Pharmacist holding a card in her hand

The technical components of the Telematics Infrastructure

The healthcare sector is becoming increasingly digital. However, the Telematics Infrastructure (TI) still cannot function entirely without hardware—although this will gradually change with the introduction of TI 2.0. Currently, the most important technical components for digital networking are card terminals and connectors. In addition, smartcards such as eHPC and ePC for healthcare providers, as well as SMC-B or SM-B for practices, pharmacies, hospitals and other institutions, are required.

Authentication made easy: the card terminals

eHealth card terminals fulfil various functions. Some are only used to read the electronic health cards (EHC) of insured persons. Most card terminals, however, also enable authorised healthcare providers to access applications of the Telematics Infrastructure such as the electronic patient record (ePA) or the electronic sick note (eAU -certificate of incapacity for work). Card readers are indispensable for accessing the specialised applications of the Telematics Infrastructure. They are used to read the relevant smartcards, which prove the authorisation of service providers and institutions.

The smartcards  SMC-B and SM-B are intended for institutions – i.e. medical practices, hospitals, rehabilitation and preventive care facilities, pharmacies, health insurance funds, and medical supply companies. Healthcare service providers must also authenticate themselves via the card terminals. For this purpose, they require an electronic health professional card (eHPC) or professional card.

Depending on the size of the institution, it should be considered how many stationary card terminals are actually needed as end devices. Alternatively, there are mobile card terminals, on which individuals must authenticate themselves with their eHPC and institutions with the SMC-B. However, such smartcards will soon become obsolete, as will mobile terminals: In TI 2.0, both individuals and institutions will receive digital identities, which they can use to identify and authenticate themselves to the telematics infrastructure.

Doctor with tablet

Who needs an eHPC or ePC?

Anyone wishing to use the telematics infrastructure must prove they are authorised to do so. Those working in a health profession do this with an electronic health professional card (eHPC). Those employed in the healthcare- related trades require an electronic professional card (ePC In both cases, these are currently physical ID cards in cheque card format. Whether eHPC or ePC, the cards must be activated via a card terminal.

All information about the eHPC

To the eHPC product page

Doctor at the computer

The SMC-B and SM-B practice and institution cards

An eHBA or eBA alone is not sufficient to log into the telematics infrastructure. An institution or practice card is also required. This is how practices, clinics, rehabilitation and preventive care facilities, pharmacies, medical supply companies and, not least, health insurance companies authenticate themselves. This institution or practice card is available as SMC-B or as its hardware-independent variant SM-B.

All information about the SMC-B

All information about the SM-B

doctor with tablet

The TI remote signature

Currently, a card terminal and eHBA are required for a qualified electronic signature (QES). This is about to change. The EU’s eIDAS Regulation has established the legal framework for a remotely triggered, legally secure signature for signing electronic documents such as electronic doctor’s letters. With the TI remote signature, authorised service providers can sign documents with a qualified electronic signature independently of hardware, i.e. without an eHBA and card terminal. Secure authentication when triggering the signature is ensured via two-factor authentication (the sign-me-2FA app or SMS-TAN). 

All information about the TI remote signature

 

Specialist applications of the telematics infrastructure, such as the electronic patient file, can only be used if both parties – individual and institution – have authenticated themselves via the card terminal. All of these smartcards can be ordered via the eHealth Application Portal from D-Trust, a subsidiary of Bundesdruckerei.

Graphical representation of a network

Encrypting information securely: the connectors

Connectors function similarly to routers, but with a significantly higher security level. In addition to approval by gematik (the National Digital Health Agency), each model also requires certification by the Federal Office for Information Security (BSI). For security reasons, the service life of the connectors is limited to five years, after which a connector replacement is required.

 Connectors are linked to the stationary card terminals. In addition, there is a connection to the pharmacy, hospital, or practice management system (AVS, KIS, PVS) for secure transfer of patient information from the ePA (electronic patient file) into TI applications, such as the management of insured basic data (VSDM) or emergency data management (NFDM). 

The data transmitted within the digitally networked healthcare sector is sensitive. No one may access it unless they are authorised to do so. Therefore, information such as electronic doctor’s letters (eArztbriefe) is exchanged via a Virtual Private Network (VPN), in which all health data is encrypted. This task is handled by the connectors. 

Communication between all parties is encrypted using a cryptographic procedure developed by the Federal Office for Information Security (BSI). This multi-stage process is regularly updated in line with the latest technological developments to ensure it meets the highest security standards at all times. This guarantees data security.

Learn more about digital security

Institutions that wish to operate without their own connector – for example medical practices or pharmacies – can also obtain TI access as a service from certified providers. These providers, known as TI gateway providers, are responsible for operations and data protection. The first TI gateway solutions have already been approved by gematik.

However, larger hospitals and comparable institutions will not be able to do without connectors for telematics for the time being. Nonetheless, soon each of these institutions will only need a single (high-speed) connector.

Connectors will become obsolete once the highly secure Zero Trust architecture is introduced as part of Telematics Infrastructure 2.0, which will raise data protection and data security to an even higher level.

Further information

Image of the eHBA (electronic health professional card)
Article
Everything you need to know about the electronic health professional card (eHPC)

Through the electronic health professional card (eHPC) healthcare professionals obtain personalised access to the telematics infrastructure (TI). This allows them use of the various TI specialist applications.

Senior Woman and Nurse at a Computer
Article
Data Protection and Security in the Telematics Infrastructur

Patient data is highly sensitive. Protecting it appropriately is not only essential for its security but also for the success and acceptance of the telematics infrastructure in the healthcare sector. Standards for data protection and security for all healthcare data are continually being raised.

People with tablet and documents
Article
Applications in Telematic Infrastructure: All That’s Included in TI

The goal of the telematic infrastructure (TI) is to provide a secure digital network for all participants involved in medical care – including patients. Thanks to the telematic infrastructure, medical information can be exchanged without loss of time or data. In order to achieve this, a range of applications are available for different tasks.

Frequently Asked Questions about the Technical Components of the TI

Digitalisation is changing many processes in the healthcare sector. Naturally, this raises questions. Here we answer some of the most common questions regarding the technical components of the Telematics Infrastructure.

Currently, the TI consists of the following four components: 

  1. A connector links healthcare providers within the Telematics Infrastructure, which is especially protected by a VPN (Virtual Private Network).
  2. The eHPC/ePC identifies the holder within the TI as a member of a specific professional group.
  3. Healthcare institutions must also authenticate themselves. This applies to medical practices, hospitals, rehabilitation and preventive care facilities, pharmacies, health insurance funds, and medical supply companies. You will need an institution card known as SMC-B or SM-B in the form of a smartcard. All of these smartcards can be ordered via the eHealth Application Portal operated by D-Trust, a subsidiary of Bundesdruckerei.
  4. eHealth card terminals recognise both eHBA and eBA, as well as SMC-B or SM-B. If authentication is successful, the card terminal connects to the connector, thereby enabling use of the Telematics Infrastructure. Depending on the model, the card terminals can also read the electronic health card (EHC) of insured persons.

Connectors perform important functions within the Telematics Infrastructure in healthcare: They ensure data security and data protection when exchanging information about insured persons. Technically, they are similar to conventional internet routers, but with a significantly higher level of security, as these connectors operate within a VPN (Virtual Private Network). 

Connectors are connected to the card terminals required for authenticating employees and institutions. In addition, there is a connection to the hospital, pharmacy, hospital or practice management system (KIS, AVS, PVS).

Currently, this is not yet possible, but this will change with the introduction of digital identities in Telematics Infrastructure 2.0. In the future, medical professionals will be able to identify themselves using their smartphones instead of the electronic health professional ID card (eHPC). Institutions such as practices, care homes, hospitals and pharmacies will also receive digital identities. As a result, SMC-B and SM-B will become obsolete.

Institutions such as practices, clinics and pharmacies can also obtain access to the Telematics Infrastructure (TI) through renting it as a service. These providers, known as TI gateway providers, are responsible for operations and data protection. As the National Agency for Digital Medicine, gematik has already approved the first TI gateway solutions.