Get in touch

Loading...

We use HubSpot CRM to process and manage contact and information requests. Please accept the "Functional Cookies" and reload the page to load the contact form.
Insights / Healthcare

kma online: Security in healthcare – suitable for everyday use & GDPR-compliant

April 25, 2022
Author Alexander DallmerAlexander Dallmer
Director Healthcare & Public

In order to tap the potential of digitization projects in the healthcare sector, effective cybersecurity is essential. But how can hospitals, health insurance companies and associations solve their typical security challenges – with minimal effort for implementation and maintenance?

The prerequisite for the digital transformation in the healthcare sector is a reliable security of digital health data. But there are numerous risks and side effects in the German healthcare system: Often digital attacks are detected too late, or not at all. The reasons for this are usually outdated IT infrastructures and the lack of compatibility and interoperability of existing IT solutions. At the same time, the pressure is growing: Since January 1, 2022, for example, all hospitals in Germany are obliged to take appropriate protective measures for IT security.

Daily life shows that often, IT systems in healthcare are used with only one logged-in user. Moreover, they are often not locked in order to simplify the joint work of several people throughout the day and to avoid frequent logging in, logging out, switching, locking, and unlocking. Not to mention the legacy technology in medical devices and software.

IT security, data protection and GDPR with secure authentication solutions

A central identity & access management solution, ideally with passwordless authentication and the possibility of integrating legacy applications, offers considerable advantages, such as central administrability with simultaneous uniform usability for all locations nationwide. There are even cloud providers for this.

However, things get really tricky when it comes to data storage and access, as these solutions are usually located in cloud environments of global hyperscalers that are not European companies. How can such solutions be brought in line with the GDPR, in particular the problem of third country access, social data secrecy and different data protection requirements per federal state? Until now, this has meant the use of on-premise solutions, which are costly to operate and associated with licensing and support costs, or customer-specific developments with similar financial outlays.

Cloud security solutions with data storage in Germany

But there is another way to use the cloud: shared (German) data center resources as Software-as-a-Service (SaaS). With 100% data storage in Germany and no access from outside Germany (providers should not be under third-country control in terms of company law), these solutions are also no problem in terms of compliance. This also and in particular applies to underlying data centers.

Alternatives in implementation are offered by specialized SaaS service providers from Germany who offer these digitization services within the framework of regulatory requirements. A comprehensive search is worthwhile. Good starting points in the search are the provider and member lists of, for example, the German IT Security Association (TeleTrust), the German IT SME Association or the Trusted Cloud project of the German Federal Ministry for Economic Affairs and Energy. A user-friendly and DSGVO-compliant cloud identity and access management solution that meets the special requirements of the healthcare sector is Bare.ID

The German healthcare sector still has a long way to go. What's important: No digitization without IT security. Today, IT security is an important enabler and must be the basis for digitized processes throughout the healthcare sector.

Original article on kma-online.de (in German)

Related insights