Five years ago, the “new” electronic health card, the Gesundheitskarte, was introduced in Germany. It can store various cardholder data, such as previous illnesses or medication plans, which can save lives in some cases. But simply storing the data itself is not enough to achieve this - the various players in the healthcare system must also be intelligently connected to each other in order to increase both the effectiveness and the economic efficiency of medical care in Germany.

The Gesundheitskarte is probably the most well-known part of the German eHealth concept. But what does eHealth actually mean? eHealth is an abbreviation for Electronic Health and stands for the sum of applications that uses information and communication technologies (ICT) to electronically capture and securely transfer patient data in order to treat patients more effectively.

Since 2016, the E-Health-Act regulates the digital development of the German healthcare system. The law regulates the further development of telematics, i.e. the network infrastructure of the healthcare system - which is significantly influenced and promoted by the features of the new Gesundheitskarte. Fraunhofer FOKUS has conducted research on various aspects of the German eHealth infrastructure in recent years and can therefore rely on extensive experience, even for future developments. 

The network of participants of the eHealth infrastructure is referred to as “telematics”. This is a portmanteau word consisting of two words, which simultaneously provide a definition of “telematics”: Telecommunication and informatics. Telematic is therefore the computer-based communication between at least two information systems. The term is not used in the eHealth sector exclusively, however, it is omnipresent in this area.

In the recent past, the development of the infrastructure has been driven significantly by the gematik GmbH which was founded in January 2015. The German Federal Ministry of Health is its main shareholder, but the German Medical Association, as well as hospital associations and health insurance associations, are also involved. Within the gematik GmbH, key actors in the eHealth infrastructure are working on improving the interoperability of the health care systems. The development of the eHealth infrastructure was put out to tender by the gematik GmbH and advanced by T-Systems and the CompuGroup Medical in initial projects. Nowadays, however, several other companies are represented, which allowed for the creation of an active market with many subsectors. All companies that would like to contribute to the development of the infrastructure, however, are subject to certification by the gematik GmbH.

The communication between the medical actors starts with the electronic Gesundheitskarte, which is presented at the doctor’s office by the patients. Via the card terminal, the data is transmitted to the network through a so-called connector, which is the telematics network’s counterpart to the router in private households. The connector is thus also responsible for the secure connection between the medical personnel and the rest of the telematics infrastructure and therefore requires high quality standards. On the one hand, the functionality of the device must be guaranteed at all times, as failures can lead to economic as well as medical consequences. For the same reasons, the security of the connectors against external attacks must be ensured. As with all participants of the telematics infrastructure, a high level of interoperability between the different providers is also required in order to securely connect the different actors of the health care systems for the benefit of the patients.  

A repeated criticism of the increasingly networked medical telematics infrastructures is the fear that unauthorized third parties might be able to view and even manipulate patients’ medical data. This criticism must, however, be countered: Firstly, no additional data is collected or stored because of the increasing networking between patients, doctors, and health insurance companies. The data, which had been saved locally at one doctor’s office anyway, is only made accessible to other doctors and medical specialists via the network, which leads to a number of benefits. This does not only allow for a more sustainable and paperless communication, but also helps to avoid possible mistakes in the transfer of information from patients to specialists. It must also be noted that the providers of the telematic network devices cannot access the encrypted and sensitive patient data themselves. The access is reserved exclusively for the medical actors involved, the developers are not technically able to do this. The encryption of the data is carried out via cryptology. The so-called “public key infrastructure“ (PKI) is mainly used for this task. The PKI is an asymmetrical approach to encryption, where the sender of data must know the so-called public key of the receiving party prior to transmitting the encrypted data. Using the receiving party’s private key, the data can then be decrypted and read exclusively by them.

In addition to the traditional participants of the health care system such as general practitioners, specialists, and hospitals, as well as health insurance companies, a number of new actors such as eHealth startups are entering the health care system that advance and enhance the possibilities of the telematics network. 

Even within medical facilities such as clinics and hospitals, digitally networked medical devices are indispensable. The internal communication system, which connects the medical devices, is abbreviated as HIS (Hospital Information System). Yet even within the clinics, there are different manufacturers of medical devices for the many different areas of applications, which means that the communication among those devices is a major hurdle, as they often cannot communicate natively with each other. A simplified example shall illustrate the problem: In a text file, which is handed out by a device of provider A, contains the height of a patient in the first column in centimeters and his weight in kilograms in the second column. Since the fictitious provider B from the United States by default saves those two values in the reversed order and additionally in pounds and inches, the communication between those devices may fail. Many illnesses, though, require a coordinated approach of medical devices. 

In order to guarantee interoperability as far as possible, the „Health Level 7“ (HL7) standard has been established internationally. This is a collection of communication standards developed specifically for the health care sector. In addition, several users, providers, and developers in the field of medical devices joined forces in the international standardization committee “Integrating the Healthcare Enterprise“ (IHE) and developed reference profiles based on the HL7 standard in order to standardize the protocols of the devices and therefore enabling coordinated communication between them.

At the “Connectathons”, hosted annually by the IHE, many providers of medical hard- and software meet. The goal at these physical meetings is to prove that the manufacturers are able to communicate with as many other devices of the participating companies as possible. If the transmission and communication with a pre-defined number of participants is successful, a certificate of interoperability is issued to the manufacturer. While the approach of the Connectathons is by no means without fault and there are several points of criticism – after all, it is only proven that the applications can communicate under laboratory conditions for the duration of the event – they are nevertheless an attempt at standardizing the highly fragmented eHealth industry.

To test and improve the interoperability of medical devices, the eHealth Interoperability Lab was founded at Fraunhofer FOKUS several years ago. This allows for the realistic simulation of test scenarios and therefore the testing of the interoperability between the HIS and the connected devices. The HL7- test system developed by FOKUS can not only be used locally at the eHealth testlab, but also offers an automated Remote-Testing solution, with which medical devices and services can be remotely tested for interoperability and conformity. The security test method of fuzzing, based on the FOKUS developed tool Fuzzino, was also added to the Fraunhofer eHealth test system. The fuzzing method enables extensive testing of communication-based on automated and random input and can thereby reveal unknown security gaps. This way, problem areas can be discovered which would never be detected in standard everyday use. In the past, FOKUS scientist Steffen Lüdtke repeatedly attended the IHE Connectathons as a guest and demonstrated the test system developed by FOKUS within the context of the eHealth-Lab. He was able to test the companies' data transmissions for security gaps by interposing himself between the companies' connections.

Fraunhofer FOKUS also has many years of experience in the area of quality assurance of connectors. Tests for more complex applications such as the “qualified electronic signature” (QES) or the EPA were developed by FOKUS, for example. The QES allows the signing, as well as the encryption of confidential documents. For this purpose, FOKUS developed automated tests based on the test-language TTCN-3, which can also be started and interpreted by non-experts in the area of software testing, such as medical personnel.

FOKUS has also developed the Java-based card terminal simulator KT-SIM. This simulator allows avoiding a number of problems that could occur when testing the infrastructure in physical form. For example, the PIN of the Gesundheitskarte does not need to be entered manually for every test-cycle. Instead, this process is automated which eliminates human error and saves time. The KT-SIM can be used for functional testing, conformity testing, load- and performance testing, security testing, as well as robustness testing. From a technical point of view, the “secure interoperable chip card terminal” (SICCT) protocol is simulated, which represents the universal standard for chip card terminals.