 So, welcome to the next talk. Hackers one way or the other. Our three speakers have looked into the security of the telemetrics infrastructure. So, this is all about how to access the data and how to protect it from access. So, the left-hand speaker is Martin. He actually spoke to the German parliament about these health systems and we have next in the centre Zierlich who was also an advisor in the German parliament on this very topic and on the certification of the system. And lastly, Siebock is also an expert on these matters. So, a big round of applause for our speakers. I'm glad that so many of you at this early hour showed up for this talk about the patients file. I assume that many of you don't actually know what that patients file is supposed to be. The patients file is coming, that's for sure. And to just bring you up to date, there'll be a short introduction about what the electronic patient file is supposed to be. The electronic patients file is a digital patient book which for the time of one's life all contains all health data, allergies, health data, blood data, previous treatments and prescriptions and all in one place and it's transparent for the patient because the patient alone has insight into the data and they alone have control over the data and determine who has access to the data. Using the patient file, patients can administrate the data securely online effectively and all the information is always available in every life situation in exchange with your partners which eases the exchange of data with your partners in health enormously. The electronic patient file from the 1st of January 2020. We network the health service securely, gamatic, the company behind it. This electronic patients file is not yet another app, not yet another patients file as we've seen last year, but it is the patient file, the electronic patients file that is required by social legislation has to be provided to everyone to use for the whole life for storing health data and that of course leads to several questions. For one, we would like to provide means of storing health data for the time of one's life which is extra images, doctors, letters, laboratory results and all that is supposed to be administrated in this file and the patient is supposed to have sovereign control, exclusive control about who has access so it has to be secure. Can that work? No, someone replied. Sorry, very important. Whether it works or not, we have to satisfy these requirements. Liability, so violations in individual cases are, cannot be permitted. So, if we're thinking about bank account access where monetary values are dealt with, you make tolerate individual violations, but here each violation is unacceptable. This is what one of the data protection commissions from one of the German states has said and it's not new that we have high requirements here. Even our health minister, Jens Spahn, has realized this. He said that particularly data security is the Achilles heel of this project because if any violations occur then the acceptance of this application, every new upcoming application of electronic health services will be ruined and that will threaten the trust between patient and doctor in surgery hours as well if any violations occur. But health minister Spahn also says that he wants to speed up the process, hackers or not. And because this is kind of ambivalent, we thought we'd give it a closer look and to understand more closely and evaluate the security, we have to read the 10,000 page specification which you can all download on the website of the GMATIC company which deals with. So that's the specifications by the company, but also their own specifications, but also these from all the various institutions that we have in the health sector. So we read all these, not all of them, but we glanced through them and we then produced this fantastic graphics here to show you how this patient looks like. First of all, the in short person of which there are 73 million has their electronic health card. Most of you will know these and you have the card and you have a device to read it which may be an NFC-capable smartphone if the card becomes NFC-capable. And with that over the internet the patient can access through a gateway an underlying file system. And in this file system the health data is supposed to be to reside for the duration of one's life, but it's going to be encrypted and talk here is about end-to-end encryption and the key to that data is also stored in this filing system, but don't laugh yet, that key is encrypted. It's encrypted and that is all justified somehow, but the question is we haven't solved the problem. Where is the key? Where is the key? For the key is now the problem. And for that we have to look a bit further. Through this we are connected to the telematics infrastructure and that infrastructure is the central network of to which now 115 doctors, 115,000 doctors surgeries, but also pharmacies, hospitals and all other institutes are going to be connected. They call it a special VPN network with its own trust space and this institution supplies the following two services. The key generation service one and the key generation service two. These services generate keys for us and these are authorized keys. So with our health card we have to go to these key generation services and retrieve those blue authorized keys by authorizing as authorized people and we then take these keys and with that we decrypt this pink file key and then we can access the data for the doctors practice that wants to access the same data to for example add new data and doctors letter or a little bit more to result. So for them from the other side it looks quite different but a specific device for accessing has to be used. Every doctor surgery is connected to this telematics infrastructure needs a so-called connector that's a special VPN router with special functionality which gives access to this protected network and while the in short person uses their health card to authorize to this network and get and generate their keys the doctors will use their practice ID their health practitioner ID to access the system. So this is symmetric both patients and doctors have chip cards which they use to identify and authorize with the system and to simply to depict the risks in a simplified way let's just look at the numbers here we have 73 million installed people with about four suppliers of the patient file which are currently in the process of development because it's supposed to be available in a few months and there is one central telematics infrastructure and then of course there are 115,000 doctor surgeries doctors practices that are connected now and we estimate that ultimately it will be about 170,000 and the processes how these chip cards are distributed are processes run by the central telematics infrastructure and the problem with the key generation service is that the in short person or the doctor will only identify with their card and then receive a key so the problem is that we are still hearing about end-to-end encryptions but the key is no longer under the control of the in short person so if you can identify for example with a successor card you get access you get the key and therefore access to the data and even the german authority for security in information technology the agency the federal agency has said that if the authentication procedure could be broken then the cryptographic means and the whole data will be accessible and the gamatic company deduces from that that the correctness of the process of issuing the cards is the basic precondition for the secure operating of this service now card issuing process which means the transfer of a real existing person or a legal person a doctor's practice into the digital sphere and to ensure that securely you have to satisfy the following condition you have to identify the person in short people doctors doctors practices have to be identified securely and the attributes whether they are an authorized practice or an in short person with a certain insured person's number these data have to be confirmed in a legally safe way and and the handover of the key the connection from the identity to the key has to be securely and has to be very very viable and that makes the system secure because only then will the card be safely and only in the hands of the authorized people and the gamatic company knows this too and they talk a lot about the high requirements for the identification process it has to be reliable it has to be necessary it has to be it's a precondition and all that now what kinds of identities are there we've seen three cards already we have the insured person's card the practice card with the health practitioners card and then we have the connect of these the pn router and all these carry cryptographic identities in the form of certificates and private keys which are stored on chips and private and cards and what we did is we looked at the question whether the issuing process is safe because this is the central point of attack if we want to attack if if it's if the authentications here's the end to end encryption then we will attack the authentication process is that possible yeah thank you martin yeah i wanted to tell you about how we actually met so so last year or maybe this year we had there was this problem that this whole infrastructure was um was really pushed onto people and people were fined if they didn't implement the system and i was very upset about it and i wrote a letter and then basically to solve this issue we made we got to know each other and looked at to the different parts of the system so if you look at these different cards then so one when you want if you want to have one of these then you have to go online to one of the different providers so we chose the one that had a form that you can just fill out and you have to provide different data points and these five data points are the ones that are being actually checked so the the idea of the company medical company your birthday the the number of the doctor last name and profession um so this looks like this and the birth date is the only piece of information that is not included on every receipt that you get from your doctor so this is the only missing information that's not easily obtainable and of course yes so birth date is not a big secret and and sometimes you also get the city of birth so you can easily just take that information enter it and then the kv checks okay does this uh this is this is correct and then we get this um yeah this card and no it doesn't get sent to the doctor no no no that would be stupid if the doctor got it you can actually specify a delivery address and that's where it arrives and and if there's no one at home at the delivery address you can also specify that it should be delivered to the postal office if the recipient is not there and this looks like this and you have to activate this online there's another form for this for this you need this pin um letter and with this we could activate the pass and and then we registered the card and we could obtain the basic information of patients what can you do with this card if you want to do evil things well you have unrestricted accession access to the telematic infrastructure which means you have circumvented this safety infrastructure or security infrastructure and you have access to different applications and you have access to medical records about medications that people take and you have access to that and i can in the near future receive messages and sign in the name of the doctor that i stole his identity from um yeah and there was also this other talk about pdf for trees so where's the problem so there are three providers and they sent out these cards in the same way so we tested one provider and it was not a big problem to just redirect the card but media design has issued over 80 000 institute passports and potentially there were some um compromised certificates that had to be withdrawn um and lastly um there was an insufficient specification of uh these guidelines and the gematic then approved this process and the trust service provider without really looking at the way they worked but that's just one type of a health card now let's take the same type the health protection practitioner's card or the doctor's card if you apply for that one you need personal identification before that card will be delivered do you know you don't because there is the so-called bank identity procedure which i'm going to explain shortly uh briefly a doctor will at some point go to their institutional bank their professional bank which is a german pharmacist and and medical practitioner's bank bank open an account there or just show up there and and show their personal id their document document and then they will have passed the first stage of this identification procedure and an attacker will now go to one of these trust service providers media sign for example will enter the data of that practitioner and the bank will say yes we know that person we have an account for them and the um doctor's chamber will say yes we know this person who this person is registered as a particular practitioner of of some kind what does medi sign then do they will issue the the card and deliver it again uh delivery to some uh specific delivery address possibly a separate one and the pin letter will be sent to the same address if requested and this way we could again online activate this card and receive a valid user certificate and that requires a signature and i've just said where you get the doctor's numbers from the doctor's signature will be there too if you can read it at all in many cases it will be such as postal pickup pickup and post office the original doctor's signature will not be stalled anywhere so you can't really read a signature anyway that's not anyone's name so it will be quite easy to imitate this again where's the problem there are two providers and four verification procedures post identity and chamber identity are okay ish in terms of the specification the two procedures were two side two factor identification takes place are not working so well and these are the bank ident procedure and the pre chamber identification procedure where a two factor identification will take place so the doctor will show up show their identification and then later on someone will show up and say oh hello i am this practitioner and there is no way of linking these two identities and and match these and make sure that the person that is applying online is the one that showed up earlier to show their id and at medi sign 31 percent of the health particulars cards are obtained this way because it's so convenient i don't have any figures for the other suppliers and that gives us to our specialist for the gets us to our specialist for the patient's card and this way which we showed how we can easily obtain these two cards by doing some simple identity theft but there's still the health card missing in this and i googled how to see get a health card and fortunately obtained yeah and so i will tell you how to do this um so the health card is equivalent to the institute id card many of you will know this it's the central key to the telematic infrastructure and one central question was is the health card an id card or does it does it confirm the identity of the person or is it more like a strapping card some so what would be the consequence if it's not an identity card so because every doctor knows their um patients so why would it matter um and before the health card there was this electronic health card and it was mainly used for billing and this way the doctor could send the health insurances the medical bills but with the health card it's it's equivalent to the institute and medical professional cards and in the context of digitalization more more work and more more yeah more service is done in the context of electronic processing in also in legal terms paragraph 291a and even the location where where the patient pledged to donate their organs will be saved and of course it will be used as the central key to the patient medical data folder and there are also additional applications for instance like direct health insurances that don't have any offices for what patients can go to and in and even in individual cases it will not be possible to access the data there will be receipts and in those receipts there there'll be a statement which what the health insurances have uh paid in the last 18 months and uh and here we come back to what martin said the identity of the person who's affected has to be determined in advance before social data is being transmitted and this is quite different what you might know from different areas in other areas it might be sufficient to determine afterwards that something went wrong and then corrections can be made like if you have withdrawn too much money it can be uh corrected but when you transfer medical data you transfer knowledge and once and once yeah so the knowledge about what kind of treatments people people got what kind of medications you can't return this knowledge once um it falls in the wrong hands and therefore we talk about different different threats or different uh problems that occur when data data leakages happen and therefore it's important that it the data must be protected so that even in individual cases it cannot happen that that data gets lost um so which means that these procedures have to be absolutely watertight that this information cannot be obtained by illegal means and because it's such a central element right from the beginning um when the architecture the safety security architecture for this was designed that the safety level was set very very high even higher than financial systems and it was also determined that identities that um i use for these digital certificates have to be as high on the security level as these digital certificates and then it was determined that the old uh that the old procedures that handed out the old cards that these procedures are no longer sufficient or sufficiently secure and if for instance someone lost their card or if they changed the health insurance provider then a different then a different procedure had to be in place to ensure that the new card would have the required security level and and of course in the last couple of years people focused a lot on the technical um requirements but they are still the organizational procedures that had to be taken care of and in the year 2016 the cdu parliamentary party has um has given a talk so by kauder said that there is if there's only one in one single um accident with the medical data is sufficient to remove the trust that people have in the um medical system and therefore it is absolutely essential for the success of the system that the security is watertight and correct and so that it's very important to kauder that the people accept this system so we take took a closer look at this martin said that um the topic um was something that he dealt with several years so i looked at the years when i managed to use very simple methods to um get um health insurance cards so 2014 2015 2016 yeah last year i didn't do it um so it's like yeah again this year so it's really easy to get these easy to get these cards and the attack scenarios that we used do not differ by much and usually it's enough to just give a call to the health insurance and say hey i moved and then they sent me a new card and i did this for several years and now things have gotten more complicated and now to obtain a new card then one way is to change the address so there are two main attack scenarios so you could either change your address through the insured person or changing the address through the employee employer and and this data is being transmitted by the employer and there is so from the employer from the employer to the social security provider and the data that comes from the employer to the social insurance provider uh is assumed to be correct and valid also you have to take keep in mind or consider that uh if you look the respective guidelines if you read the respective guidelines you will find that identity the identity the student confirming identity has to have has to have education they have to have a security concept and it is automatically assumed that an employer will have all that and we we stepped away from we stepped back from from taking this kind of attack and focused on address change as an individual and we looked at how the AOK the most the Hessian yeah the Hessian AOK does this AOK being one of the the largest statutory health insurance provider and what are the guidelines that they have and here you can say for here you can see that for data protection reasons to prevent abuse from third parties the address has to be transmitted either in a letter or facts with and with a signature or in a scanned letter with a signature which is then emailed and the gain in security by scanning in a letter is small or none and it's not only enough to change the address that it can change the address no online you can you can actually change your address online and order a new insurance card in the same process as well so you have a very simple means of sending an email here with a non-binding kind of letter and then a few days later to that new address a new health card will be delivered and this health card as I said is the central point of access to the whole telematics infrastructure so that one weak point is the is the address change procedure which did not comply with security requirements and what has to be added here can you go back one slide please we have the statement by the health minister that this telematics infrastructure has to be introduced because fax is so insecure right or at least that it is more secure than fax so that brings us to a press release and doctors wrote that the telematics infrastructure is safer than fax right if you really want that okay you can agree to that but the funny thing is when christian applied for his new card he sent a fax now we have a statement by the another statutory health insurance provider a okay again but from a different part of germany from ryan land palatinate and they said that in the sense of custom oriented processes with a trust relationship poster just as have to be considered as valid okay you can say that and the this institution from from the state of ryan land palatinate said that uh an access to health data required and a previous identity verification we know that from next year access to health electronic health data is supposed to take place not one of you has gone through an identity very identity verification with their health insurance provider and this query to parliament was uh and this was a question that the tv station zdf handed into the health ministry and and the response was well the health insurance is weren't even complied to to close the security gap but the answer was they knew that in advance and this was as early as 2015 and nothing has changed yet okay okay we have so many slides right regarding the identity verification process for the health card we've said that the process that the health card includes a constitutes a limited proof of identity what is this 60 a limited identity proof identity does not exist a pin doesn't change that either prove your identity or you don't and to have these this card ready for use it has to be secured with an orderly identification proof of identity proof of identity if this okay i'll just have to step forward i have so many things to show sorry okay we will keep the rest for the q and a and move to the last part which is the connector and then come back to the overall bottom line that um so you could accuse us tell us that we've only looked at part of the technology and obtained part of the technology in the centerpiece as it's been called the connector this beautiful device which links doctors practices with the telematic infrastructure to look at that more closely of course you have to order it and obtain it and normally you can only get it in a package it's very expensive about 2000 euros which is not the amount that i wanted to spend as a hobbyist in it security but we found a supplier that will sell the connector individually and the procedure was rather simple it's just a fax the company and then it took a bit of time seriously come on three months delivery time that will give you a one-star rating okay then this connector was delivered through the very safe tnt delivery chain to just where the person of course always that image was from the leipzig conference center where we are now if you're watching from outside um now the central security function of the telematics infrastructure is depends on the security of the issuing of these cards and we've seen that all the issuing processes for any type of card are worthy of improvement and what does that mean for the first time this first this means that the huge promises that were made aren't really worth a lot and all they weren't very honest uh these promises that we would have a level of security that would be unique within europe the association of psychologists that said oh the chaos computer club wasn't able to hack it now therefore it is secure i don't know where they get this kind of statement from they shouldn't just release statements like that into the world it is very dangerous to make states like statements like that the health ministry the federal health ministry is of course absolutely convinced that it's secure and we all know that there is no absolute security and this is echoed by others so if you communicate something that is supposed to be useful please also point out the risks and don't talk about absolutes say that something can happen that you have access assessed the risks and that you are prepared for things to happen that you can mitigate the risks that you can mitigate the damages so that the user the patient can be protected and that is completely missing in this discussion that is dominated by absolutes and saying we are worldwide we're the best in the world and we are absolutely secure and we've seen maybe we're at top in leitzig maybe not but the mistakes that we've seen here they are not new the federal printers have known for years they've they've been publishing it in in their own expertise concerning their own products that the telematics infrastructure isn't that secure the german printers say the federal printer printing agency says that says that the delivery the issuance of these secure cards isn't that safe if it's sent by post you can own you just need to ask the postal service to forward your mail to another address and then you can receive these cards anywhere so if the knowledge is there where is the responsibility and we know that it's not just about the patient's file and and the the services that are accessed that we've heard of there are many many private suppliers that want to use this infrastructure to talk with their health protectionists to talk with patients and identify them and that of course won't all work if even the basic infrastructure isn't so corrupt so the idea is nice but then you have to do it right and that gets us to the positive aspects before we get down to the final bottom line because we have to say that there are some positive acts we I want to hand back to Ali for that and we see that the general law or the laws seem to be realistic and and we think that there is we've considered a good idea to use the state as as an authority to specify the infrastructure because without this infrastructure all the all the private companies have the same questions which is how how do how do I achieve that I bring real people who are legal entities who are who have medical records who who who do I manage how do I manage to bring them into the digital world and and this is and this central element of an identical digital identity this is quite challenging and and as a necessary measure to prevent risks and damage and the geometric has made some good decisions to reduce the attack surface and and also to to just to have measures to limit damage if a provider got compromised and and also defining that the level of protection is sufficiently high so that it's really like not like a payback card and we also saw that the health card is an id card and it must be treated that way and and it's really an organizational process to that have to be um admitted approved and and the people who are affected by these processes have to have to be protected and we have shown that it should not be done online because you can't guarantee the necessary protection and this will take a lot of time and I had many discussions and there is a certain degree of lack of responsibility because people think about technical solutions but they don't really think about an organizational responsibility and but this is really important because it's the people who exist in the real world and who are not just projections into a digital system that they are protected and we're almost at the end and this is a central statement and and so but this is a good summary um so these are the central statements in order to create a secure telematic infrastructure you need to have high standards for data protection and security highest protection and and and you need to make sure that there is absolutely no doubt when it comes to the identification of the patients who use these systems and and we also observed that the identification of the patients or the medical institutions actually does not happen when it comes to retrieving the cards or obtaining the cards yeah and you see it was actually too easy to find holes in the system and yeah so we had an easy time um getting our goals accomplished and but maybe next year we will have a greater challenge and then we will report about our success or lack of success next year so that's what i wish for for the year 2020 um so we want better security in these systems so we have a bit of time for questions thanks martin christian and andrei lovely talk if you have questions please line up behind the microphones or use the online option there are signal angels are there questions from the yes there are questions from the internet um question to martin is it possible to find doctors who are not connected to the telematic system so that it's only so that yeah so that there's only honorary um fine well this should be better answered by a doctor so over to christian yes there are doctors that have not been connected have not connected to the telematics infrastructure there are several initiatives of doctors that refuse to be connected and uh these deductions in fees they accept they pay for your data being secure uh i please google it i don't have the exact name ti i3 te free or something you'll find it thank you uh thanks for the talk in the video uh in the that he showed in the beginning it was claimed that the patient has full control but how does this work if the doctor has access to a key the patient has to give their consent through the app or through the card in the doctor's practice so the patient will come there and and and put in their card which they have or you will receive it soon and they this way they give the doctor access to the data for a certain amount of time which they can select and that gives the doctor access and the doctor uh will receive a key that is specifically encrypted for their authorization key and that is uh stored in the infrastructure that is technical i'm going to go into that later this is uh uh and kind of a question that is not so common yes thanks for all the work that you did for our society it's there the patient file is supposed to be voluntary it's an opt-in at least for now but there are various expert groups that demand this to be changed to an opt-out because otherwise not enough people will use this and and benefit from the positive effects and if you have this patient file and if you have the master there in nursery then you want to move over to an opt-out procedure which has happened in other countries too i think austria is using an opt-out and so is australia and i think that they were talking about an opt-out in early on i think the option would be there that it might be possible that we in germany we move to an opt-out procedure too and i would like to point to the fact that i still i'm still calling for this to remain an opt-in procedure um because if you don't have the time and the expertise to look at this in detail and and then uh the people that change it to an opt-out will have to take responsibility for the data which they which no one wants to do so let's stick with the opt with the opt-in procedure um i know that from healthcare that there is a big over taxation and because people can't catch up with all the documentation and all the bills and i would like i have the suspicion that if you don't use digitalization you will have much more overhead with all the paperwork um so do you think that there is a possibility to introduce digitalization that uh that's is fast but still safe and and that really is not too slow so that people don't have to do so much paperwork i agree i too work in hospitals uh uh sometimes in short-term contracts sometimes as a freelancer and through digitalization i have really experienced that time is being saved and more time can be spent with patients there are some minimal improvements for example x-rays which normally you would have on a singular piece of a file that they can now be sent uh but but the advance advances are small the promises are there if you digitalize you have more times for pay time for patients but the fact the claim that that really shows in the time can spend with patient patients i don't agree with and independent from this the patient's file is going to be a services file for the information of the patient themselves and whether that can have these revolutionary effects you don't know and i'm not going to evaluate these or judge this and uh there are some very positive effects that have been claimed and evaluated or will be evaluated but the risks should be made transparent as well and then you have to be able to to balance and and evaluate both sides and uh there are some applications such as secure communication between doctors so that they can set letters that could be implemented quite easily and that would be of a high benefit so there are applications that are of benefit but as we've heard multiple times a single failure would be enough to undermine trust and what we've done here you should really wonder whether you can't do better than this and of course you can do better than this and that's why we've laid down our suggestions and and maybe you should start with services that are not so not as critical as the patient's file such as inter communication between doctors and then go forward step by step and maybe that will work out do you support the current online petition against te1 the obligation the online petition against the telematics infrastructure obligation as far as i read it is not really founded with the arguments that we have given here um we we took a fairly agnostic approach as far as benefit is concerned and we looked at the risks only and the petition against the ti obligation which has several reasons are more concerned about liability not being resolved liability questions and and and and the benefit is also disclaimed and and you have to leave that perhaps to the experts and maybe christen christen can say something about that but i think we should move to the next question i would like to know if you know if there is something in the specification of the handling of the pin code because i had the experience that there was um a technical installation set up in and in a medical practice and they just shows a very very simple code that is easy to guess martin is the one that knows the specification by heart but yes i will say no uh in the health sector as you said bad passwords are being used and they are put in places where they shouldn't be put and there is a lot of work that should be done about that to get this thought of data security spreading in in practices and that's what something we are working on too and i have to say though that the requirements surely there the high the parameters are high but also those that are placed on doctors and and the higher these requirements requirements get uh then the not many people not many doctors will fulfill these requirements and the responsibility is shifted then as well so technologies their specifications are their implementation well is lacking is it possible for me as a medical practitioner or as a doctor against my identity being stolen it would be it would be very desirable to have more firewalls there such as if you apply for a card identity that you then only approve this new identity after some additional verification such as postal address you can verify postal address without showing an id uh maybe they should send the letter to the original address saying someone has requested an address change and you could do that with the health card uh the the doctor's card and uh concerning the patient's file something like this exists but maybe a second or third line of defense should be built in so that as soon as so that a compromised issuing process will not lead to the whole data being compromised but currently protections are very hard very difficult to make and what you have to call for is that in the application process and the delivery process of these identity documents a personal presence of the doctor should be required so at least for once the these people should go to their medical professional associations and at the receipt of the card they should be present and show their ID or maybe go to the same institution and the compliance with doctors there is not that high not as high as it should be um there just one comment uh about what has been said before and many health data are being sent on DVDs DVDs because that's apparently safe and i have actually one question what is with the basic data exchange or comparison does this work or um yeah does this work well uh this works is something i do in my daily work um concerning x-rays DVDs aren't as bad as all these pack servers that used to be open without any password you just had to know the URL so there's always a worse solution yeah and and the new solution does work another twitter question so does the patient um folder have a unique ID the patients will are identified in the patient's file through the insurance number and there is a central place that issues these patients numbers and we'll be able to talk about this every insured person has a lifelong unique ID insurance number which they will keep even if they change their health insurance providers so you have a record that is linked to one person but as we've shown today that leads to the fact that you are cannot be cannot rely on the person actually accessing this information because the handover process and the identification verification process do not ensure that it's the same person that has access to this in this access information um do you think the new german ID card would be a better choice than the health card i think there are several projects or predecessor projects pre-feeding projects about making the ID usable the general ID usable in the health service and there was a citizens portal that used this so yeah the electronic german ID was supposed to be it was an idea but but now we have the health service have their own public key infrastructure which is completely decoupled from from the electronic ID card and there's a reason for that because storing these insurance numbers is supposed to be separate and to change these specifications in such a way that the german ID stores the security access information and and have this kind of linking between these two is something that has many considerations and the decision was made not to do that and it's not enough to just identify yourself in the health sector and say i'm going to use my electronic identification process to prove my identity identity i also have to bring the information the attribute with whom i am insured and this information with whom i am insured is currently not possible to store on on the electronic id the german id is it is it somehow foreseen that are there any plans that for example my dentist has access to the complete folder or is it only restricted to the area to the part that is important to him well yes and no the original idea was that all the information selectively you could selectively release to the individual doctor so the one doctor only knows your venal diseases the dentist only knows your state of health of the state of your teeth but the health minister applied pressure to speed up the introduction process and because of course these processes of complicated they wanted to bring it down to an all or nothing release and what this will lead to we'll see in one year we know that the electronic patients file which will come in 2021 will be in all or nothing access so you'll have to consider whom you'll release this information to and you know with some certain procedures such as psychotherapy this is something that you as a patient as a patient would not go to a psychotherapist and ask them to put in a an expertise into the patient's file because other doctors would then see it and you have to know that this will not have any negative effects other doctors can see it and this rights management is supposed to be added in 2022 but we can't judge this because we haven't seen the specifications yet i'm sure it's been worked on still thank you very much for answering all these questions please a big round of applause for our speakers and thanks for listening to the translation we were listening to Sebelius