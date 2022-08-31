The withdrawal of the Schleswig-Holstein panel from the test phase of the e-prescription is causing a stir. Westphalia-Lippe could also end the project soon.

The sending of 2D codes for e-prescriptions via e-mail and SMS is not permitted. Marit Hansen, Schleswig-Holstein’s data protection officer, explains this against the background that the state’s panel doctors no longer “actively support” the test phase for the e-prescription – until Gematik offers “less bureaucratic ways”. The data protection officer came to the conclusion that with the help of an intercepted code, the “centrally stored complete medical prescription with the name of the insured person, their date of birth, contact details of the doctor, date of issue of the prescription and the prescription drugs” can be viewed without authorization using certain apps be able.

According to this, two ways are specified and defined as secure transmission options nationwide: The e-prescription can be accessed electronically via the app of the same name with a smartphone and a version 2.1 health card. Alternatively, a printout can be made.

In addition, Hansen points out the secure transmission path with KIM – the encrypted e-mail service for communication in the medical sector. “Anyone who relies on an insecure alternative creates a risk for the people concerned and would even take away the incentive to use the systems developed for this purpose with appropriate protection,” Hansen clarifies. However, many QR code-like 2D codes have already been sent unencrypted by email to pharmacies and patients.

Because half of all e-prescriptions issued nationwide came from Schleswig-Holstein by the beginning of May, as the local manufacturer of practice management software (PVS) Medisoftware writes on its website. However, the proportion was only so high because a mechanism in the software automatically decided based on the mail domain whether the 2D code was sent via the KIM service or unencrypted by email.

“Unprotected access to telematics functions”

In the period from December 2021 to August 22, 2022, this affected 15,087 emails to pharmacies, 10,356 emails to patients and 2,819 printed e-prescriptions – only 167 were redeemed via the e-prescription app. On August 22 at 12:00 p.m., Medisoftware limited the mailing of the 2D tokens to KIM.

When asked by voonze online, Medisoftware Managing Director Jan Meincke confirmed that “it was not clear that the 2D codes could be called up in plain text in any pharmacy app without further checks and controls”. In his opinion, this is “unprotected access to telematics functions”. According to Meincke, only eight out of more than 600 pharmacies have a KIM address – this means that almost exclusively unencrypted emails were sent to pharmacies. This should affect 10 to 15 percent of all e-prescriptions redeemed nationwide from December to August 22nd.

Gematik commented on this in a statement on the e-prescription to voonze online: “SMS or e-mail were never part of the Gematik specifications as secure ways of redeeming the e-prescription, but rather an individual development of the software offered by very few manufacturers industry. Gematik has already pointed out the need for regulation in this regard in the past.”

Statutory health insurance physicians and set

The Westphalia-Lippe Association of Statutory Health Insurance Physicians wants to continue to “remain on board as a test region” – but on the condition that the e-prescription can be redeemed with the electronic health card within the next three months. The National Association of Statutory Health Insurance Dentists and the Association of Statutory Health Insurance Dentists in Westphalia-Lippe are also actively testing in September. However, they expect “from Gematik and BMG […]that the e-prescription can be redeemed promptly and securely with the electronic health card in the pharmacy.”

The Federal Union of German Associations of Pharmacists (ABDA) is also prepared for the test operation: “The majority of pharmacies nationwide have already declared themselves ready for e-prescriptions, in the two starting regions of Westphalia-Lippe and Schleswig-Holstein it is even about three quarters”, informs the President of the ABDA, Gabriele Regina Overwiening. However, the ABDA is also “vehemently” committed to the fastest possible and unbureaucratic implementation of another option for retrieving e-prescriptions using an electronic health card. This path must be possible in the coming months.

However, Gematik is not planning implementation until 2023 – so far without a specific date for the start of the function that has been awaited for years. The test operation is to begin in Westphalia-Lippe on September 1st with around 250 medical practices.

E-prescription difficult to access

The official presentation of the Gematik for the e-prescription seems to give a wrong picture of how the e-prescription works to many of those involved – including the Schleswig-Holstein Association of Statutory Health Insurance Physicians (KSVH) responsible in the test region. The actual e-prescription with the patient and doctor data as well as the prescribed medication is stored on TI’s central servers. The patient receives an access token with which the actual e-prescription on the server can be identified and retrieved – a kind of URL or key. This access token comes in two variants: as a 2D code on paper or on the smartphone.

Since an NFC-enabled smartphone with at least iOS 14 or Android 7 and an NFC-enabled electronic health card are required to use the Gematik app, this cumbersome registration is to be replaced by cardless registration in 2023 using an electronic identity. This has already been implemented by the majority of company health insurance companies.

Another hurdle for users is that they have to repeatedly enter the six-digit PIN of the eGK in order to be able to call up e-prescriptions. Only Gematik is allowed to offer this app because, as a public body, it secures the supply and protects the data of the insured.

