Compliant Key Generation and Derivation - fulfilling the compliance requirements for the protection of patient health care data
One of the most sensitive types of data generated, used, stored, and transferred about a patient is their medical history. In Germany, the eHealth infrastructure and its services handling such data are subject to specific compliance requirements.
The cryptographic keys used to protect patient records must be generated and protected in accordance with the specifications defined by the Key Generation Service Specification for Electronic Patient Records (Spezifikation des Schlüsselgenerierungsdiensts ePA).
One of the core components to fulfill these compliance requirements is the use of a key generation service by using a specialized Hardware Security Module (HSM).
UTIMACO provides a standard-compliant solution for generating and protecting cryptographic key material for electronic patient records, designed for use within the German eHealth infrastructure.