heise PlusAbo
Anzeige

Digital Identities: Between PIN Chaos and Hope for the EUDI Wallet

Digital identities in healthcare are currently implemented in a cumbersome way. The EUDI Wallet, currently under development, is intended to change this.

listen Print view
Karsten Klohs (achelos), Carlo Ulbrich (Nect GmbH), Pascal Jeschke (BSI) in a panel discussion

From left to right: Karsten Klohs (achelos), Isaebel Höftmann-Toebe (PAV Card GmbH), Carlo Ulbrich (Nect GmbH), Pascal Jeschke (BSI), Matthias Berger (azuma healthtech).

(Image: Marie-Claire Koch / heise medien)

5 min. read
By
Contents

Digital identities are becoming increasingly important in healthcare – for example, for the electronic patient record (elektronische Patientenakte, ePA) and the e-prescription, or for registration in the organ donor register. However, practical implementation still has significant hurdles, as a panel discussion moderated by Pascal Jeschke from the Federal Office for Information Security (Bundesamt für Sicherheitt in der Informationstechnik, BSI) at DMEA showed.

“Almost no one can keep track anymore,” said Carlo Ulbrich, co-founder and CSO of Nect GmbH, which offers the extended video identification procedure for most health insurance companies. He was referring to the multitude of different identification procedures, apps, and trust levels. Different procedures are used depending on the use case. Users typically have to register multiple times, manage various PINs, and understand different processes.

Too Many Procedures, Too Little Clarity

The fragmentation already begins at the access level: Different identity levels and procedures mean that insured individuals often don't even know when they are already using a digital identity. Dr. Matthias Berger, Co-Founder of azuma healthtech, stated that many users use their Health ID without realizing they can use it elsewhere. This is necessary, among other things, for accessing the electronic patient record and the e-prescription. However, access to products like the ePA is not sufficient, emphasized Isabel Höftmann-Toebe: “I have access and must be able to use it – with high transparency.”

Videos by heise

At the same time, the diversity of procedures hinders adoption: “If the use cases aren't there, [...] then I can't expect people to get the Health ID. So it's always this chicken-and-egg problem, [...] you have to somehow figure out how to get people to say, I'll take the effort to create the Health ID for myself,” said Berger.

Complexity Remains a Core Problem

Dr. Karsten Klohs from achelos pointed out that the Health ID also connects participants for the first time who cannot be identified through classic card solutions, which could include private individuals, for example. He warned against increasing fragmentation of identity solutions – with numerous procedures and access credentials. “27 PINs to remember,” he exaggerated the situation. At the same time, he made it clear that modern identity systems must go far beyond a one-time login: They should be continuously monitored, be able to react to unusual activities, and remain functional even if individual components fail or trust levels decrease.

The importance of resilience and fault tolerance ran through the discussion as a central theme. Several panelists pointed out that digital identities must also function during cyberattacks or system failures – not least in view of regulatory requirements such as the DORA directive for banks.

Similarly, various discussion participants pointed to the conflict between security and user-friendliness. Higher trust levels and thus more secure procedures often involve more effort for users, while low-threshold solutions do not offer the necessary protection in all cases – a particularly sensitive issue in healthcare. Ulbrich also highlighted the particular sensitivity of health data: “If health data is leaked, it's leaked.” Unlike, for example, financial data, damage here can hardly be limited afterwards.

The planned EUDI Wallet was mentioned as a possible solution. It is intended to create a unified infrastructure for digital identities in the future and simplify its use across different sectors. However, experts criticize the model with private providers and see the EUDI Wallet more as a completely state-run infrastructure – similar to the national ID card. At the same time, current security debates raise whether such systems can be implemented robustly enough and while preserving privacy. Security experts point out that even with strong cryptographic security, additional metadata can be generated that allows conclusions to be drawn about users.

Incentives and Better UX Required

In addition to regulatory adjustments, there is also a need for improvement in user guidance and incentives. Klohs, for example, brought financial incentives into play to accelerate the adoption of digital identities. He also referred to his own convenient experiences when it was still possible to request the PIN letter via an online portal. The option had been deactivated for cost reasons, and a further decision is pending. Consumer advocates have long called for the PIN reset letter to be made available again.

Read also

There was agreement that technical solutions alone are not sufficient. The crucial factor is to integrate digital identities into everyday life in such a way that they present as few additional hurdles for users as possible. Germany has powerful technologies for digital identities, was the general sentiment. However, there is still a need for improvement in adoption, user experience, and practical application.

(mack)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten