summaryrefslogtreecommitdiff
path: root/updates
diff options
context:
space:
mode:
Diffstat (limited to 'updates')
-rw-r--r--updates/2008/egk-verzoegern.en.md46
1 files changed, 46 insertions, 0 deletions
diff --git a/updates/2008/egk-verzoegern.en.md b/updates/2008/egk-verzoegern.en.md
new file mode 100644
index 00000000..3d16491a
--- /dev/null
+++ b/updates/2008/egk-verzoegern.en.md
@@ -0,0 +1,46 @@
1title: Electronic Insurance card: Please don't Smile
2date: 2008-07-22 00:00:00
3updated: 2009-04-18 19:12:41
4author: frankro
5tags: update
6
7
8Some German health insurance funds started asking their members to send in photos for newly issued electronic insurance cards, despite the fact that important security questions regarding the system are still unanswered. The Chaos Computer Club advises all members to not send a photo as yet.
9
10
11<!-- TEASER_END -->
12
13In the past few days we received information about health insurers
14asking their customers to send photos as part of the issuing process for
15new insurance cards. The trade guild sickness fund of Saxony ("IKK
16Sachsen") even insists on a picture that meets current biometric Photo
17ID requirements, and refers to a legal obligation for providing it.
18
19The concept of the electronic insurance card that is known to the Chaos
20Computer Club bears some serious issues, such as in the implementation
21of so called "voluntary services" ("freiwillige Dienste"). With the
22electronic health record, the sensitive details leave the protected
23environment of the doctor's practice and are stored on a central server.
24According to the specification this information will be encrypted prior
25to transmission, but there is no conclusive concept about who has access
26to the cryptographic keys.
27
28Without these additional services, the introduction of the new
29electronics health insurance cards would neither be economically
30justifiable nor bring any value-add for health insurances, doctors or
31patients. Consequently, the introduction of such an ill-conceived system
32is irresponsible. We therefore advise all policyholders to not comply
33with the request for sending in a photo, so that the ubiquitous
34implementation of the new health insurance card will be delayed until
35these fundamental questions around protecting sensitive information are
36clarified.
37
38As a matter of fact, ยง 291 German Social Security Code
39("Sozialgesetzbuch") indicates that the health insurance card shall bear
40a "photograph of the insured person", but the law in question does not
41contain any further requirements about its nature. So there are no
42limits to creativity. A biometrically usable picture, as it is used in
43the controversial electronic passports, is not at all required by law.
44
45Retention of the photo, exceeding the time frame required to produce the
46card, is not required by law and therefore prohibited.