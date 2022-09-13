E-prescription on health card: CCC hacker Flüpke possible access to patient data, boss criticizes the federal data officer.

Since the “silver bullet” for the e-prescription, the app, is so complicated, Gematik, which is responsible for digitizing the healthcare system, is working flat out on another transport route for the e-prescription. Registering in the app requires insured persons to have an NFC-enabled health card (eGK) including authentication with the health insurance company to receive the PIN, and an NFC-enabled smartphone. Various difficulties arose – among other things, the necessary eGK and PIN were a long time coming.

- Advertisement -

Because the process is very complex overall, a Schleswig-Holstein manufacturer initially developed a function in its practice management system (PVS) in which the 2D token for retrieving the e-prescription from the PVS is sent to patients via an unencrypted e-mail and pharmacies were sent. The retrieval token itself contains no patient data, so it was believed that there was no problem with it being in plain text on the mail servers – the intermediate stages of the store-and-forward transport.

However, it was not considered that the contents of the e-prescription can be read by anyone with the help of “apps from the pharmacy environment” via the token. The “security concept of a closed user group” had thus failed. The data protection officer of the state of Schleswig-Holstein pointed out this gap. As a result, the mail dispatch was stopped. The Association of Statutory Health Insurance Physicians of Westphalia-Lippe (KVWL) took this as an opportunity to demand that the e-prescription can be redeemed via the eGK in November. The provisional specification of the Gematik is online.

Instead of using the various existing cryptographic authentication options of the eGK directly, in this concept the insured master data management (VSDM) is used to check the presence of the eGK in the pharmacy. This process, which was normally intended for medical practices to check the proof of insurance, produces a so-called proof of verification on the eGK. This test certificate serves as proof for the doctor when billing that the patient – ​​or the eGK – was actually in the practice. Only the respective health insurance company has the key material to check this test certificate for authenticity.

The e-prescription specialist service publishes the contents of all centrally available e- for a patient – ​​in addition to the name, address, and date of birth, the medication that allows direct conclusions to be drawn about the diagnoses – if the pharmacy software presents the health insurance number and a test certificate that is not older than two minutes. Test certificates with statuses 1 to 3 are accepted, with status 3 being created without the involvement of the health insurance company – for example in the absence of an online connection.

Responsibility currently lies with the pharmacies

- Advertisement -

According to the CCC hacker Flüpke, further security problems appear to have arisen in this process. According to Flüpke, anyone who has access to the necessary technology can only access the e-prescription data with the insurance number and proof of testing. As a result, under the interim specifications, “neither the integrity nor the authenticity of any audit evidence” can be verified. This is the responsibility of the pharmacy management systems. An examination of the data on the Gematik servers is therefore dispensed with and the pharmacies rely on the existence of the eGK. According to Apotheke Adhoc, Gematik Managing Director Leyck Dieken emphasized that he currently does not assume that pharmacies will be able to exploit the technical possibilities that have arisen in connection with the TI connection.

According to Flüpke, further security concerns lie in the lack of end-to-end encryption when processing the e-prescription. According to specifications that have not yet been published, the e-prescriptions are “transmitted to a central service, where they are stored and processed in encrypted form and accessed again in encrypted form by the pharmacy. This protects the e-prescriptions from unauthorized access.”

“It’s not a bug, it’s a feature”

According to Leyck Dieken, however, this security gap was not overlooked, an example was taken from other countries: “The remote receipt of the prescription is the main advantage […]. Therefore, this product is deliberately not end-to-end encrypted. Because we wanted this data to be accessed again for the patients.” Otherwise, no research could be carried out with the data: “We will never have structured data if we encrypt end-to-end.”

CCC requires keys for health records

- Advertisement -

Although these abusive data queries could be recorded by the pharmacy management system (AVS), according to the CCC, regular testing is time-consuming and requires technical understanding. The CCC therefore demands that patients receive a key for their health data that they can generate themselves and that end-to-end encryption is implemented.

The pharmacies are liable if unauthorized persons gain access to the TI via the AVS. According to Adhoc Apotheke, the Federal Ministry of Health (BMG) is currently working on possible sanctions. In addition, the Gematik, which is 51 percent in the hands of the BMG, should represent the interests of the patients during the decision-making process. In the past, it was repeatedly criticized that decisions were made over the heads of the doctors when it came to digitization. Only recently did the BMG announce that it intends to develop a digitization strategy using a participatory process. The CCC also expects the Federal Office for Information Security and the BfDI to take a more critical look at the specifications.

Gematik boss criticizes privacy advocates and health insurance companies

At the same time, Leyck Dieken criticized the Federal Data Protection Commissioner because he “considers all other solutions to be inadmissible” based on the General Data Protection Regulation. A four-step authentication, as is currently the case when registering in the e-prescription app, makes the system unusable. He also criticized the health insurance companies, since only 0.3 percent of the PINs for the NFC-enabled electronic health cards were distributed, which 60 percent of the insured would already have. According to Leyck Dieken, the reason for the slow assignment of PINs is that the health insurance companies want to implement their own e-prescription models.

