OPENREGULATORY
Sign in Get started
Ask a question
Technical Documentation 1 answer

What are the requirements for 'Authentisierung von GKV-Versicherten' for DiGAs in Germany from January 1st?

Anonymous · Published December 26, 2025 · 1 comment
I am seeking clarification on the mandatory requirement for 'Authentisierung von GKV-Versicherten' (authentication of statutory health insurance holders) that applies to DiGAs (digital health applications) in Germany starting January 1st. Specifically, what technical implementation is required for DiGAs, and where can the relevant technical documentation be found?
Additionally, I have learned that the technical documentation for ePA (electronic patient record), which is also mandatory from January 1st, is now available. However, I have not seen any official announcements about this.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

Anonymous 5 months ago
This is a new requirement for DiGAs starting January 1st. Where is the official technical specification published?
 Reply to this comment

Discussion

1 Answer

Accepted answer Dr. Oliver Eidel · Founder & CEO, OpenRegulatory ·
According to recent updates from Gematik, the authentication process for GKV-insured users currently involves using either the alternative insurance identity (al.vi) or the electronic health card (eGK) with a corresponding 6-digit PIN. Moving forward, a federated identity provider will be introduced by the insurers to provide users with an electronic identity (eID).
For DiGAs to integrate with the ePA (electronic patient record), you will need to be connected to the Telematikinfrastruktur (TI). This involves obtaining a connector and a card reader, as well as an SMC-B card from Gematik. If your servers are on-premise, you operate the hardware locally. If your servers are cloud-based, you can use a data center connector via a service provider. The SMC-B card contains the telematics ID used to authenticate your DiGA with the TI and the ePA system.
Once a user authorizes your DiGA for write access to their ePA, you can transmit data either in the structured DiGA MIO format or unstructured as a PDF, as regulated by the DiGA ordinance. Currently, DiGA manufacturers are not authorized to read data from the ePA.
The technical documentation and further details can be found via Gematik and the official DiGA-Verordnung. More specific integration documentation is usually provided directly by Gematik or your integration partner.

Join the discussion. Leave a comment. Guest comments are welcome — add your email to get reply notifications.

No comments yet. Be the first to share your thoughts.
Want to add your answer to this question?
Write an answer under your name by logging in or signing up, or post anonymously.

Keep reading

All questions
A

Is it permissible to provide access to a DiGA app before insurance approval?

Anonymous · 1 comment
6 months ago
We are developing a DiGA app and would like to allow users to start using the app before their insurance company has approved their access (i.e., before they receive the code that allows us to invoice
Accepted 3 answers

If your DiGA app is CE-marked and complies with MDR, you can make it available to users based on the intended purpose, regardless of insurance approva

Blog

DiGAs and the Telekom Cloud Run On Chinese Software From Huawei. Say What?

Updated over 1 year ago

Dr. Oliver Eidel

A

What is a MDR UDI? Unraveling the Importance of Unique Device Identification

Anonymous
about 2 years ago
What is a UDI in the context of the MDR and FDA?
Accepted 1 answer

A Unique Device Identifier (UDI) is a distinctive code assigned to medical devices (and their packaging) to provide them with a unique identity. Simil

Still have a question? Ask a question here publicly — for free.

Or talk to one of our consultants — first calls are free. Check out our services and prices.

Looking to automate your regulatory work? Check out our eQMS, Formwork. Built for lean, founder-led companies. There’s a free version too.