doctors women man table clinic meeting

The KHZG: Incentives for Secure Data in Hospitals

published on 25.05.2021

The new Hospital Future Act (KHZG) is intended to take Germany’s hospitals a big step towards digitalisation. More than 4 billion euros in funding is available to digitally upgrade clinics. Condition: Hospitals have to invest part of the money in information security. 

Update for Hospitals: This Is What Is in the Investment Programme  

This is one thing that has been clear since even before the Corona pandemic: Efficient hospitals are a cornerstone of our health system. The basis for this is also a flawless digital infrastructure that can optimise processes and thus save live in the end. To digitally strengthen German hospitals, the Federal Government has launched a new investment programme: the Hospital Future Act (KHZG).

Under the umbrella of the Federal Social Security Office, a Hospital Future Fund (KHZF) is being set up from which hospitals can request funding for digitalisation. The German Federal Government is providing three billion euros, with another 1.3 billion euros contributed by the states.

Not only technical but also personnel and spatial measures that advance digitalisation are eligible for funding. Technical measures include digitalisation of emergency rooms or the further development of offers from the telemedicine sector. Examples of personnel measures are filling IT positions or training staff. Expanding server rooms is a spatial measure that is eligible for funding.

However, many of the projects for which hospitals can now request funding are mandatory anyway. For example, hospitals are required to set up a patient portal for digital admission and discharge management and the electronic documentation of services, such as in the electronic patient file. By 2025, it is mandatory for these and other digitalisation measures to be implemented in every German hospital. If the hospitals have not been sufficiently retrofitted by then, they will face a deduction of up to two per cent of the invoice amount.

Promoted by the KHZG: Security a Must 

Along with the obligatory digitalisation measures, disbursement of the subsidies from the Hospital Future Fund is linked to another condition as well: At least 15 per cent of the claimed funds must be invested in IT security. This pertains to both the security of patient data and the protection of internal and external hospital communication. Also included are measures to expand secure automated data and data centre platforms. For hospitals, it is also of particular relevance to restore normal operations as quickly as possible after a cyber attack. After all, hospitals are increasingly being exposed to cyberattacks, which not only pose financial and data protection risks but can also have fatal consequences for patients in an emergency. 

Secure Data and Identities: What Clinics Can Now Rely On

Efficient information security in hospitals protects sensitive data, thereby engendering trust among patients and hospital staff. For protection against cyberattacks and data leaks, there is a broad range of offers tailored to the needs of the health sector that ensure the legally compliant and absolutely secure handling of data. These three applications help with the digitalisation of hospitals and are eligible for funding through the KHZG: 

1. Data Trustee: Neutral Authority for Secure Data

Particularly when it comes to personal information about their own state of health, patients expect their sensitive data to be handled responsibly. Protection against theft and manipulation is not the only critical aspect here. Compliance with the General Data Protection Regulation (GDPR) also needs to be ensured. A data trustee can be used as a trustworthy intermediary in this area. Serving as a neutral intermediary between the data provider and data user, the data trustee can, for example, secure data access, manage access authorisations or guarantee the secure processing of data. With CenTrust, Bundesdruckerei GmbH offers a platform that links and pseudonymises data from various sources. Pseudonymisation ensures that the identity of the individual remains protected when patient data is retrieved. 

2. Digital Signatures Are Legally Secure and Efficient

Prescriptions, statements, discharge letters: Innumerable documents requiring a signature are received every day in hospitals. A digital signature can simplify such processes and set new security standards. Thanks to the eIDAS Regulation, the legal framework has also been established for qualified signatures for signing documents in the health sector. The electronic health professional card (eHBA) already offers the possibility of electronic signature. Anyone who wants to digitally sign documents independently of the eHBA and simply, even while on the move, can rely on remote signatures.

3. Certificates Identify Employees in a Forgery-Proof Way 

Sensitive data in hospitals can only be protected if the staff also communicate internally and externally at the highest level of trust. E-mail traffic must be encrypted, and the digital authentication of employees must be secure. Personal certificates are an important building block here – especially if they are certified according to Technical Directive TR-03145 of the Federal Office for Information Security (BSI). 

“The corona pandemic has shown that digitalisation in hospitals is not yet developed or being used to a sufficient degree. This is an area where more can be done right now.”

Dr Gerald Gaß, President of the German Hospital Federation (DKG)

The KHZG Is Also Intended to Heal Corona Wounds

The corona pandemic has put the German health system to the test. In view of the continuing burden of additional care for COVID-19 patients, many hospitals now see themselves as being at the limit of their capacity. The Hospital Future Act is thus intended to address this issue as well: Revenue shortfalls and additional costs that have arisen due to the pandemic and have not yet been reimbursed elsewhere are to be determined and compensated as applicable by the KHZG.

For hospitals, investing in a secure digital future is therefore not only the basis for protection against cyberattacks and the continuation of their profitability. Digital hospitals will also be better prepared for exceptional situations such as pandemics in future. After all, a hospital that makes use of the advantages of digitalisation to optimise processes and close IT security gaps, for example, will also be able to bring its capacities fully to bear for its core business: providing the best possible medical care for patients. The Hospital Future Act offers important incentives in this regard, and hospitals should definitely take advantage of them.