Soon, all health insurers will be required by law to provide their policyholders with a secure digital identity upon request as a supplement to the electronic health insurance card (e-health card). This is stipulated by the Digital Care and Nursing Modernization Act (DVPMG). Everything is set. As of January 1, 2024, policyholders’ electronic health cards and electronic ID cards shall, upon request, receive a digital twin for their smartphone. They are intended to provide insured parties with secure access to social welfare services that process, among other things, related data, e.g. enable policyholders to view their patient records and also serve as an insurance ID with doctors and healthcare facilities.
For BARMER, too, these requirements entail an expansion of its services: a secure authentication process in future will, in future, allow policyholders to use their digital identity as a form of identification to directly access their electronic patient records and view electronic prescriptions and emergency data on their cell phones. The crux of the matter is that the telematics company (gematik) entrusted with these tasks set very high-security standards for the identification and authentication of the policyholders and for the entire duration of data access. To meet these stringent requirements, BARMER commissioned T-Systems and its partner Verimi to provide and manage maximum-security digital identities for over 8.7 million policyholders.
The gematik specification of implementing a trusted execution environment (TEE) implies that operators of an identification and authentication solution in the healthcare environment must demonstrate a technical solution that makes accessing all personal medical data impossible. Access is reserved solely for policyholders and persons authorized by them. It is, therefore, necessary to protect data not only during transmission and storage but also at the time of processing. In addition, the TEE provides for the following:
The highly sensitive social welfare data must also be processed in accordance with the stipulations set out in the German Social Code (SGB). In other words:
The introduction of digital identities allows our policyholders to have easy access to our online services with the highest level of security. We are pleased to have two experienced partners, T-Systems and Verimi, and their invaluable support in offering this user-friendly solution as soon as possible.
BARMER is developing such a solution for digital identities with its partners T-Systems and Verimi. Verimi has an established identification and authentication solution, while T-Systems ensures scalable operations in our Sovereign Cloud and in German data centers with European staff. All computing is carried out with the necessary geo-redundancy across multiple data centers, thus ensuring that German Social Code requirements for processing data are met. In addition, confidential computing ensures the required operator exclusion in compliance with gematik’s TEE specification: sensitive data is processed in specific memory regions of the processor encrypted by Intel® Software Guard Extensions (Intel® SGX), also known as Intel SGX enclaves. In the context of processing and storing data, this method prevents access – even with administrator/root privileges – to insured party data.
Following the policyholder’s registration via electronic ID, the Verimi ID wallet contains the scanned and stored ID card and the health card. Biometric processes, such as Face ID, ensure unique identification. As part of the approval procedure for interoperable user accounts of the Federal Ministry of the Interior, the Federal Office for Information Security (BSI) assessed the electronic identification process and the Verimi app-based authentication via PIN. Based on the documents submitted by Verimi, the BSI confirmed the substantially suitable level of trust in the process. The same technology – with appropriate modifications – is also used by BARMER.
With the BARMER-App and related online services, the health insurer already had an excellent digital service portfolio. In the future, BARMER policyholders will also be able to view their own patient records and e-prescriptions, for example, in the familiar app environment. As far as digital identities are concerned, BARMER is thus taking its policyholders a significant step ahead and, in addition, offering them the option of direct and secure authentication with their cell phones. The benefit: a secure process without usernames, passwords, and multi-factor authentication. The digital mapping and use of service processes in the health environment are simplified considerably.
With this initiative, BARMER is assuming a pioneering role in the healthcare industry – it is developing a solution at an early stage to meet the upcoming legal and security requirements. At the same time, the solution is going to be as user-friendly as possible. BARMER’s offering is therefore expected to be particularly attractive to many new customers.
“The introduction of digital identities allows our policyholders to have easy access to our online services with the highest level of security. We are pleased to have two experienced partners, T-Systems and Verimi, and their invaluable support in offering this user-friendly solution as soon as possible”, says Roland Bruns, Head of IT at BARMER. The initiative sends a clear message to the entire industry and beyond to other market segments across Europe.
BARMER is one of the largest statutory health insurers in Germany. With over 8.7 million policyholders and around 14,000 employees, BARMER is one of the leading health insurers in Germany. The insurer covers treatment and care, launches initiatives for encouraging a healthier lifestyle and offers numerous services online. The award-winning BARMER-App offers policyholders a practical option to manage everything online. This includes, for example, conveniently filling out and sending forms, scheduling, and organizing preventive care and vaccination appointments, and viewing policyholder data.