Risk Evaluation and Security Analysis of the Clinical Area within the German Health Information Infrastructure
Health and Technology, Vol. 2, No. 2 (June 2012), pp. 123-135
Posted: 28 Sep 2012
Date Written: June 1, 2012
Germany is currently introducing a nationwide health information infrastructure. This infrastructure connects existing information systems of various service providers and health insurances via a common network. An essential step towards the implementation of this system will be the introduction of an electronic health care smart card (eHC) for patients and a counterpart health professional card (HPC) for care providers. This article provides a risk analysis on the handling of these cards by both patients and physicians from an organizational point of view. On the basis of the information security audit methodology of the Federal Office for Information Security (BSI), the currect security status of German healthcare telematics on the clinical side is evaluated. For this purpose, an appropriate framework specifically designed for the clinical area is first developed and explained in detail. Based on these perceptions it is possible to precisely check the workflows “patient admission”, “accessing emergency data” and “prescription of medicine” for inherent organizational threats. As a result, we proposed appropriate steps to mitigate potential risks and derived valuable hints for future process re-engineering by the introduction of the new smart cards in hospitals.
Keywords: Electronic health card, eHealth, Organizational risk analysis, Information security management
Suggested Citation: Suggested Citation