Sick leave, medication and contact data from the doctor online and thus centrally retrievable – sounds practical? It certainly is. But how secure is the electronic patient file?
After all, nobody wants sensitive data on health and well-being to be accessible to everyone. After all, data storage is the Achilles verse for many operators. That proves alone the numerous, become well-known data thefts.
The electronic patient file is coming!
The statutory health insurance funds in Germany are obliged to introduce electronic patient files (ePA) by 2021 at the latest. All important health data are to be stored and accessible online in these files. Our current Health Minister Jens Span (CDU) is pressing ahead with this project:
Accordingly, findings, diagnoses, therapy measures, treatment reports and vaccinations are to be stored centrally in the ePA. At the35th Chaos Communication Congress (35C3), which recently took place in Leipzig, current apps for patient files were examined. Martin Tschirsich was able to find critical security gaps – despite numerous certifications. Doubts about the effectiveness of the seals of approval grow with every incident. But organizations are also investigating these types of apps from different motivations.
Apps have gaps –
for the electronic patient file of the coffin nail!
The App Vivy, which was financed by health insurance companies, also revealed numerous security gaps. The communication between doctor and patient is inadequately protected. A 5-digit session ID consisting of lower-case letters is used for this purpose.
With a simple brute force attack, Tschirsich has already succeeded in reading out the name of the insured person, insured person number, picture, address, attending physician, age, gender and language. All other discovered security gaps (including all other apps) can be viewed.
The secure storage of sensitive data, such as health data, is an extremely complex project. Even taking the current state of technology into account – quantum computers and more powerful computers for cracking currently secure encryption methods – into account. Similar to DNA data, health data do not lose value.
In contrast to other (meta) data, such as addresses or telephone numbers, which change occasionally, health data is always relevant. The trend to use biometric features for authentication is the problem.
Once the fingerprint is stolen, it is difficult to “re-set” it. A PIN or passcode is easier to exchange. After all, information about sensitive and/or chronic diseases, such as HIV, should not be included in any public database .
There is still a lot of work to be done on the electronic patient file.
“Just do it” – in some situations a good suggestion. However, more attention (and monetary resources) should be provided for the electronic patient file. Otherwise, the project can be classified in the beA (special electronic lawyer’s mailbox) and the electronic identity card. Projects that were doomed to failure before they were launched.
This post is also available in: Deutsch (German)