Successful for cash benefits
With TÜVIT for reimbursable DiPA
If you want your digital nursing application (DiPA) to be officially included in the DiPA directory and therefore eligible for reimbursement, you must prove that your application fulfils certain IT security, data protection and data security requirements. With the right services, we can support you successfully on the way to obtaining health insurance coverage.
The Digital Care Applications Ordinance (DiPAV) is an ordinance for assessing the reimbursability of digital care applications.
It contains requirements that must be met in order for an application to be included in the BfArM's directory for digital care applications (DiPA directory) and thus be eligible for reimbursement.
The necessary requirements relate in particular to the aspects of safety, functionality, quality and data protection and security.
Digital care applications (DiPA) must meet the highest safety and quality requirements in order to be recognised by the BfArM as a health insurance benefit. We support you in providing all the necessary evidence - for greater trust, safety and long-term success.
Whether your DiPA is a medical device is determined by the provisions of the Medical Device Regulation. The intended purpose specified by the manufacturer is decisive.
For DiPA, which are classified as medical devices, proof of safety and functional suitability is generally deemed to have been provided to the BfArM by a lawful CE declaration of conformity from the manufacturer.
DiPA, which are non-medical devices, must be designed in such a way that they fulfil the requirements for safety and functional suitability in accordance with Annex 1 DiPAV.
For the product version for which inclusion in the DiPA directory is sought, a penetration test must have been carried out for all components. The test should primarily be carried out by BSI-certified test centres and include manual code reviews and a whitebox test.
We carry out the corresponding tests to provide evidence and help you to identify and close potential security gaps.
DiPA manufacturers must have a certificate for the implementation of an ISMS in accordance with ISO 27001 or "ISO 27001 based on IT baseline protection".
We offer audits and GAP analyses to help you fulfil important certification requirements.
Since 1 August 2024, proof of compliance with data protection requirements must be provided (in accordance with the KHPflEG). This takes the form of a certificate issued in accordance with Article 42 of the GDPR.
From 01.01.2025, DiPAs must fulfil data security requirements in accordance with Section 8 (3) DiPAV. This is the case if certification has been obtained in accordance with the BSI Technical Guideline TR-03161 (Requirements for applications in the healthcare sector). Our IT security experts will check your DiPA in accordance with the requirements of BSI TR-03161 and support you on the path to successful certification.
DiPA directory
Manufacturers can apply for inclusion in the DiPA directory if they have conducted a comparative study with their DiPA that demonstrates a nursing benefit. If the BfArM's review of the application is positive, the DiPA will be included no later than 3 months - in justified individual cases no later than 6 months - after the complete application has been submitted.
The BfArM has summarised all the details and information on the regulations and the application procedure in a comprehensive DiPA guide.
It is primarily aimed at manufacturers seeking inclusion in the DiPA directory, but is also of interest to users who would like to familiarise themselves with the assessment basis and the properties of a DiPA.
You can find the latest version of the guideline on the BfArM website.
Good reasons that speak in our favour
