The invention relates to a computer program product comprising processor-executable instructions for carrying out method steps for providing authorization keys, a computer program product for carrying out method steps for decrypting a data object, and a data processing system.
The electronic health card, abbreviated in German to eGK, is intended in future to replace the health insurance card in Germany. The aim here is to reduce the cost of, simplify and expedite data communication between medical service providers, medical insurance companies, pharmacies and patients in future. This also includes, inter alia, allowing access to an electronic doctor's letter, an electronic medical record and an electronic prescription with the aid of the electronic health card.
By way of example, medical data objects (MDOs) such as an electronic doctor's letter, an electronic medical record or an electronic prescription can thus be encrypted and stored in a digitally signed fashion on a central server. In this case, encryption is preferably effected by means of a symmetrical key which is individually randomly generated for each new medical data object of an electronic medical record such as e.g. an electronic doctor's letter or an electronic prescription. The symmetrical key itself, after it has been created, is for example encrypted with a public key and stored together with the encrypted medical data objects on the central server. In this case, said public key used for encryption forms, together with a private key stored on the electronic health card, a cryptographic asymmetrical key pair. This ensures that access to the encrypted medical data objects is possible exclusively using the secret health card key. In the event of such access, firstly the encrypted symmetrical key is decrypted by means of the secret health card key, whereupon further decryption of the medical data objects is then possible with the decrypted symmetrical key. If, during the creation of an MDO, a digital signature was also generated with the secret health card key, then the integrity of the MDO and the authenticity of the MDO generator can subsequently be verified by means of the digital signature.
By way of example, DE 10 2004 051 296 B3 discloses a method for storing data and for interrogating data, and corresponding computer program products. A personalized smart card allows storage of a virtual patient file on a data server. Using the smart card, data, such as an MDO of a patient file, for example, can be encrypted by an office EDP system of a doctor's office and be transmitted in digitally signed fashion to a data server.
DE 102 58 769 A1 discloses a further application of smart cards for patient data.
When the electronic health card is used, the problem arises that, in the case of, for example, a change of medical insurance company and the associated issuing of a new electronic health card with corresponding new asymmetrical key pairs, it is no longer possible to access without problems an electronic medical record previously encrypted using the old electronic health card.