Legal Advice for Providers and Users of Telematics Infrastructure (TI)
Telematics infrastructure connects the healthcare system securely and efficiently - but it also places high demands on data protection and compliance. Whether you are a provider or a user, our law firm can help you implement your projects in a legally compliant manner. From connectivity to security standards to data use, we offer specialised advice to help you meet all regulatory requirements and future-proof your offering.
What is the Telematics Infrastructure (TI)?
The Telematics Infrastructure (TI) is a secure digital networking platform for the German healthcare system, linking doctors, dentists, psychotherapists, hospitals, pharmacies and health insurers. It enables the rapid and secure exchange of medical information to improve patient care.
Key applications of the TI are the electronic patient record (ePA), electronic prescription (e-prescription), electronic work incapacity certificate (eAU), electronic medication plan (eMP), emergency data management (NFDM) and secure communication in the medical sector (KIM).
All healthcare providers, such as doctors' surgeries, hospitals and pharmacies, are legally obliged to connect to the TI in order to use these applications and ensure efficient, digital healthcare. From mid-2025, this obligation will also apply to nursing homes.
What are the challenges for providers and users of telematics infrastructure services?
The use of telemedicine and health platforms presents specific legal and organisational challenges for providers and users that require careful planning and implementation.
- Contract management:
As a user or provider of telematics infrastructure services, you need precise contractual arrangements with external service providers or customers to ensure compliance and protection. - Commitment or authorisation:
Some organisations in the healthcare sector need to check whether they are required or even authorised to join the TI. - Approval:
All components and services must be approved by Gematik before they can be used in the TI. For this purpose, Gematik specifies specifications for security, interoperability and other aspects. - Privacy and IT Security:
TI services are subject to particularly high privacy and IT security requirements to ensure the confidentiality and integrity of the health data processed. - Access to insured data:
Once the ePA is introduced in early 2025, organisations and institutions will have to submit special applications if they want to gain access to insured data. - KRITIS/NIS2:
Providers of TI services fall under the scope of several IT security directives, such as Kritis, NIS2 or others. Accordingly, there are extensive compliance requirements.
How we support providers and users of TI services
- Legally compliant implementation: We support you in all aspects of legally compliant implementation of TI services - both as a user of these services and as a provider and developer.
- Joining the TI: We advise you on whether you are obliged or entitled to join the TI and support you in the implementation.
- Component and service testing: We test components and services with regard to Gematik's requirements and support you in the approval process.
- Comprehensive advice on data protection and information security: We support you in complying with GDPR and other data protection regulations, as well as in the area of IT security to ensure the protection of sensitive health data.
- Data protection audits and DPIA: We conduct data protection audits and conformity assessments for you, including data protection impact assessments, and prepare legally compliant data protection declarations.
- Data protection concepts: We create the necessary access, authorisation and deletion policies, as well as anonymisation and pseudonymisation policies.
- Contract drafting and review: We draft and review contracts with service providers or customers for IT services.
- ePA applications: We support you with applications for access to insured data from the ePA as soon as this is possible.
- Extrajudicial and judicial representation: We can represent you in the out-of-court enforcement and defence of claims, as well as in administrative and judicial proceedings.
- Compliance training: We provide tailored training for your team to ensure that all employees are aware of the legal requirements in the eHealth sector.
Why Schürmann Rosenthal Dreyer is your partner for eHealth solutions
Schürmann Rosenthal Dreyer combines 16 years of legal expertise with in-depth technical know-how to provide you with comprehensive eHealth solutions. Our firm not only has experienced lawyers, but also technology experts who work together to ensure that your digital healthcare projects are legally compliant and future-proof. As initiators of the Health & Law network, we are deeply involved in the field of healthcare law and are committed to the legal protection of innovative healthcare solutions.
Our expertise has been recognised many times: We won the prestigious JUVE award for Law Firm of the Year in Data Protection and IT, and are ranked as one of the top 2024 law firms by The Legal 500.
Put your trust in Schürmann Rosenthal Dreyer - the partner with the unique combination of legal excellence and technical understanding to make your eHealth projects a success.
Non-binding initial consultation on Telematics Infrastructure (TI)
Why not arrange a no-obligation initial consultation with one of our specialist solicitors to discuss your situation and advice needs?
Your Experts