The telematics infrastructure (TI) is a platform/network that provides a basis for the secure exchange of health data in Germany and for the running of healthcare applications, such as electronic patient records and e-prescriptions.
However, a lot of manufacturers of medical software do not know when they have to fulfill which legal and technical requirements in the context of this telematics infrastructure.
This section summarizes the requirements. Details and explanations of the terms used can be found in the later sections.
Laws lead directly or indirectly (via operators) to requirements that affect manufacturers of medical software:
One of the initial drivers of the telematics infrastructure was the desire to minimize treatment errors and adverse drug side effects and interactions. The telematics infrastructure is currently taking more of a standardizing technical approach to digitization in healthcare.
The telematics infrastructure is intended to bring digital healthcare into the 21st century (in terms of technology) and to improve healthcare provision as a result.
It is intended to create the necessary conditions for:
These requirements are intended to help:
The telematics infrastructure has been described, in simple terms, as a data highway for the healthcare system (e.g., by the KBV). This infrastructure consists of hardware and software that must follow common rules (e.g., on interoperability).
The hardware in the TI includes:
The software used in the TI and the services implemented include:
Value-added (third party) services, i.e., applications such as the electronic patient record (ePA), electronic prescription (eRezept) and the electronic certificate of incapacity for work (eAU)
According to the legislation (SGB), the telematics infrastructure (TI) is intended to act as a data highway to provide patient treatment data to individual service providers. To achieve this, data stores have been and are being set up – initially only for those with statutory health insurance, but by now for most citizens with private health insurance as well.
Even if the data in the TI is not saved by the patient, the principle is, nevertheless, that only the patient may decide who can collect and process which data.
An infrastructure is only useful if it supports relevant use cases. The following (value-added) services, which the KBV refers to as “applications,” are among those planned for the telematics infrastructure:
A complete overview of the “applications” can be found on the websites of the KEV and gematik.
The availability of these services must be maintained. This is the responsibility of the operators, commercial companies such as ITSG, IBM and RISE, rather than gematik. There have been complaints about availability in the past, and gematik has also reported disruptions.
gematik also counts the communication services KIM and TIM among the applications.
KIM stands for “communication in medicine” in German. KIM is nothing more than a secure email service over the telematics infrastructure (TI). To provide this service, KIM uses tried and tested protocols such as HTTP, SMTP and POP.
The telematics infrastructure provides a directory service, a sort of address book of possible recipients.
KIM differs from “normal” email in a few aspects:
KIM is intended to be used for the exchange of structured and unstructured medical information such as laboratory data, discharge letters (eArztbrief) and eAUs.
TIM stands for “Telematics Infrastructure Messenger.” It is intended to be a secure and legal alternative to WhatsApp and Co. Its interfaces have been specified by gematik.
TIM is suitable for short and quick exchanges of information: a query about a prescription, a note about a patient, a message to several colleagues (“broadcast”).
The messenger currently only allows the sending of (unstructured) information, specifically text messages, and sound and image transmission. It uses the REST-based Matrix protocol, which will allow two or more users to have a video call in addition to the instant messaging service. Video calls between doctors and patients will be introduced in a later expansion stage.
Unlike KIM, TIM can be used on smartphones.
Medical information objects (MIOs) are like Lego bricks that can be used to build more complex information structures, such as the electronic patient record. The following MIOs are currently or will be specified:
The KBV has created a page with an overview of MIOs. The specifications and the instructions for the implementation of MIOs in the ePA were created by gematik.
You can find more information on the specification at https://simplifier.net/im1x0/.
If a manufacturer wants to store vaccination information in the ePA, they must use the vaccination certificate MIO as specified by the KBV. This specification uses FHIR.
It describes the FHIR resources to be used, e.g., “KBV_PR_MIO_Vaccination_Bundle_Entry”. It specifies the attributes with cardinalities and data types.
For example, “Immunization” must reference exactly one patient and specify the batch (“lotNumber”) and immunization status (e.g., “completed”).
The batch and vaccination date are MIO elements of the MIO model “electronic vaccination record” (“Immunization”).
A specific vaccination record for a specific patient forms a MIO document (XML format). Unlike the electronic child's examination booklet, the MIO document for the vaccination record does not contain any MIO sub-documents. The set of concrete values for a (sub-)document forms an MIO entry.
gematik has also created an interface specification for “Information Technology Systems in Hospitals” (ISiK) Level 1. This ISiK specification defines data objects such as patient, encounter and condition on the basis of FHIR profiles.
For this, compliant systems must offer common functionalities, such as:
This in turn enables:
gematik uses its own profiles and not those of the KBV or Medizininformatik-Initiative. The reason for this is explained at the bottom of this page.
The questions of which systems are considered “confirmation-relevant” and which obligations they are subject to depend on the time and, therefore, the level as well as on the data:
The first paragraph of Article 355 SGB V authorizes the KBV to establish interfaces for ePAs (and thus for MIOs), electronic medical treatment plans and the electronic emergency data.
Article 371 SGB V opens a series of laws with “Requirements for interfaces in information technology systems”. It is not limited to clinical systems and is, in fact, relevant for all systems that process personal data related to care provided by fund doctors (in private practices), in hospitals and by nursing staff.
It requires standardized interfaces that systems can access to prescribe medication as well as for inpatient and clinical “application and database systems” (i.e., practice management and hospital information systems).
Like the next article (Article 373) on hospitals, Article 372 SGB V establishes “specifications for open and standardized interfaces for information technology systems in fund doctor and fund dentist care”.
Article 373 SGB V forms the legal basis for the ISiK. Its title is “Specifications for open and standardized interfaces for information technology systems in hospitals and in nursing care.”
“Confirmation-relevant systems” currently refers to primary systems in hospitals. The German Hospital Federation may specify additional subsystems.
Further information on confirmation-relevant systems, e.g., on communication servers, can be found in the ISiK Basic Module implementation guide.
Article 374a of the Fifth Sozialgesetzbuch is entitled “Integration of open and standardized interfaces in disability aids and implants”. It requires data interfaces to be opened up for some products, including third-party providers (digital health application providers).
This article is not uncontroversial.
The IOP Governance-Verordnung authorizes gematik to standardize interoperability standards The standards published by its expert panel become mandatory for manufacturers.
Standards have already been defined for the above use cases.
Read more on IOP Governance-Verordnung here to find out about its committees.
The Krankenhauszukunftsgesetz (KHZG) is unique in this list for two reasons.
Firstly, it is an act that amends numerous laws, in particular the Krankenhausfinanzierungsgesetz and several books of the Social Code.
Secondly, it is an act that only affects manufacturers indirectly. This is because the act establishes eligibility criteria that define which projects hospitals can receive grant money for. A lot of the eligible projects are aimed at improving digitization:
Most hospitals have applied for or initiated one or more projects in order to qualify for these grants. However, they can only benefit from the grant money if the systems meet the above legal requirements.
This means manufacturers of medical software will only benefit from the boom in demand if their systems are among those that are eligible for the grants and meet the legal requirements.
gematik promised interoperability with the TI. But it has also received some criticism:
Some of the hurdles to benefiting from the advantages of the TI are high, both for the implementing manufacturers and for users.
Even the much-praised KIM doesn’t have IMAP. How do you explain this to users who feel like they're back in the 1990s where they can only save emails on one client? There is no solution in sight here, partly because of data protection laws standing in the way.
The much-promised secure IT systems have still not been delivered. We all know that any IT system can be hacked. However, in view of the efforts made to protect data and the restrictions that have to be accepted as a result, it is astonishing how often there are embarrassing yawning gaps, as reported by c't or uncovered by the CCC.
The frequency with which TI systems such as connectors and backend systems are not available damages the initiative.
A lot of use cases are not yet supported, and there are missing functionalities in many places.
So, the statement that the telematics infrastructure makes a case number search possible is only partially correct.
Case numbers are assigned by healthcare providers and their IT systems. In other words, external systems do not know about the cases or their numbers. Therefore, external parties must be able to search for patients directly, but the case numbers cannot and will not be given up, as the cases are important to doctors and (medical) controllers.
As a result, the FHIR profile will be adapted in ISiK 2.
The noose keeps on getting tighter for manufacturers of medical information systems – at least with regard to interoperability. However, this can also be a good thing because the market has obviously failed to create the conditions requires for digitization: standardized interfaces that are actually used.
Only legal compulsion and financial incentives (KHZG) have generated progress towards the digitization of the healthcare system.
As TI 2.0, at the latest, will (or should) be able to handle structured data, it will become the standard in the German healthcare.
It is also “only” digitization and not a digital transformation, let alone a digital revolution. After all, technologies and standards such as REST and email are well-proven. To celebrate that they are now being used in the healthcare sector would arouse pity in other countries.
But it’s no use complaining that a lot of people having been asleep at the wheel for more than a decade or that a lot of protagonists have given an embarrassing image and thus hindered and delayed the introduction of a telematics infrastructure.
Anyone still calling for digitization moratorium in 2021 after Germany has slipped into the bottom ranks in terms of digitization may not be part of the solution but part of the problem.
We are where we are. And manufacturers would do well to go beyond simply meeting the legal requirements for interoperability. No one will be able to escape it from 2024 on, at the latest.
They should also play an active role in its further development because they know what the market needs. They are the ones who implement and use the interfaces. It is time to open up the monoliths to subsystems and mobile applications.
The Krankenhauszukunftsgesetz (KHZG) has triggered a gold-rush mood and a digitization boom. However, the act only benefits systems that are compatible with the ePA and that comply with already defined healthcare standards.
This will make it difficult for fast, unplanned and proprietary in-house developments from manufacturers to survive on the (German) market after 2024.
Lastly, we shouldn’t forget that digitization and ensuring interoperability are means to an end, not an end in themselves. The goal is nothing less than ensuring the provision of healthcare.