Specification of health data transfer from devices to DiGA (§ 374a SGB V)
| Term / Abbreviation | Term (German) | Definition |
|---|---|---|
| § 374a SGB V | § 374a SGB V | Legal paragraph in the German Social Code Book V concerning the integration of open and standardized interfaces in medical aids and implants. |
Access Token or access_token |
OAuth token for accessing protected resources. | |
| Authorization Server | Autorisierungsserver | OAuth server of the Deivce Data Recorder that manages the authorization of DiGAs for data access. |
| Backend | Hintergrundsystem | Server-side application of a DiGA or medical aid/implant through which data transfer takes place. |
| BfArM | Bundesinstitut für Arzneimittel und Medizinprodukte | Federal Institute for Drugs and Medical Devices – responsible for establishing and publishing an electronic directory for interoperable interfaces of medical aids and implants (HIIS-VZ), managing the DiGA registry (DiGA-VZ), as well as the German Central Terminology Server (ZTS) for the German healthcare system. |
| CA/Browser Forum | Trust space of the Internet PKI – certification authorities used for TLS connections. | |
| Certificate Transparency (CT) | Transparency framework for TLS certificates to detect unauthorized certificates. | |
Client-ID or client_id |
Unique OAuth client identifier of a DiGA, defined by BfArM. | |
| CN | The Common Name is a field within an X.509 certificate’s subject that traditionally contains the Fully Qualified Domain Name (FQDN) of the certificate owner. It was historically used for hostname verification but is now considered deprecated in favor of the Subject Alternative Name (SAN) extension. | |
| CodeSystem | FHIR coding system with unique codes for specific concepts (e.g., CS_OAuth_Scopes). | |
| Consent | Einwilligung | Explicit agreement of the patient to transmit data from the medical aid to a DiGA based on GDPR. |
| Device | FHIR resource for transmitting metadata about measuring devices and device instances. | |
| Device Data Recorder | Software that receives and persists device data from a Personal Health Device (e.g. a mobile App and its backend) | |
| DeviceDefinition | FHIR resource with information on a specific medical aid backend and supported sensors/measuring devices. | |
| DeviceMetric | FHIR resource for transmitting measurement configuration and calibration information. | |
| DiGA | Digitale Gesundheitsanwendung gemäß § 33a SGB V | Digital Health Application – digital medical devices of low-risk classes that can support patients in the treatment of diseases or the compensation of impairments. |
| DiGA Manufacturer | DiGA Hersteller gemäß § 1 Abs. 2 DiGAV | Manufacturer of digital health applications that distributes a DiGA listed in the DiGA VZ. |
| DiGA VZ | DiGA-Verzeichnis gemäß § 139e Abs. 1 SGB V | BfArM DiGA registry providing central information of all certified, prescribable, and reimbursable DiGAs. |
| DiGAV | DiGA Verordnung | Regulation on the procedure and requirements for the examination of the reimbursement eligibility of Digital Health Applications (DiGA) in Statutory Health Insurance (GKV). |
| FHIR (Fast Healthcare Interoperability Resources) | Standard for the exchange of healthcare data, used in version R4 for all healthcare data transmissions. | |
| FQDN (Fully Qualified Domain Name) | Unique domain name for identifying DiGA and medical aid/implant backends, as specified in the TLS certificate. | |
| Frontend | Zugangssystem | User interface (web apps, native apps, hybrid apps) of a DiGA or medical aid for interaction with the user. |
| gematik | National Digital Health Agency – gematik section KIG is responsible for the technical specifications of the interface acc. § 374a SGB V. | |
| GesundheitsID | digitale Identität der Versicherten gemäß § 290 (8) SGB V | Digital identity for insured persons in the German healthcare system, used for secure authentication with digital services in the healthcare sector |
| GKV | Gesetzliche Krankenversicherung(en) | Statutory health insurance institution(s) in German healthcare system. |
| GMI (Glucose Management Index) | Glukose Management Index | Equivalent for the HbA1c laboratory value which is calculated from the average readings of a CGM system |
| HIIS-VZ | Verzeichnis der Hilfsmittel- und Implantat-Schnittstellen | BfArM registry of medical aids and implants providing an overview of all Personal Health Devices and Device Data Recorder with an implemented HDDT interface acc. § 374a SGB V. |
| Implant | Implantat nach MDR | Medical devices that are introduced into the body permanently or for the long term and serve to measure, support, or replace bodily functions. |
| Interoperability | Interoperabilität | Ability of different systems to communicate and exchange data in a standardized manner. |
| KIG | Kompetenzzentrum für Interoperabilität im Gesundheistwesen | Competence Centre for Interoperability in Healthcare at gematik – legally mandated to define technical specifications according to § 374a SGB V. |
| LOINC (Logical Observation Identifiers Names and Codes) | Coding system for laboratory values and vital signs. | |
| MDR (Medical Device Regulation) | Verordnung (EU) 2017/745 über Medizinprodukte | The EU Medical Device Regulation sets comprehensive rules for the safety, performance, and oversight of medical devices in the EU. |
| Medical aid | Hilfsmittel gemäß § 33 SGB V | Tangible aids or technical products for medical care that are provided at the expense of statutory health insurance (GKV). |
| Monitoring | Monitoring | Self-logging of DiGA and medical aid/implant to document the functionality of the interface acc. 374a SGB V. |
| mTLS (Mutual Transport Layer Security) | Mutually authenticated TLS channel between DiGA and Device Data Recorder backend. | |
| OAuth 2.0 (Open Authorization) | Standard for securely authorizing a DiGA to access medical aid/implant data. | |
| Observation | FHIR resource for transmitting measurement values of exactly one vital sign/vibW (e.g., blood glucose, blood pressure). | |
| Personal Health Device | Hardware part of a medical aid or implant that holds the sensor(s) for measuring vital data of a patient | |
| Pairing | Kopplung | Linking process between DiGA and medical aid/implant – process of connecting systems with user consent. |
Pairing ID |
Pairing-specific user pseudonym for uniquely assigning consent between DiGA and medical aid/implant. | |
| Profile | Profil | Set of contraints that must be considered when using a specific FHIR resource type in a specific context (e.g. § 374a SGB V). |
Redirect-URI or redirect_uri |
Redirect URI to which a Device Data Recorder sends the user after issuing the authorization code. | |
| Refresh Token | OAuth token to renew the access token without user interaction. | |
| Resource Server | Ressourcenserver | FHIR server of the medical aid/implant providing the protected healthcare data. |
| SAN | The Subject Alternative Name is an extension in an X.509 certificate that lists one or more identities (such as FQDNs, IP addresses, or email addresses) that the certificate covers. Modern TLS implementations use the SAN field for hostname verification instead of the Common Name (CN). | |
| Scope | OAuth permission defining which data a DiGA may access (e.g. MIV-specific scopes). | |
| SMART 2.0 | Standard for fine-grained access control with patient-specific scopes and finer-grained resource constraints. | |
| %TIR (Times in Range) | Zeit im Normalbereich | Percentage of time where a patient’s glucose value is in the normal range (70-180 mg/dl) |
| UCUM (Unified Code for Units of Measure) | Unit system for measurement values in medical applications. | |
| ValueSet | FHIR value list with defined codes for a specific context (e.g., VS_BloodGlucose). | |
| MIV (Mandatory Interoperable Value) | vibW (Verbindlich interoperabel bereitzustellender Wert) | Central granularity level for standardized data transmission (e.g., blood glucose, blood pressure). |
| ZTS (Central Terminology Server) | Zentraler Terminologieserver gemäß § 355 Abs. 12 SGB V | Central terminology server for the German healthcare system – provides binding coding systems and value lists. |