130,000 special hardware routers intended for the secure exchange of patient data between doctors, clinics, pharmacies and insured persons are to be replaced. This means that the health insurance companies incur costs of 400 million euros – at the expense of the insured. However, analyzes by c’t have shown that there are alternative solutions that do not require expensive hardware replacement. We have detailed this in several articles:
- 300 million grave without valid reasons
- Gematik defends connector replacement, panel doctors demand re-evaluation
- In the maze of the security requirements of the telematics infrastructure
- Gematik against reassessment, doctors continue to demand clarification
Gematik bricks
Gematik defended the connector exchange and also opposed a reassessment, such as a certificate extension that would have resulted in a term until the end of 2025. The Gematik pointed out that “the alternatives to a connector exchange were discussed in the decision-making process of the shareholders”. Among other things, the National Association of Statutory Health Insurance Physicians (KBV) raised doubts when they questioned whether the facts presented to the Gematik shareholders were complete.
We then asked Gematik for documents and minutes of the relevant shareholders’ meeting for our research. However, our request for information was rejected by Gematik with reference to the confidentiality of information and fear of a loss of acceptance:
“In addition to reputational risks, the risk of a loss of acceptance of the products or a reduced willingness to use the components and services of the telematics infrastructure should be mentioned as imminent disadvantages that justify Gematik’s interest in confidentiality.”
So we don’t receive any information to be able to check whether Gematik actually put all the alternatives up for discussion at the shareholders’ meeting – especially the possibility of extending the certificate, which does not require a hardware replacement.
Since we have exhausted all journalistic means and we do not have enough time for further research due to the upcoming connector exchange, we have decided to contact Federal Minister of Health Prof. Dr. Addressing Karl Lauterbach directly in order to avert major financial damage to the community of solidarity:
Open letter to Karl Lauterbach
Dear Prof. Dr. Lauterbach,
An unnecessary replacement of the 130,000 connectors for the connection to the telematics infrastructure of the healthcare system is currently imminent. In order to finance this exchange, the central association of health insurance companies and the statutory health insurance companies have negotiated a sum of 400 million euros.
Instead of replacing the devices and continuing to burden the insured, we propose the following solution after extensive research and technical analysis by experts:
- Term extension of the crypto certificates until 2025 through a software update of the connectors to at least product type version 5 (PTV 5), the until October 1, 2022 must be implemented.
- Obligation of CompuGroup Medical (CGM) to update to PTV 5 until the above date; the connector manufacturers Secunet and RISE have already provided the update.
This ensures that the connectors will continue to operate until the planned launch of telematics infrastructure 2.0 (TI 2.0) in 2025; the latter should manage without special connectors. Should the TI 2.0 be further delayed, we see the following solution:
- Generation of new key pairs using elliptic curve cryptography (ECC) in existing connectors as a successor to the previously permitted RSA cryptographic method
Only immediate implementation avoids the exchange of further connectors – while maintaining the security level required by the Federal Office for Information Security (BSI).
We want to find out why Gematik ignores this obvious solution and rejects our requests for specific information and submission of the logs. We are therefore contacting you directly, Prof. Dr. Lauterbach, because we need the logs in order to be able to check whether the possibility of extending the certificate was actually sufficiently informed at an early stage.
When discussing the connector exchange, it becomes clear that Gematik is not aiming for a cost-effective, quick and secure solution for the solidarity community. The more time you let pass, the more connectors need to be replaced unnecessarily. We therefore ask you to take on the topic personally in order to relieve the community of solidarity.