Data protection vs. access convenience card-to-card-authentication: the approach of choice



Similar documents
Connected health-it - Germany s Telematics Infrastructure

How To Implement An Egk

OpenLimit Holding AG: Group Interim Report during the First Half of 2014 in Accordance with Article 37x WpHG

Common Criteria Protection Profile. electronic Health Card (ehc) elektronische Gesundheitskarte (egk) BSI-PP-0020-V MA01

Common Criteria Protection Profile. electronic Health Card (ehc) elektronische Gesundheitskarte (egk)

Security Target Lite STARCOS 3.4 Health HBA C1

The German Electronic Patient s Card

A Note on the Security in the Card Management System of the German E-Health Card

A Proposed Solution for Managing Doctor s Smart Cards in Hospitals Using a Single Sign-On Central Architecture

SOLUTIONS FOR HEALTHCARE PROFESSIONALS AND GOVERNMENTS

e-health in Europe Georges Liberman, Ingenico

White Paper Healthcare Industry in Germany. Structural Change and Consequences for ICT Applications.

SECURITY ANALYSIS OF THE GERMAN ELECTRONIC HEALTH CARD S PERIPHERAL PARTS

CompuGroup Medical AG Financial Report 1 January - 30 September 2014

Telehealth: Communication in Health Care

ComSignTrust e-signing Solutions

Forward proxy server vs reverse proxy server

BEYOND IDENTITY PROOFING: How EHRs Can Become More Than Just Vendors

How to Use ISO/IEC with Arbitrary Smart Cards

CRITICAL ILLNESS CLAIM FORM

Privacy, Security, and Trust with Federated Identity Management


German Health Professional Card and Security Module Card. Part 3: SMC Applications and Functions

Healthcare Careers. Certified Pharmacy Technician

German Health Professional Card and Security Module Card. Part 2: HPC Applications and Functions

Core Fittings C-Core and CD-Core Fittings

ETSI TS : Electronic Signatures and Infrastructures (ESI): Policy

Methods available to GHP for out of band PUBLIC key distribution and verification.

CONTINUING EDUCATION REQUIREMENTS FOR MICHIGAN PHARMACY TECHNICIANS

JOB ACTION SHEETS Position

Co-Pay Assistance Program for CUBICIN (daptomycin for injection) for Intravenous Use Enrollment Form

David A. Wang, MD Primary Care Sports Medicine Physician PRINT NAME: ADDRESS: DOB: AGE: SEX: SS# HOME: MOBILE PHONE: WORK: FAX:

Designing a Windows Server 2008 Applications Infrastructure

PHARMACY TECHNICIAN SERIES

Procedural Notice pursuant to the Health Insurance Law (No 11 of 2013) of the Emirate of Dubai Procedural Notice Number 1 of 2015 (PN 01/2015)

Using CertAgent to Obtain Domain Controller and Smart Card Logon Certificates for Active Directory Authentication

TITLE: Processing Provider Orders: Inpatient and Outpatient

Z Take this folder with you to your

fulfils all requirements defined in the technical specification The appendix to the certificate is part of the certificate and consists of 6 pages.

An Open ecard Plug-in for accessing the German national Personal Health Record

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust

Nortec. ACT Now! Nortec EHR. Qualify & Receive $44,000. An Integrated Electronic Health Record Software.

E-Health in The Netherlands

Specialty drug program. Save time. Save money. Feel good.

A European Medicines Verification System

Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services Course No.

YOUR UBANK USAVER SMSF.

Certification Report

User Management Interfaces for Earth Observation Services Abstract Test Suite

Get access to health care around the world. Blue Shield and UC help expats, their families, and travelers access health care abroad

3.Prescriber DEA: 4.Board Registration Number: 5.Business Tel:

Strategies for Development and Adoption of EHR in German Ambulatory Care

USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS [45 CFR ]

SMC7004ABR Barricade Broadband Router Installation Instructions

MedMail User Manual. Contents. 1.0 Introduction. 2.0 Installing the system. 3.0 Program operation

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

E-Signature. The Pharmacy Perspective

11 MEDICATION MANAGEMENT

Lesson 2: Health Professions

How To Write An Eprescription In Dubai

Delegation of Services Agreements Change in Regulations

Using certificates as authentication method for VPN connections between Netgear ProSafe Routers and the ProSafe VPN Client

Administering Windows Server 2012

Electronic Prescription Service. Guidance for community pharmacy contractors on implementing Release 1

Nortec. ACT Now! Nortec EHR. Qualify & Receive $44,000. An Integrated Electronic Health Record Software.

Outline SSS Configuring and Troubleshooting Windows Server 2008 Active Directory

AEHR (Allscripts Electronic Health Record) Course Descriptions

Administering Windows Server 2012

Continuity of Care Record (CCR) in Germany? PROREC activities on the way to EHR interoperability

between and U.S. CUSTOMS AND BORDER PROTECTION (CBP)

PDMP User s Guide. Oregon Health Authority Prescription Drug Monitoring Program

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

View from a European Trust Service Provider Server Signing: Return of experience and certification strategy

This is a training module for Maximo Asset Management V7.1. It demonstrates how to use the E-Audit function.

JOB DESCRIPTION. JOB TITLE & BAND: Lead Pharmacy Technician, Education & Training -Band 5. Pharmacy Department, Altnagelvin Hospital

Certification Practice Statement

SOOKASA WHITEPAPER SECURITY SOOKASA.COM

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

This guide was designed for employees in the University System of Georgia Indemnity HealthCare plan who reside abroad

Transcription:

Data protection vs. access convenience card-to-card-authentication: the approach of choice Dr. Stefan Buschner gematik - Gesellschaft für Telematikanwendungen der Gesundheitskarte mbh Friedrichstraße 136 10117 Berlin 11.09.2008

Aim: Interconnection of all participants Hausärzte Krankenhäuser Apotheker 270 Health Insurances Rehabilitations- Einrichtungen 2.200 Hospitals 20.000 Pharmacists 195.000 Physicians/Dentists 80 Million insurants Fachärzte 1.000.000.000 prescriptions annually! Zahnärzte Musterkasse egk Sonstige Leistungserbringer Versicherte Psychotherapeuten

egk context Gesellschafter BNetzA BMG BSI BfDI egk Industrieverbände HBA Telematikinfrastruktur Testregionen

Step-by-step introduction Functionality (offline) - insurant data (VSD) - e-prescription - emergency data Functionality (online) - insurant data, physician s letter and e-prescription - Release 2.K comfort-signature Functionality (online) - medication-interaction-testing (AMTS) - patient folder - e-prescription: hospitalization, BTM, modality - patients' terminal (ekiosk)

Telematic infrastructure AVS egk Musterk asse Musterk asse Mustername HBA KIS egk Musterk asse Musterk asse Mustername Mustername Mustername HBA PVS egk Musterk asse Musterk asse Mustername Mustername HBA SMC/A A Kartenleser SMC/A A Kartenleser SMC/A A Kartenleser SMC/B B Konnektor SMC/B B Konnektor SMC/B B Konnektor DSL/ ISDN/ Internet DSL/ ISDN/ DSL/ ISDN/ VSDD (div.) Fachdienstschnittstelle Mehrwertdienstschnittstelle Zugangsdienste DNS Zugangsdienste DNS Zugangsdienste DNS Zugangsdienste DNS NTP NTP NTP NTP Zugangsdienste (gematik) T-Systems Front End T-Systems Broker Broker Trusted Services Broker Broker Trusted Services Broker Broker Trusted Services Broker Broker Trusted Services TMS TMS TMS TMS Broker (gematik) IBM OIDD OIDD OIDD OIDD Zentrale Infrastruktur DNS & NTP (gematik) ATOS Origin DNS NTP Zentrale Infrastruktur SDS (gematik) ATOS Origin SDS Zentrale Infrastruktur Audit (gematik) IBM Audit Zentrale Infrastruktur (gematik) D-Trust TSL/TCL Zentrale Infrastruktur (gematik) n.n. Back End T-Systems Update-Service Primärsysteme Update-Services Konnektor / Terminal Alte non-ti-services (Abrechnung etc.) Zeitdienst VODD (KBV) MPLS Telematik- Netz T-Systems -Anbieter egk -Anbieter HBA + QES DNS NTP Broker Trusted Services TMS OIDD Komponentenzertifikate -Anbieter SMC B KT Konn VPN Broker -Anbieter Services

Cards Cards of the telematic infrastructure: egk: electronic health card Insurant data medical data Keys and certificates (X.509 und CVC) HBA: electronic health professional card Keys and certificates (X.509 und CVC) qualified electronic signatures Personal identity Authentication C2C-Authentication to SMC and egk for setting the security level

Cards II Cards of the telematic infrastructure: SMC A: Secure Module Card A Keys and Certificate (CVC) C2C-Authentication to egk for setting the security level Installing Trusted Channel to HBA SMC B: Secure Module Card B Keys and Certificate (X.509 und CVC) see SMC A Institution identity (surgery, hospital, pharmacy) Authentication (SSL-tunnel to Broker) Message signature, decryption

CVC CVC: Card-Verifiable-Certificate ASN.1-coded certificate (ISO 7816-8) Is verifiable by a card with the help of a public CA-key Certificate without expiring date Certificate contains Certificate Holder Authorisation (CHA) CHA hallmarks the role of the user/institution 6 Byte prefix, 1 Byte profile-id D2 76 00 00 40 00 0x

Example CVC

Profile-IDs of CHA Profile Role 1 ekiosk 2 Physician, medical secretary, SMC-B surgery/hospital 3 Pharmacist, pharmaceutical assistant, SMC-B pharmacy 4 Psychotherapist (HBA + SMC B) 5 HBA healthcare therapist 6-7 Ambulance officer 8 SMC B health insurance 9 SMC B other medical personal

egk applications

egk access rules R=read, U=update, A=activate, D=deactivate, E=erase, *=+PIN.CH

egk access rules for keys and certificates R=read, I=internal authentication, S=electronic signature, V=decipher, *=+PIN.CH

Thank you for your attention!

info@gematik.de www.gematik.de

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information