IT-Security : Gematik commissions EY with zero-trust implementation for TI 2.0
The future digital agency for the healthcare sector, Gematik, commissions EY with Zero-Trust for TI 2.0 for more IT security in the healthcare sector.
(Image: TippaPatt/Shutterstock.com)
Gematik, which is responsible for the digitalization of the healthcare system, has commissioned EY Consulting to implement "the central zero-trust software components" for the zero-trust architecture of TI 2.0. This follows a security approach in which no access to systems and data is considered trustworthy –, not even from within the company's own network, in line with the motto "Trust no one, check everything". The aim is to create a more robust, flexible and user-friendly TI (telematics infrastructure) that meets the high requirements for data protection and IT security in the German healthcare sector.
Every access to the TI – is to be verified regardless of the user, device or location –. In theory, this promises more protection for sensitive healthcare data. Practical implementation in a highly complex system such as the TI is not without its challenges –, particularly in terms of user-friendliness and smooth operation.
Proof of patient presence
The new architecture is to be used from mid-2026 – initially as part of Insured Person Master Data Management 2.0 (VSDM 2.0) and with the previously announced "Proof of Patient Presence" (PoPP), which is intended to ensure greater security when accessing the ePA by checking the presence of the insured person, for example. "The Proof of Patient Presence is the digital proof that insured persons are actually in a medical care situation at the time of accessing a TI application – such as the electronic patient file (ePA) –," Gematik states.
Videos by heise
Medical facilities such as doctors' surgeries and pharmacies will be the first to switch to the new architecture, with insured persons also receiving secure access via mobile devices at a later stage, for example to the health ID. According to Gematik, the complete conversion of all TI services is planned by 2029.
It will be interesting to see how well service providers' existing systems will harmonize with the new components. Although practice management systems and apps for insured persons will be able to continue to be used, the technical reality could require further adaptation.
(mack)
