Center.
  • The data of the members can be transmitted to the health insurance companies. On the one hand, this gives the health insurers precise information about inpatient care and diagnoses. The health insurers can also get the outpatient prescription data, including doctor-related data and (suspected) diagnoses, from the KVs .
  • In the test regions, a significant part (between 30 and 75 percent) of the insurance cards and also the health care cards were permanently blocked by incorrectly entering the initial 6-digit PIN. The criticism of the legal conception continues (2011). An update of previous plans to the state of the art, for example according to ISO / IEC 15408, updated on the date of further introduction, is not available.
  • The then President of the Free Doctors' Association , Martin Grauduszus, claimed in September 2007 that the health card was “the key to a gigantic network of healthcare via the Internet - with central storage - on central servers - including the most intimate patient data, the most intimate data of people, our patients . “Health and illness data would be withdrawn from the care of the doctors and thus lose the protection afforded by medical confidentiality . The health card thus creates the "transparent patient". The Committee for Fundamental Rights and Democracy warns against “using the data for the purpose of monitoring the behavior of doctors and patients”. The electronic health card was designed as a “gigantic surveillance project”.
  • There is also criticism of the mandatory photo on the electronic health card. This is actually supposed to protect against abuse. However, since the health insurers do not check whether the photo is actually the insured person (e.g. with the help of an identity card ), this door remains open.

Unexplained responsibility

Various questions about responsibilities have not yet been clarified:

  • Who is responsible for data security?
  • What compensation do patients receive if their health data is hacked, stolen or misused?
  • Who has to pay the compensation?
  • Who will be prosecuted if health data is hacked, stolen or misused?
  • Who do you contact if your health data has been lost? What is the exact compensation procedure?
  • What is the compensation amount?
  • With whom and for what amount of damage are those responsible insured?

Cost expectations

There are different assessments of the costs associated with the introduction of the electronic health card. When considering the costs, it must be taken into account that in addition to the expenditure for cards and readers, further investments are required. The costs for the technical infrastructure and for adaptations to hardware and software in practices and hospitals must also be taken into account. Other planned functions of the electronic health card can result in additional costs ( e.g. health professional card , signature services).

When the framework architecture was presented at CEBIT 2004, the then Federal Minister of Health Ulla Schmidt assumed implementation costs of between 700 million euros and one billion euros. A few months later, doctors' representatives and health insurance companies agreed on the key points of the financing. The introduction of the health card was now estimated at 1.6 billion euros. The cash registers should do most of the work. A contribution of 600 million euros was planned for doctors, clinics and pharmacists.

On November 24, 2006, the Chaos Computer Club published a cost-benefit analysis by Booz Allen Hamilton (now Booz & Company ). This analysis carried out on behalf of gematik showed that not only the introduction, but also the continued use of the electronic health card will cause enormous costs. The analysis covered a period of ten years. The CCC wrote on its homepage: “In the best tradition of large-scale government software projects, another extremely costly prestige project is being approached with a careful eye, the benefits of which are out of all proportion to the risks and foreseeable problems. A first inspection of the data indicates a massive cost explosion with the introduction of the health card and another technology disaster. "

In a 2009 study, Booz Allen Hamilton estimated the cost of launch at 2.8 to 5.4 billion euros over a period of five years.

According to research by the ARD magazine “ Monitor ” in July 2009, the company developing the electronic health card is already assuming that the originally planned costs will double. In the worst case scenario, full functionality is only assumed in eight to ten years, according to the gematik company's press spokesman, Daniel Poeschkens, to Monitor. According to the internal scenarios, the total costs could even rise to 14.1 billion euros.

By mid-2013, the electronic health card had already cost 728 million euros.

Health card projects outside of Germany

  • In Austria , the e-card was introduced in 2005 for all 8.4 million insured persons .
  • In Switzerland , 2010, the uniform was insurance card inserted, which represents a first step towards health card.
  • In France , the first variant of a corresponding card was introduced in 1998 and replaced in 2007 by the " Carte Vitale 2 ".
  • In Italy , the citizen card also functions as an electronic health card .
  • An electronic health card has existed in Slovenia since 2000.
  • In the Czech Republic , the electronic patient file introduced by the general health insurance (VZP, comparable to AOK ) in 2003 was abandoned in 2012 because of the high costs and the insured's lack of confidence in data security.
  • In Taiwan , an electronic health card was introduced nationwide for around 22 million insured persons in 2003.

See also

literature

Documentary films

Web links

Commons : Electronic Health Card  - collection of images, videos and audio files

Germany

Switzerland

Remarks

  1. coalition agreement (lines 4143-4152): "Data security and privacy of personal data of patients and the insured also with the introduction of an electronic health card highest priority for us. Before further implementation, we will take stock of the business model and organizational structures of Gematik and their interaction with the self-administration and the Federal Ministry of Health, as well as previous experience in the test regions, will be checked and assessed. Then we will decide whether further work on the basis of the structures is possible and sensible. "
  2. Joint press release dated November 18, 2009 on the further course of the introduction of the eGK: “In view of the results of the test projects, the further expansion of the infrastructure must be consistently geared towards ensuring that the doctors treating the patient are more practical, and the quality of treatment is improved for the patients as well as safety are in the foreground. This is the only way to gain the necessary acceptance of the telematics infrastructure, especially among insured persons and doctors. "
  3. At CEBIT 2010 “We are proceeding step-by-step and starting with an extended health insurance card that is secure under data protection law. In doing so, we are initially concentrating on modern policyholder master data management and the emergency data. At the same time, we will implement the wishes of those working in the healthcare sector for a secure communication infrastructure as quickly as possible. For example, it enables doctors' letters to be exchanged between two doctors. "
  4. Press release health policy: Out of the ideological trenches of March 8, 2010 by the Federal Association of Consumer Organizations: "To improve economic efficiency and quality, the vzbv demands: [...] - all service providers must participate in the telematics infrastructure, i.e. doctors , pharmacists and hospitals prepare for the use of the electronic health card. "
  5. "In terms of more efficiency, speed and reduction of complexity, there will be a clear distribution of tasks and responsibilities in the future: the service providers will assume sole responsibility for medical applications and the cost bearers will assume sole responsibility for administrative applications. It was agreed to introduce three applications first. The National Association of Statutory Health Insurance Funds is responsible for the introduction of online insured master data management, the German Medical Association for the introduction of an emergency data set on the eGK and the National Association of Statutory Health Insurance Physicians for the addressed communication between the service providers. The National Association of Statutory Health Insurance Funds will be responsible for the overarching task of the basic telematics infrastructure together with the National Association of Statutory Health Insurance Physicians. "
  6. In the Bundestag printed paper on the Health Modernization Act (GMG) of 2003, it is stated: "The additions to the health insurance card by applying a photo of the card holder and the expansion of the administrative data of the health insurance card to include the gender is necessary in order to clearly assign the health insurance card to the respective To improve cardholders and thus prevent misuse . "
  7. V2.4.0, Appendix E, p. 15 of September 5, 2008: "The achievement of the protection goals and the effectiveness and consistency of the selected processes and the individual process steps must be guaranteed by the card issuer."
  8. BMV-Ä and EKV Annex 4a

Legal basis

  1. § 291 SGB ​​V (currently applicable version), the following quotations are partly based on earlier versions of § 291 SGB V
  2. § 291a SGB ​​V (currently applicable version), the following quotations are partly based on earlier versions of § 291a SGB V
  3. § 5 GesKVO
  4. ( § 291a Abs. 2 Clause 1 SGB V)
  5. § 291 Abs. 2 SGB V
  6. Section 291 (2) sentence 2 SGB V
  7. according to the former § 291 Abs. 2 SGB V
  8. See § 291a Paragraph 1 and Paragraph 2 SGB V, which expressly refer to § 291 Paragraph 2 SGB V.
  9. according to directive 95/46 / EG in 00323/07 / DEWP 131
  10. 01611/06 / DE WP 126 of §29 Data Protection Group 2007
  11. Data according to § 291a Paragraph 2 Clause 1 Clause 2 SGB V
  12. § 291a Paragraph 3 Clause 3 and 4; Section 5 SGB V
  13. § 6c BDSG
  14. § 19 and § 34 BDSG
  15. § 20 and § 35 BDSG
  16. § 291a Paragraph 6 SGB V
  17. according to Section 301 SGB ​​V
  18. § 291a Abs. 1a SGB V

Individual evidence

  1. a b Prima-versichert.net: From January 2014, the electronic health card with photo will be mandatory, October 13, 2013 9:30 p.m. ( Memento of May 3, 2014 in the Internet Archive ), accessed on January 1, 2014
  2. Federal Shell Contract - Doctors from October 1, 2013. (PDF) The National Association of Statutory Health Insurance Physicians , K. d. ö. R., Berlin, - on the one hand - and the GKV-Spitzenverband, K. d. ö. R., Berlin, - on the other hand - agree on the following federal cover contract - doctors (BMV-Ä) on the general content of the overall contracts in accordance with Section 82 (1) SGB V. National Association of Statutory Health Insurance Physicians , October 1, 2013, accessed on April 3, 2014 .
  3. Health insurance card still valid in 2014. KBV clarifies. Brandenburg Association of Statutory Health Insurance Physicians , October 18, 2013, accessed on April 17, 2014 .
  4. KVB FORUM. (PDF) ATTENTION: OLD INSURED CARD STILL VALID DESPITE eGK (page 3). Association of Statutory Health Insurance Physicians in Bavaria , December 1, 2013, archived from the original on December 17, 2013 ; Retrieved April 3, 2014 .
  5. "As before, there is an alternative procedure". (PHP /) Despite threats from health insurers: Even after January 1st, it is still possible to go to the doctor with the old health insurance card. A conversation with Jan Kuhlmann. young world , December 11, 2014, accessed December 29, 2014 .
  6. ↑ Reference date 1.1.2015: What happens next with the electronic health card? Digital courage , December 9, 2014, accessed December 29, 2014 .
  7. Archive link ( Memento from April 2, 2015 in the Internet Archive ) From January 1, 2015, only the electronic health card is definitely valid.
  8. http://www.kvsh.de/index.php?StoryID=580
  9. a b c Objectives of the introduction of the eGK , accessed on October 2, 2013
  10. Everything on one card . In: Der Spiegel . No. 20 , 2018, p. 102 ( online - May 12, 2018 ).
  11. Detlef Borchers: Electronic health card: It started ten years ago , heise.de, August 4, 2011
  12. Ordinance on test measures for the introduction of the electronic health card , ceased to be in force on May 24, 2018 by Art. 1 of the ordinance of May 17, 2018 ( Federal Law Gazette I p. 617 , PDF)
  13. Shorthand report of the 110th German Medical Association
  14. Article Medical Practice of November 20, 2008 ( Memento of May 23, 2009 in the Internet Archive )
  15. Study by the Fraunhofer Institute for Open Communication Systems ( Memento from January 31, 2012 in the Internet Archive ), investigation into the requirement for tests with additional decentralized storage media from April 30, 2009
  16. Deutsches Ärzteblatt Telemedicine and Telematics Infrastructure: On the grandstand
  17. 116th German Medical Association (PDF; 23 kB) Ärztetags-Drucksache No. VI - 89, accessed October 28, 2013
  18. ^ Christian Kahle: Electronic health card starts Thursday . winfuture.de. September 28, 2009. Retrieved November 27, 2011.
  19. Private health insurance does not take part in the basic rollout of the electronic health card
  20. Heise: Electronic Health Card: Moratorium or Mors Ultima?
  21. TeleHealth opening in Hanover
  22. Press release Federal Consumer Agency : Health Policy: Out of the ideological trenches
  23. Detlef Borchers: Electronic Health Card: Resistance to Health Minister . heise.de. November 6, 2010. Retrieved November 27, 2011.
  24. ^ GKV-Spitzenverband: [1] , accessed on September 18, 2019
  25. Tagesspiegel: Health insurance companies threaten their insured persons, January 28, 2013 5:40 p.m. , accessed on January 29, 2013
  26. Betriebsratspraxis24: No money from health insurance for photo on health card, May 7, 2014 , accessed on May 7, 2014
  27. Press release Arvato Systems, June 9, 2016 on the start of the directory service, accessed June 13, 2016
  28. Heise.de Arvato's directory service for doctor-to-doctor communication is available on June 10, 2016 , accessed on June 13, 2016.
  29. BKK VBU produces electronic health card with photo of the cookie monster , civil rights group dieDatenschützer Rhein Main. April 17, 2014. Retrieved October 27, 2014. 
  30. BT-Drs. 15/1525, p. 143.
  31. Information on the passport photo. In: AOK PLUS. Retrieved March 29, 2012 .
  32. e-GK compulsory from 1.1.2015? What can be done for critical citizens? , Alliance "Stop the e-Card!". September 9, 2014. Retrieved October 27, 2014. 
  33. ^ Heike E. Krüger-Brand: Electronic health card: card with face . Deutsches Ärzteblatt, Ärzte-Verlag GmbH. Retrieved October 27, 2014.
  34. Priska Pachuli: No photo on the electronic health card . Metronaut.de. Retrieved October 27, 2014.
  35. Are there any SBK customers who do not have to submit a passport photo? . Siemens-Betriebskrankenkasse 2014. Archived from the original on October 27, 2014. Retrieved on October 27, 2014.
  36. Frequently asked questions about the photo of the eGK . BKK advita 2014. Archived from the original on October 27, 2014. Retrieved on October 27, 2014.
  37. Lutz Donnerhacke: Data economy is not a religion . Retrieved October 27, 2014.
  38. Refusal of images for religious reasons works with the DAK , heise.de. January 15, 2014 10:02 am. Retrieved October 27, 2014. 
  39. Hundreds of thousands refuse a new health card , Süddeutsche Zeitung Digitale Medien GmbH / Süddeutsche Zeitung GmbH. November 25, 2013 1:46 PM. Retrieved October 27, 2014. 
  40. ^ Electronic health card eGK without photo , Andreas W. Ditze. November 29, 2013. Retrieved October 27, 2014. 
  41. BGBl. 2003 I p. 2190
  42. V2.4.0, Appendix E, p. 15 of September 5, 2008
  43. Safety concept of gematik V2.4.0, Appendix E, p. 16.
  44. gematik_ZUL_ Zulassungsverfahren_Prozesse_eGK_V1_2_0_4580, pp. 10, 13
  45. Security concept of gematik V2.4.0, p. 144/145
  46. - ( Memento from September 1, 2009 in the Internet Archive )
  47. anwalt24.de: Statutory health insurance physicians are not public officials or agents of statutory health insurance ( Memento from March 22, 2014 in the Internet Archive )
  48. Safety concept of gematik V 2.4.0, Appendix E, p. 15
  49. Details cf. Technical concept data for emergency care
  50. ^ Ross J. Anderson : A Security Policy Model for Clinical Information Systems . (PDF; 536 kB) University of Cambridge Computer Laboratory , 1996, accessed on March 13, 2008 (English).
  51. Feasibility study ELGA ( Memento of February 22, 2007 in the Internet Archive ) regarding the introduction of the electronic health record (ELGA) in the Austrian health system, final report of November 21, 2006. Prepared by IBM Austria GmbH on behalf of the Federal Health Agency. P. 16
  52. White Paper: Security. How will health data be protected in the future?
  53. ↑ Overall architecture of telematics in health care
  54. Lukas Gundermann: Telematics infrastructure of the electronic health card: Basis for secure data storage. Dtsch Arztebl 2008; 105 (6): A-268
  55. a b Statement on the electronic health card on the occasion of the public hearing of the health committee on May 25, 2009
  56. 21. Activity report of the Federal Commissioner for Data Protection and Freedom of Information 2005–2006, p. 38. ( Memento of June 7, 2008 in the Internet Archive )
  57. ^ Report by the Berlin Commissioner for Data Protection and Freedom of Information from December 31, 2008, p. 88 ( Memento from January 29, 2010 in the Internet Archive )
  58. Thilo Weichert in W & S - Krankenhausmagazin ( Memento from January 31, 2012 in the Internet Archive ) (PDF; 1.1 MB)
  59. General practitioner contract in Baden-Württemberg: trailblazer for E-Card Dtsch Arztebl 2008; 105 (25): A-1369
  60. supplemented and modified quoted from Medical Tribune Germany 40/2007, p 2, Wettig, D. Even with the PPA Billing threatens data abuse, Medical Tribune, October 5, 2007, p 2 ( Memento of 5 October 2013 Internet Archive ); PDF; 138 kB
  61. ^ Hessisches Landessozialgericht 1. Senate: AZ: L 1 KR 50/13 Health insurance - electronic health card with photo does not violate data protection regulations or the right to informational self-determination. Decision date: September 26, 2013
  62. There are no independent studies that have proven the security principles and the architecture of the telematics infrastructure ( Memento from December 26, 2011 in the Internet Archive )
  63. Electronic health card: blank instead of PIN code
  64. Check program for PIN problem of the eGK
  65. Speech by Federal Chancellor Angela Merkel at the Health Economy Future Congress of the Federal Ministry of Health ( Memento from July 28, 2012 in the web archive archive.today )
  66. Detlef Borchers: Electronic health card: Interim report of the 10,000 test published . heise.de. December 5, 2008. Retrieved November 27, 2011.
  67. MONITOR asked . wdr.de. Retrieved on May 18, 2012: “Health economist Jürgen Wasem in MONITOR from July 2, 2009:“ The card will now be launched primarily for political reasons; would make a profit in the first place, not even be part of it. And ultimately the insured have to pay for this negative business. ""
  68. ^ Martin Gardt: Years of Conflicts . Axel Springer SE 2014. Accessed October 27, 2014.
  69. E-health card as a huge data storage device . Axel Springer SE 2014. Accessed October 27, 2014.
  70. Silke Lüder: Electronic health card: Critical short film shows medicine in times of cyberspace . Retrieved October 27, 2014.
  71. Claudia Ehrenstein: That's why I want the health card for myself! In: Welt Online , November 20, 2009.
  72. a b Welcome to the past. ( Memento from January 25, 2014 in the Internet Archive ) In: kma , April 16, 2010.
  73. Philipp Grätzel von Grätz: The health insurers do not need the e-card to access treatment data. , In Ärzte Zeitung , October 2, 2007.
  74. Against data retention and electronic health card. In: The Illness Card , September 23, 2007.
  75. On the risks and side effects of the electronic health card. In: grundrechtekomitee.de , September 16, 2007.
  76. Criticism of the electronic health card persists , last accessed on January 28, 2014.
  77. https://www.datenschutzzentrum.de/medizin/gesundheitkarte/dud_gesundheitkarte.pdf
  78. Heise online: Report on the presentation of the electronic health card at CeBIT 2004
  79. Handelsblatt: Financing of the new health card is in place
  80. ^ Ccc.de: CCC's cost-benefit analysis of the health card
  81. sueddeutsche.de: Health card expensive ( Memento from September 11, 2012 in the web archive archive.today )
  82. wdr.de: Electronic health card - half-finished, but twice as expensive? ( Memento from July 6, 2009 in the Internet Archive )
  83. 728 million euros and so far no use , last accessed on January 28, 2014.
  84. ^ J. Sembritzki: Use and Development of Health Cards in Europe AHIMA (American Health Information Management Association)
  85. heise online, May 31, 2012: The Czech Republic stops electronic patient files IZIP
  86. The Taiwan Health Care Smart Card Project (PDF, English; 158 kB)