gematik approval only with security certificate

Our project work focuses on the digitalization of the healthcare sector. The connection to the telematics infrastructure (TI) plays a decisive role here. It will play a key role in making healthcare in Germany safer, of higher quality and more efficient in the future. A challenging task for all players in the healthcare market. In particular, because various legislative regulations have to be taken into account: for example, the Digital Care Act (DVG) or the Patient Data Protection Act (PDSG), to name just two.

An approval procedure from gematik is required for each service that is to be deployed and used. These include central services, specialist services, services for secure transmission procedures, providers of these telematics infrastructure services and other applications that may affect the TI. Users must also be connected to the telematics infrastructure.

As part of the approval procedure, security suitability must be determined by an independent assessment of the technical and organizational measures implemented by the applicant in accordance with gematik’s specifications. With their expertise and experience, our consultants ensure that the implementation of all gematik requirements runs smoothly.

The introduction of the telematics infrastructure opens up many opportunities to optimize customer service and processes. At the same time, obligations and requirements of both a technical and organizational nature must also be fulfilled. Whether this involves obtaining the standardized health insurance number, fulfilling the future obligation to report to the implant register, providing ePA, TIM or e-invoices. Our knowledge of work processes and IT procedures is always an elementary component of process automation. This is our core competence. Profit from it!

The potential of the electronic patient record (EPR) for healthcare, for example, is huge. We support you in the identification, further development and gematik-compliant documentation for provider approval.

The electronic patient file (ePA)

Since January 1, 2021, health insurance companies have had to provide their policyholders with an electronic patient record (EPR) on request. From July 1, 2021, all panel doctors and psychotherapists will be able to read and fill in electronic patient files.
The ePA is an application of the telematics infrastructure (TI). The ePA is a central element of networked healthcare. Patient data that was previously filed or stored separately in different locations such as practices or hospitals is to be merged digitally. All relevant information about a patient, such as findings, diagnoses, therapy plans, treatment reports, medication plans and emergency data, can be stored in the ePA and made available to the attending doctors, pharmacists and therapists as required.

High safety requirements

As the data processed as part of the ePA is health data with very high protection requirements, high demands were already placed on the systems and processes during the design phase. Patients should retain complete control over their data. Only they decide how they want to use the data stored in the ePA and to whom they want to make it available. Patients can grant or revoke access authorizations to the data in the ePA at any time. Patients can also decide which data should remain stored in the EPR and which should be deleted.

In order to be able to use the ePA, the necessary technical requirements must be created on the service provider side (TI connection, update of the ePA connector if necessary, PVS or HIS modules, etc.). gematik provides specifications on its website.

Everything from a single source

Consulting and support services for the implementation of gematik requirements
Preparation of gematik security reports incl. Preparation and implementation
Approval by gematik
Networking projects in the medical field to improve care and care structures
Impact analysis of current legislation on their processes and strategic goals
1. determination of TI readiness and review of organizational maturity:
  • Standardized questionnaires
  • Carrying out the as-is assessment: document review, interviews and inspections
  • Joint development of solution approaches and project design for an implementation project
  • Documentation and development of recommendations for an implementation project
  • Conducting workshops to explain the results
2. realization of implementation projects:
  • Project management
  • Advice on the implementation of TI applications in compliance with all specifications
  • Advice on the introduction of an ISMS incl. Audit preparation and audit support
  • Planning and implementation of the internal audits required by the standards
  • Planning and implementation of TU safety assessments (functionally separate)

Your advantages at a glance

Tailor-made solutions
Security with regard to obtaining a provider license, but also with regard to functional technical solutions
Information security and data protection (in particular "social data protection" and "patient data protection")

Knowing what matters

Leave nothing to chance in your implementation project. We are your competent and reliable partner to provide you with manufacturer-independent support. According to Section 291a SGB V, gematik must provide an interoperable and compatible telematics infrastructure (TI). gematik ensures that the products and services offered for this purpose meet the requirements for interoperability and data security. All components, services and products used to access the telematics infrastructure are subject to approval by gematik. The same applies to service providers and operators. We advise you on the gematik-compliant adaptation and implementation of documentation, concepts and processes and support you with project management - so that you are on the safe side.