Secure Digital Health Care
Modern medical healthcare requires the support of digital processes. High standards of data protection and IT security are of great importance for the acceptance of the people involved.
Corporate PKI for Telematics Infrastructure
The gematik (Association for Telematics Applications of the German Health Card) has integrated the use of asymmetric cryptographic procedures in the form of a Public Key Infrastructure (PKI) into a set of technical and organizational regulations. This specifies the requirements for the creation and management of certificates and their validation within the framework of the Telematics Infrastructure. The PKI is responsible for the secure handling of business processes in the healthcare sector. Important tasks are:
- Authentication of actors towards systems, components and services
- Creation and validation of digital signatures
- Encryption and decryption of data
The MTG Corporate PKI can be configured to meet the requirements of gematik and can thus be operated by the participants of the Telematics Infrastructure in compliance with the regulations. Upon request, MTG monitors and manages the operation of the PKI in the selected data centers.
Key Management System
Business processes in the healthcare sector require the usage of certificates and keys. MTG's cryptographic key management system provides an overall view of the key material deployed in various areas of the company and manages them centrally. The administration of all keys at a central and secure location prevents unauthorized access as well as the monitoring and control of the validity of the certificates and keys being used. Against this background, a central KMS is becoming increasingly important and indispensable for the implementation of cost-efficient IT security lifecycle management in the healthcare sector.
Hardware Security Modules
for the Telematics Infrastructure
For secure connectivity and the secure exchange of information between all actors in the healthcare system, gematik requires the use of hardware security modules at various points in the telematics infrastructure (e.g. for ePA - electronic patient records). Depending on the requirements and the field of application, MTG offers appropriate HSMs from different manufacturers. For their compliant operation, our experts offer comprehensive consulting services and develop special concepts for our customers.
The consulting service includes the organization, documentation and administration of all HSM-relevant processes as well as technical support during the start-up and integration into the respective infrastructure. Additionally, a special module for the key generation service (SGD HSM) has been developed for the Utimaco HSM.
Individual data and, in particular, sensitive medical data of patients must be protected from unauthorized access at all times. gematik relies on strong information security mechanisms to enable secure, encrypted communication with clearly identifiable participants and to sufficiently secure access to sensitive information. Companies that provide services within the telematics infrastructure must implement these requirements and have them audited frequently.
MTG advises companies that are to be connected to the telematics infrastructure on the organizational structure, documentation and implementation of the requirements and on the use of PKI, KMS and HSM.