100% on the safe side
The most necessary security settings for a messenger for organisations
With the Telematics Infrastructure Messenger, or TI-Messenger for short, gematik aims to create a new standard for secure, interoperable instant messaging in the German healthcare system. But what sounds like a good thing in its core brings several challenges with it on closer inspection.
With the release of the “Specifications TI-Messenger 1.0” on October 1, 2021, gematik has taken the first steps towards real-time communication across providers and sectors in the German healthcare system. This initial expansion stage connects service providers and institutions with each other. Further expansion stages are to follow successively until 2024. As things stand at present, the first rollout of the TI-Messenger is planned for summer 2022. So far, so good.
The fact that there is great interest in a TI-Messenger for the healthcare sector is demonstrated not least by the numerous inquiries that established messenger providers such as Teamwire receive on a daily basis. On the one hand, the providers are asked what they think of gematik’s concept and, on the other hand, whether their solutions can be integrated into the TI-Messenger or are compatible with it. In principle, gematik is pursuing some interesting goals with the TI-Messenger. Among other things, interoperability is supposed to create comprehensive communication between different messenger providers. However, if you take a closer look, you will notice that there are currently several challenges associated with the TI-Messenger that put its usability in doubt.
For its TI-Messenger, the planned messaging standard for the health sector, gematik relies on the freely usable matrix protocol to meet the requirements of interoperability, integrability and innovation. Market openness for providers, freedom of choice for users and rapid availability of the solution are key aspects here. Based on these specifications, it is possible for messenger providers and industry partners to develop their own TI-Messenger-based solutions. After certification and approval by gematik, providers may also sell their own developed TI-Messenger solution. Users are therefore free to decide which TI-Messenger they would like to use for communication. Ensuring interoperability between individual TI-Messenger services and providing a central directory service for all users are important features of the new messaging standard – according to gematik, they make up the main differences to existing Messenger solutions.
TI-Messenger lacks features for larger organizations such as clinics, hospitals and care facilities. And this is true both in terms of administrative topics and special functions for the daily use cases of caregivers and patient care in clinics. For example, the first expansion stage of the TI-Messenger only includes text messages as well as image, file and sound transmission. This is mainly due to the fact that the standard protocol does not support other functionalities and that gematik does not allow any deviations from its defined standard. All further developments and innovations, the response to customer needs and also the elimination of any security gaps thus depend on the speed of gematik. In addition, such implementations must be realized at all providers who then make the TI-Messenger available – otherwise neither an overarching exchange nor security are guaranteed. Unfortunately, for this reason, the TI-Messenger turns out to be a rather dull overall system with low innovation speed.
The fact that only text messages and image and voice communication will be implemented in the first iteration of the TI-Messenger is a three- to four-year step backward in terms of features compared with messenger solutions from established providers. Most established providers already offer standardized features today that are planned for the TI-Messenger in the third and final stage of expansion in 2024. In addition, mature messaging providers often have special and even more advanced features that are not yet included in TI-Messenger. Focused, independent messenger providers, of which there are many on the market, already have a clear development lead and will probably be able to extend it. They already offer more innovative and tailored solutions for healthcare. In addition, they already ensure a very high level of security and data protection.
Anyone who doubts this hypothesis should turn their attention to established standards such as e-mail, fax and SMS. There is no question that all of these were once contemporary solutions. But because of their dependence on the standard, firstly, there were virtually no further developments; secondly, security problems increased steadily; and thirdly, customer-specific requirements were implemented over time by other products. This results in penalties for Germany as a business location. The fixed standard makes competitive differentiation barely possible, which makes the providers of the TI-Messenger interchangeable at the functional level. It is doubtful whether such strong digital players will be established in Germany. The TI-Messenger will therefore (unfortunately) not be able to offer the high speed of innovation that is necessary for digitalization in the healthcare sector, so that there will inevitably be welfare losses as a result.
Providers of a TI-Messenger have to expect high approval and certification costs due to the gematik requirements. At present, the TI-Messenger is intended as an isolated solution for the German healthcare system. This means that it cannot be transferred to other countries or other sectors. Consequently, providers must allocate their accumulated costs to a relatively small market. As a result, TI-Messengers will become relatively expensive for end users. Under the current conditions, it is unlikely that any of the major messenger providers will modify their software protocol or develop a TI-Messenger. This would be a technological step backward and at the same time involve enormous (adaptation) costs. It is therefore not surprising that the supporters of TI-Messenger to date are primarily start-ups with little experience in the messaging sector.
When it comes to data protection, there are still a few question marks surrounding TI-Messenger. So far, there is no central archiving system that documents the communication of doctors, nurses and patients with TI-Messenger. Users can distribute patient files, for example, without being able to track where the data has been sent. This is neither in line with the information requirements of the GDPR, nor can the medical documentation obligation be fulfilled in this way. Particularly for larger institutions, such as clinics and hospitals, this could be a problem. This is because manual filing is usually not viable for more than 50 employees. Since a TI-Messenger will involve linking different providers – including at the client and server level – support will be much more costly and complex. Thus, it will be more difficult to narrow down the causes of support cases. And required information will be distributed in several places. As a result, it will be easy for vendors to pass the responsibility on – without contributing to solutions.
Despite all the criticism, it is not meant to be a rejection of the TI-Messenger before it has even been realized. After all, the basic idea of creating universal communication between different messenger providers in the healthcare sector is an interesting topic. What is needed, however, is an appropriate gateway concept or suitable interfaces on the part of the TI-Messenger – which, by the way, established messaging providers have strongly advocated to gematik from the very beginning. Such an idea of the TI-Messenger must be implemented together with experienced providers of messaging services. It is the only way to ensure that many years of expertise, innovative strength and customer-specific developments do not fall victim to a standard, but instead fully meet the requirements of customers and digitalization in healthcare.
If you would you like to receive further information on the subject of standardization in the field of messaging or you would like to be advised on how you should behave and/or decide as an interested customer in the current situation, then please feel free to contact us by using our inquiry form.