Since 1 January 2024, health insurance companies have had to provide their insured persons with digital identities – as stipulated by the Digital Supply and Care Modernisation Act (DVPMG). The Digital Supply and Care Modernisation Act (DVPMG) is part of the comprehensive digitalisation of the healthcare system. It contains various regulations on the digitalisation of the telematics infrastructure and telemedicine. From 2024, health insurance holders will be able to use their personal digital identity to access various healthcare and insurance applications digitally, securely and easily – for example, their personal electronic patient file and e-prescription. Ideally, the digital identity will be made available to insured persons in the form of an app from their health insurance provider. This greatly simplifies access: with the help of their digital identity, insured persons no longer have to use different usernames and passwords for different healthcare applications, as the login is provided centrally via the app. Insured persons identify themselves once at the beginning and link their digital identity to the app so that they can then access their health data and insured person data via the app at any time with just a few clicks. Once they have identified themselves, they can manage their data conveniently at any time via their smartphone.
Are digital identities secure? Security and user-friendliness go hand in hand when using digital identities in the healthcare sector, as the health insurance companies’ ID apps and the devices on which they are installed must fulfil high security requirements. Only a few methods are authorised by gematik for the identification of insured persons, including identification using the personal electronic health card, the ID card with online ID function (eID) and on-site identification at the health insurance fund’s own office. The security requirements are defined by gematik specifications in agreement with the Federal Office for Information Security and the Federal Data Protection Commissioner. The focus is on a high level of security (gematik LoA high) and operator exclusion through a trusted execution environment (VAU), which prevents the operator from seeing when, where and what data the user can share with applications. This means that the security requirements for digital health apps are even higher than those for online banking, for example. Looking at other European countries, however, it is clear that an even better balance between security and user-friendliness would be possible. For example, with regard to biometric processes such as Face ID or Touch ID, which are currently not authorised for digital ID in the healthcare sector, but are widely used in most people’s everyday lives.
With which health insurance companies can I already use the digital identity? The first approval of a digital identity for the healthcare sector in Germany was granted to the joint solution from Verimi & T-Systems for Barmer. Since December 2023, around 8.7 million Barmer policyholders have been able to access their health insurance-specific services and electronic patient data digitally via their Barmer app. The digital identity in the Barmer app is protected by a second strong factor through the smartphone, which is defined when the account is created. Once the Barmer app has been installed on the insured person’s smartphone and the personal digital identity has been linked to it, the insured person can log in securely at any time and access their electronic patient file. It can be assumed that other health insurance companies will also offer similar solutions for their policyholders in the future.
What does the introduction of digital identities in the healthcare sector mean for the future?
The introduction of digital identities in the healthcare sector offers insured persons numerous advantages. They can access their digital healthcare applications more quickly and easily and manage them conveniently on their smartphone with just a few clicks. At the same time, their data is securely encrypted and accessible via a personal login.
The development of a digital identity ecosystem is already being discussed at EU level. In terms of user experience, a future expansion of the areas of application to other sectors would be very promising – for example, the possibility of using the digital health ID not only in the healthcare sector, but also in other areas such as online banking or in digital administrative processes, where the digital identity is verified at a high level of trust.
In the long term, it can be assumed that people who have created their digital identity once and experienced the benefits of using it will value this user experience and want to experience it in many areas of application. Nordic countries such as Denmark, Sweden, Norway and Finland are showing us how a well-structured ecosystem of digital identities can improve the user experience, simplify processes and thus make life easier for citizens: The majority of the population now uses eID in the aforementioned countries, and by 2018 this figure had risen to a full 70-90 per cent of the population. Want to find out more about the topic? Then listen to the podcast with Verimi CTO Dirk Woywod and Lead Corporate Development Konrad Degen.
