It is not possible to redeem an E-Rezept more than once, because the status of the prescription is stored centrally in the healthcare network. As soon as a pharmacy has dispensed an E-Rezept, the status is changed and it cannot be dispensed again.
This is essentially ensured by two measures:
On the one hand, the components of the E-Rezept are checked by independent experts before they can be usedOn the other hand, gematik monitors compliance with data protection and security by technical systems and by persons who carry out regular audits at the operator of the E-Rezept specialist serviceThe audit by independent experts is carried out, on the one hand, by means of a product audit for the E-Rezept specialist service and, on the other hand, by means of a security audit to ensure the secure operation of the provider of the E-Rezept specialist service. In addition, the provider must demonstrate that they are able to develop secure software by means of a further audit. These expert opinions are reviewed by gematik.
A security assessment of the E-Rezept app is commissioned by gematik (in accordance with Section 360, paragraph 5, of the PDSG and SGB V) and reviewed by the BSI and gematik. This expert opinion also includes the app interfaces to the E-Rezept specialist service and the identity provider. All expert opinions must be renewed regularly.
Together with the provider, gematik monitors the E-Rezept specialist service by means of security monitoring in order to detect attacks on the E-Rezept specialist service in good time. If the provider detects security incidents, they must inform gematik.
Regardless of this constant technical monitoring, gematik regularly audits the E-Rezept specialist service provider to ensure that they are complying with gematik’s requirements.
The E-Rezept is provided with a qualified electronic signature (QES) when created by the doctor. This is the equivalent of the doctor signing the current paper prescriptions by hand. Unlike a handwritten signature, a qualified electronic signature cannot be forged. The QES allows the pharmacy to reliably determine who issued the E-Rezept and whether the contents of the E-Rezept have been tampered with.
With the desktop application. It allows you to view the log data on a computer.
The data from the E-Rezept is stored in encrypted form on the servers of the telematics infrastructure, which are located in a secure data processing centre. The ‘keys’ required to process the E-Rezept are generated by a technical module (HSM) for hardware-based protection of sensitive data, whereby the operator of the specialist service has no access to the generated keys. This means that only the insurant, the issuing doctor and the pharmacy authorised by the app or printout have access to the data.
No. E-Rezept prescriptions can only be viewed by the issuing doctor or selected pharmacy. You, as the patient, choose the pharmacy. If you have shared the prescription electronically with a third party, they can also view the prescription, provided they are registered in the E-Rezept app.
The E-Rezept is encrypted by the doctor’s surgery and transmitted to the E-Rezept specialist service, where it is stored and processed in encrypted form. From there, it is retrieved in encrypted form by the pharmacy, thus ensuring protection against unauthorised access. In addition, people can only access an E-Rezept from the E-Rezept specialist service if they are in possession of the E-Rezept token, which the patient has either received on paper from their doctor or generated electronically via the E-Rezept app. Only if the patient passes on their E-Rezept token to a representative or a pharmacy can these people access the corresponding E-Rezept.