Members of statutory health insurance companies will be able to use digital health services more easily in the future. The Bundestag decided on Thursday in Berlin with the voices of Union and SPD the digital supply law, which envisages among other things the financing of health apps by the health insurance companies. In addition, patients should be able to use online consultation hours more easily. Left and Green voted against the law, FDP and AfD abstained. Union and SPD also voted in favor of a centralized collection and transfer of patient data for research purposes. The Federal Data Protection Commissioner Ulrich Kelber demanded in a statement from Thursday (PDF) numerous improvements. The law is scheduled to enter into force in January 2020.
The plans of Federal Health Minister Jens Spahn (CDU) had been criticized in recent days. According to experts, the bill did not explain how this sensitive patient data can be safely protected. In addition to Kelber, the Federal Council had expressed concerns. Spahn defended the law in the Bundestag. "Health data is the most sensitive data that exists, so it needs data protection and data security at the highest level"said the minister.
Data already pseudonymized earlier
The coalition faction has approved the 100-page design of the Ministry of Health (PDF) again slightly revised. According to the amendment (PDF) the health insurance companies should no longer transfer the data directly with the insured number of the patient to the data collection point, but with a "Lieferpseudonym" Mistake, "that allows a cross-fund unique identification during the reporting period", According to the reasoning, the insured person must be assigned the same pseudonym for a reporting period, irrespective of his or her cosensorship.
A trust center should then include these delivery pseudonyms in a "cross-periodic uniform pseudonym" convict. From this pseudonym but should not be able to conclude on the delivery pseudonym or the identity of the insured.
Data protection should not be a "manslaughter argument"
The deputies of CDU and CSU called the law as "Milestone for the digitization of the health care system", It was from "of central importance to lead the discussion with opportunities and not only risk-driven and not to use data protection as a manslaughter argument", On the other hand, for the SPD faction "very important to operate a consistent data protection", The FDP, however, pointed "Data protection difficulties", Not least because of this, the electronic patient file was taken out of the law. It was important that patients kept their sovereignty over their data. According to the Left Group, the provision of pseudonymized and personal data sets is not the consent of the data owner "unacceptable",
In future, the Federal Institute for Drugs and Medical Devices will be responsible for the review of health apps. The institute should be one "Directory of Reimbursable Digital Health Applications" to lead. Providers must submit an application and demonstrate that digital health applications meet the requirements for security, functionality, and quality of the medical device, as well as privacy, ensure state-of-the-art data security, and provide positive care benefits. The Institute must decide within three months of the application.
Privacy problems with health apps
To what extent the Federal Institute has the expertise to examine the data protection and the IT security of the apps is unclear. In the past, several health apps had serious security vulnerabilities and privacy issues. So the security researcher Martin Tschirsich examined several health apps and found numerous security holes, among others at Vivy.
Only a few weeks ago, security researcher Mike Kuketz found out that the App Ada forwarded medical data of users to tracking services immediately after logging on. Both Vivy and Ada had been tested by TÜV for data security. The federal government expects a personnel expenditure of 350,000 euros per year for the review of the apps.
The Federal Council had in its opinion "critically"that the federal institute should be commissioned to accept the apps. Instead, according to the Landkammer "the establishment of an independent institution involving self-government" be considered. The Federal Government rejected this proposal. The institute is "Prepared to perform the new technical tasks due to work in the field of medical device law, medical apps pre-referral and clinical trial expertise",