KBV creates guidelines for data security
What do medical practices in Germany have to prepare for?

Who is KBV?

KASSENÄRZTLICHE BUNDESVEREINIGUNG or KBV, with original meaning of FEDERAL ASSOCIATION OF PANEL DOCTORS in English, is founded by The National Association of Statutory Health Insurance Physicians and the regional Associations of Statutory Health Insurance Physicians  in Germany. As the umbrella organization of the individual associations of statutory health insurance physicians, the KBV has a key position in the statutory health insurance system.

KBV creates guidelines for data security. In the Digital Supply Act (Digitale-Versorgung-Gesetz) , it instructs the KBV and the National Association of Statutory Health Insurance Dentists (KZBV) to develop an IT security guideline for all practices. The requirements for guaranteeing IT security should be specified in this.

When the guidelines must apply? 

When the guidelines must apply? The guidelines were decided by the KBV representative assembly on December 16, 2020 and will apply from January 2021. Due to the current situation, on-site certification of service providers will probably only be possible from February 2021.

Information for healthcare IT providers. KBV and the National Association of Statutory Health Insurance Dentists (KZBV) have the task of regulating requirements for ensuring IT security in statutory health care according to Section 75b SGB V

What the medical practices in German have to be prepared? 

Practice size is decisive. The IT security guideline distinguishes between three different target groups or responsible groups, namely (small) practice, the middle practice and the large practice or the practice with data processing to a considerable extent. A practice with up to five of these people is a "(small) practice", a practice with six to 20 such people is a "medium practice". Practices from 21 people who are constantly entrusted with data processing is defined as large practice. All practices (contract medical practices) have to fulfill the obligations according to Appendix 1, the obligations according to Appendix 2 apply as additional obligations only to the middle practice and the large practice, whereby the latter also has to meet the requirements according to Appendix 3.

Abandoning Cloud Storage.  Mentioned on Appendix 1, item number 5 under Requirement for Practices, related to Office Product, it requires No use  of the Products integrated cloud storage for storing personal Information. This guideline needs to be applied by 01.April.2021.  

          What AmberPRO can do for this?

          Abandoning Cloud Storage. AmberPRO is a service running on Amber, it's an Edge Computing on-premise turn-key solution to host Nextcloud, Odoo, Home-Assistant and more more Docker App's to come. As it's self-hosted by Amber user as administrator, the data is stored on Amber, not on the public cloud managed by any 3rd party. 

          Self Hosting is Easy with AmberPRO. Most of the medical practices are busy taking care of their patients, they may have no much time left to familiarize themselves with the new IT security knowledge and check whether their own practice already meets the requirements. We make the Self-Hosting is Easy for normal users on AmberPRO with following key features: 

          • Docker on AmberPRO -  Lightning Setup in Minutes with 
          • Amber Anywhere - Hassle Free - No local Network configuration needed
          • Support Anywhere -  Remote support Made Simple.

          Privacy First 

          Privacy of medical patients is the First concern of KBV. The medical practices can host their office products o AmberPRO without using public cloud. 

          Mass incidents of disk wiping for WD
          Western Digital, maker of the popular My Disk external hard drives, is recommending that customers unplug My Book Live storage devices from the Internet until further notice