Press release
Having received official recognition, TÜVIT is now carrying out tests in accordance with BSI TR-03161. The technical guideline serves as a guide for manufacturers of applications in the healthcare sector when creating secure solutions.
Telemedicine will play an increasingly important role in modern patient care in the future. Video consultations are already increasingly being used today, allowing medical specialists to be consulted digitally. To ensure that patients can use these online consultations safely, providers of such video services must objectively prove that their solution fulfils certain technical security and data protection requirements.
With Trusted Site Video Consultation (TSVC), TÜV Informationstechnik (TÜVIT) is now offering video service providers a new testing and certification programme with which they can provide the required proof of the information technology security of their video consultation solution. The procedure developed by TÜVIT has been officially approved by the German Accreditation Body (DAkkS) since the beginning of 2023. The aim is to check the relevant IT infrastructure with regard to the "provisions on information technology security" in accordance with Section 2 of the "Agreement on the requirements for technical procedures for video consultations in accordance with Section 365 (1) SGB V" of Annex 31b of the Federal Coverage Agreement for Physicians (BMV-Ä).
Based on document checks and technical tests, TÜVIT's IT security experts examine the technical and organisational measures for transmission and the underlying encryption, among other things, as part of TSVC. They also examine whether data can be viewed or is stored contrary to the specifications. Random configuration analyses are also used to check the deletion periods that apply to the storage of metadata and technical connection data.
As video services used in video consultations must not pose any serious security risks, the TSVC procedure also includes penetration tests. In particular, the OWASP Top 10 vulnerabilities are taken into account in this context.
If a video service fulfils the test criteria according to Trusted Site Video Consultation, TÜVIT issues a certificate for the scope of the technical procedures for video consultation. This certificate is valid for 3 years and can be presented to the KBV for verification.
TÜVIT is now carrying out tests and certifications in accordance with Trusted Site Video Consultation. "As part of the transitional solution granted by the KBV, we have already been able to test video consultations according to TSVC and thus gain experience with the new procedure. We are therefore all the more pleased to now officially support providers of video consultation solutions on their way to becoming certified video service providers with the Trusted Site Video Consultation accreditation," says Umer Bhatti, cybersecurity expert at TÜVIT. "The TSVC certification is an essential cornerstone in this respect."
For official listing as a certified video service provider, the KBV also requires proof of the data protection of a video consultation solution. TÜVIT is currently in the accreditation process in order to be able to offer video service providers certification in accordance with Article 42 GDPR in the future.
TÜV Informationstechnik GmbH (headquartered in Essen, Germany) is a renowned IT security service provider and an independent testing institute and laboratory for IT security and cyber security in digitalisation. TÜVIT has been accredited worldwide since 1995 and creates trust in security measures at the level of business processes, data, applications and technologies through vulnerability analyses, audits and evaluations. TÜVIT is a powerful partner in detecting and responding to cyber attacks and ensures rapid restoration of business capability. In this way, businesses, public authorities and operators of critical infrastructures strengthen their regulatory compliance in the areas of confidentiality, integrity and availability as well as their holistic cyber resilience and IT security in the supply chain.
Together with ALTER TECHNOLOGY, TÜVIT forms the Digital & Semiconductor business unit. The business unit is a key pillar of the TÜV NORD GROUP, a knowledge company that has stood for security and trust worldwide for over 150 years. Engineers and IT security experts in more than 100 countries ensure that companies become even more successful in the networked world.
