Despite recently exposed security risks and existing implementation shortcomings, the Federal Health Ministry is adamant on starting trial operations of “Electronic Patient Records for All” (EPA 3.0) in model areas on January 15. Federal Health Minister Karl Lauterbach had announced a few days earlier that “We will introduce the EPA only if all hacker attacks, including the CCC, are made technically impossible.”
Advertisement
A letter from the Federal Association of Health IT (BVITG) to those responsible at BMG and Gematic, which is available to the editorial team, now shows that there are further challenges ahead. The letter summarizes previous negotiated agreements with stakeholders and states that the trial operation will apparently begin with only one of the two planned filing systems because one was not completed on time. Furthermore, the two file systems from IBM and RISE behave very differently, which makes interoperability more difficult.
Also, test result is available Remedies suggested by Zematic against EPA’s security deficiencies by the Federal Office for Information Security (BSI).
Organized crime: BGH accepts “Anom” chats as evidence
Subscribe to Digital Health
Every 14 days we provide you with an overview of the latest developments in the digitalisation of the health care system and highlight their impacts.
email address
You can find detailed information about the shipping procedure and your cancellation options in our data protection declaration.
“Large-scale rollout” only after risks have been completely eliminated.
According to the letter, the association will only recommend that its member companies equip participants in model areas with EPA modules in a timely manner if BSI supports Gematic’s approach with a limited number of EPA-approved institutions. It has also been clarified that certificates of conformity are not affected by the security deficiencies discussed by the CCC.
Ultimately: “Complete elimination of the technical risks identified by the CCC, confirmed by the BSI, was set as the binding criterion for the start of the large-scale rollout” as a “large-scale rollout”. This point largely matches the statement of the Federal Health Minister, even though closing the identified gaps does not mean that “hacker attacks are technically impossible”. the whole The original schedule to expand EPA 3.0 into the federal sector is no longer valid.
Given this, Bvitg showed understanding about the urgency of the January 15 start date, but “for further developments it is important to know what the medium and long-term plan looks like with respect to ePA 3.1.1 ff”. For companies, future-oriented scheduling is essential.
(Mac)
TikTok hearing in US Supreme Court: Judges are skeptical
