Please enable Javascript!

eHealth News

CEO News #3

The Electronic Health Record – Part 2

The current discussion about potential computer chip vulnerabilities demonstrates how important a secure communications environment in healthcare is - a field which is about our most sensitive data.

Most recently, this was exactly what I discussed in my first CEO News.

Taking our responsibility seriously, we have examined the possible effects of potential vulnerabilities that have now become known on the Telematics Infrastructure (TI), just as gematik and the Federal Office for Information Security have done. With little surprise, everyone has come to the same conclusion: this danger is successfully warded off by the special architecture components of the TI.

To support the worldwide security level of the TI, I would like to inform you about the following:

The (still) little known but enormous impacts of the electronic health card (eGK)

1. The EHR as an infrastructure element
2. CGM LIFE security architecture (construction and USP)
3. CGM data model
4. Strategic line-up
5. List of applications in which CGM LIFE is integrated.

It depends on three things

In order for the electronic health records (EHR) to have their full effect on the insured as well as for healthcare as a whole, three prerequisites need to be created:

1. Security
The data must be available in a confidential, integer, authentic, and natural way. Unauthorized persons may not read, modify or understand the data at any time.

2. Interoperability
The different authorized systems must be able to read, add, and process content further.

3. Structure
The data must be saved in a standardized form so that automated procedures can recognize or deduct medical facts securely and reliably.

What does that mean in detail?


The protection of sensitive health data is of paramount importance and our responsibility. It needs to be secure at all times, regardless of whether the doctor and the patient use, send, or store the data - and, of great importance from unauthorized third parties. We are aware of our responsibility. This is also demonstrated by the security architecture of our EHR, the CGM LIFE file.

In online banking, for example, the information between the bank and the customer is secure on the digital "route." That does not apply to the server of the bank. Employees of the bank can see them there. A manipulation by insiders, but also by third parties penetrating the systems is thus basically possible.

This is not the case with CGM LIFE: All health data is encrypted and digitally signed on site in the doctor's office or on the insured person's terminal (e. g. a smartphone). At no time will data be decrypted on the server of CGM LIFE. This is also not possible because we do not save any keys on our servers. This ensures that no unauthorized person can access unencrypted data. But we also make sure that no one can slip into the role of another and circulates data counterfeits.

Additionally: Due to our special, patented procedures, neither we nor other unauthorized third parties know the keys. Nobody, not even a state authority, will receive the keys and thus the plain text data via our CGM LIFE server. That is why we speak of a technical appropriation protection. Our patented procedures are so far unique in the German healthcare system. Again, to clarify: Neither CGM as the operator of the EHR, nor any third party can view the data or change it unnoticed. Even our administrators do not know the keys. Only persons who are authorized by the record owner can read the data. However, in this case, as well, only on a terminal running a CGM LIFE based application.

When other healthcare providers of health records promote their systems being secured in a state-of-the-art technique and end-to-end, it only applies to their weak point of key usage for rights management - because except for us - the owner or a representative is in possession of a less strongly encrypted key material. CGM LIFE is thus the only health record that gives the customer complete technical control over his data worldwide.


The electronic health record can only be effective if it is interoperable, thus ensuring barrier-free, cross-sectoral data provision. This requires a fundamental, common framework by the legislature, to which all record providers, but also all manufacturers of ambulatory information systems commit. Already today, there are standards such as IHE, which appear basically suitable. But they are far from sufficient. Especially when it comes to maintaining the highest standards of data protection. We are committed to meaningful and feasible solutions that do not compromise data security. In addition, we provide a technical solution that fundamentally and in advance enables this interoperability: the CGM LIFE partner-ready interface.


Only if the health data from an EHR can be used meaningfully, it can help to improve the patient's care.

CGM LIFE uses the CGM data model, which begins its "work" in the doctor's G3-based primary system. It gives the data a clear and uniform meaning. In addition to medication, vital signs and findings are also included. For example, when it is clear that entries are on various uniquely identified drugs, can an automated check for intolerance be applied. This is not precisely possible when based on algorithms and rules if the data is only loaded into the EHR as free text in PDF form. Detecting and communicating complex data structures will work without translation loss between CGM LIFE and our G3-based software systems in the future.

In order for non-CGM systems to be able to pass on their data to CGM LIFE in a structured manner, a common agreement of all parties involved, a syntactic and semantic standardization that applies to everyone, is required. However, to avoid having to wait, we provide an intelligent solution: The CGM LIFE partner-ready interface, with which we publish our data structures and interfaces and make them accessible to partners.

Strategic line-up

CGM LIFE is an important, if not the central building block, when it comes to the digitization of healthcare: It is the most important infrastructure component for the content-related networking of everyone involved in the treatment process, also in the context of the telematics infrastructure. AXA, Debeka, and VKB already offer their insured customers CGM LIFE today. Together with our CGM LIFE eSERVICES for the outpatient sector, more than one million patients in Germany already use a wide range of areas of our EHR to communicate with their doctor. Health insurance providers use our CGM LIFE eSERVICES to digitize processes such as appointment booking or prescription orders. As integration with primary systems progresses, so does a simple and automated exchange of structured medical data and documents with patients and between health insurance providers.

Where in Germany is CGM LIFE already integrated?

  • The CLICKDOC doctor search, as a generally available portal based on CGM LIFE.
  • CGM LIFE eSERVICES on the CGM LIFE platform, which allows patients the direct communication with their doctors and the common usage of applications with them.
  • Direct connection of our primary systems for health insurance providers:
      Pharmacies: CGM LAUER FISCHER
  • Connection of hospital systems via CGM JESAJA.NET
  • The "My health" portal for privately insured people uses CGM LIFE and is being used by insured people of AXA, Debeka, and VKB.
  • CGM LIFE is also the basis for publicly funded projects such as the drug account NRW, TIME for emergency data management, and the health record for asylum seekers.
  • CGM LIFE becomes an integral part of CGM CLINICAL.
  • In addition to our own applications, CGM LIFE is open to third parties which focus on their own applications, such as mediteo with their medication app, which is part of our partner-ready program.

With CGM LIFE, we are not only very well positioned with respect to the competition, but we have the big picture in view: We synchronize healthcare!

Frank Gotthardt
Chairman of the management board
CompuGroup Medical SE

The Electronic Health Record – Part 1

CEO News #2

The Electronic Health Record – Part 1

Giving Patients the Authority over Their Data ‐ Improving Care Processes

Since a few months, Germany's healthcare system has been discussing about the electronic health record (eHR). I am delighted that the topic has finally come to everyone's mind, and that we are approaching the implementation of this central building block of the eHealth universe in Germany, too.

The eHR will bring together all medical data of a person, it will be accessible for them anytime and anywhere, and it will improve the information base for doctors, pharmacists, care services, hospitals, in short, for all contributors involved in healthcare by allowing the patient to make accessible all or parts of their data. By integrating several building blocks, medication safety, for example, will be lifted to a new level. Based on the available information, the insured person will be given the chance to deal with their health, but also with their disease, in a more independent and responsible way. Within healthcare, the eHR helps to bring the patient on eye level with their healthcare providers.

The German legislator has assigned gematik to define the framework conditions for the introduction of the eHR by the end of next year. The political mandate holders today agree

1. that eHR-services shall be offered in an open market in free competition,
2. that data protection must comply with legal requirements,
3. that interoperability must be ensured.

This is exactly what we campaign for as the insured person must be able to make a selection and to decide for themselves which eHR supplier does not only provide the best security concept for their sensitive data but who can offer the greatest added value in addition to the statutory minimum content for their individual needs.

It is also clear that storing medical data into the eHR must be made in a secure environment, thus within the telematics infrastructure in Germany. The introduction of the eHR - and the framework conditions to be defined - needs to be accompanied by two legal regulations, namely the obligation of all service providers to use the eHR, especially in documentation or transferring of documentation into the eHR, as well as the remuneration of these services through the health insurances. The legislator is aware of this.

Now, what does all this have to do with TI (telematics infrastructure)? Quite a lot! eHR can only work if its contents are reliable. This particularly applies to the communication between physicians, pharmacists, in short ‐ professional health workers. A physician has to be able to rely on the authenticity of the information and that he obtains it unaltered. This is ensured by the telematics infrastructure due to its special technology.

You will have heard in the news that two health insurances in Germany, namely the AOK as well as the Techniker Krankenkasse, have been rushing ahead in the meantime with own solutions in terms of the electronic health record. When taking a looking at the advertised products of these two health insurances, it quickly becomes clear that they are not prepared to utilise TI and its safety features so far. These solutions, in their current architecture, neither meet the absolutely necessary interoperability standards, nor do they offer a sufficient service for patients. Not to mention data protection standards.

CGM's solution is called CGM LIFE! Our recording service CGM LIFE is by far the most secure in the market! Together with our eServices for the ambulatory field, about 1 million patients in Germany have already been using parts of our eHR.

CGM LIFE is designed as a universal eHR that contains all medical data and other treatment data and besides ‐ up to the insured person's wishes ‐ also fitness and lifestyle data. The medical data will be synchronized with the primary system data (AIS, HIS, care, etc.), possibly with IHE-data and payer’s data. Thus, CGM LIFE contains the functionality of a medication file or a case record, among others.

A comprehensive data model and our CGM LIFE Ready interface guarantee interoperability.

Frank Gotthardt,
Chairman of the Management Board
CompuGroup Medical SE

The basic idea of the electronic health card (eHC) was right all along: Improving healthcare by more information at the right time!

CEO News #1

The Telematics Infrastructure TI: The Transformation of the Electronic Health Card into a Completely New System.

The basic idea of the electronic health card (eHC) was right all along: Improving healthcare by more information at the right time!

The Lipobay scandal in 2001 was the trigger for the idea of the eHC. Many patients had to die. Investigations of the harmful side effects of the preparation were difficult since it was hardly possible to make use of any usable documentation on which other medication the affected patients had been taking simultaneously. There were certainly no information systems that could have warned effectively against harmful interactions.

It was therefore necessary to find a way for a better information base for doctors when treating patients, the eHC. The eHC was then thought of as a storage medium for medication information. This suggestion was added by other functions after the consultation of doctors, health insurances, and other actors involved. The eHC soon became overloaded in its functionality and it lacked a secure, technical application environment for modern networking. An adequate further development then failed for political reasons.

Today, the electronic health card is no longer the project itself, ...

but part of a far-reaching development, in which it performs few, but very important functions: First and foremost, it is the patient's key to a secure space in which their health data can be made available to their practitioners at the right time. The reliability of the exchanged information and the security of the data are of highest priority.

This space is represented by the telematics infrastructure (TI), a state-of-the-art infrastructure which offers a world-class level of data protection. In this space, the data is not only secure against eavesdropping, theft, or counterfeiting, but due to a worldwide unique procedure also reliably authentic.

What does that mean?

Most e-mail users have already received fake mails, in which a fraudster had hidden behind the sender's name. This is annoying and in the context of treating patients literally deadly in the worst case. In the telematics infrastructure developed by gematik, such a theft is simply impossible! Without these processes, not only patients, but also our doctors, of whom each and every one must take responsibility for proper medical care, would be endangered.

By the way: Doctors and patients will also be protected against unwanted transparency towards health insurances. A request about the patient's status of insurance, for example, will be sent to the health insurance from the TI without a doctor's identification.

The TI thus offers the most secure frame worldwide for the use of essential, modern techniques. In this space, numerous and enormously important applications will develop within the coming months and years. They will help us all to remain healthy longer and to experience the best medical treatment. There are, for example, the medical account with the electronic helpers about medical therapy safety, the electronic patient record, emergency data, the electronic doctor's letter, discharge management, or the electronic medication plan.

The aged idea of the eHC as a storage medium without the use of the current networking possibilities has turned into a most modern and secure digital infrastructure with the efforts of all those ones involved; politics, statutory corporations, and last but not least the industry, first and foremost our CGM.

Frank Gotthardt
Chairman of the Management Board
CompuGroup Medical SE