The German national health IT body (gematik) has agreed to evaluate USB sticks as a means of storing and carrying electronic patient records, following months of discussions and vociferous demands from doctors.

Pressure has come from German doctors that have insisted on an alternative to saving patient data on what has been described as “central mega servers”. The concerns about centralised databases come despite the German health IT project being based on a heavily decentralised architecture.

The proposal to test USB sticks, but also USB smartcards, SD cards, and other portable security tokens, as a voluntary component of the national health IT infrastructure was brought to the gematik general meeting by the German Federal Association of Doctors (Bundesärztekammer). It was backed by the representatives of health insurance companies, hospitals, dentists, and pharmacists.

Gematik now has to present a concept on how USB devices could become part of the national health IT infrastructure by February 2009.

At that time the gematik general meeting will reconvene and, probably, give the green light to testing USB devices, first in the gematik laboratory in Berlin, and later in one or more of the seven smart card test regions all over Germany.

Apart from technical issues, the concept paper will also have to give a rough estimate on how expensive the USB approach might be. “It is clear that USB tokens will not be a substitute for smartcards”, said gematik spokesman Daniel Poeschkens. Instead they are intended to be supplementary to the currently planned smart card infrastructure, and an extra cost.

There will be no real point of comparison, though, since full calculations about costs of electronic patient records have never been made in Germany.

All that has been officially published to date is a €1.4bn estimate for the costs of the smartcard based security infrastructure. The full costs of the project are likely to be far higher.

Unsurprisingly, initial reactions from doctors to gematik’s decision were positive: “This is an essential step to build up trust into the security of the national health IT infrastructure”, argued Christoph Fuchs, the managing director of Bundesärztekammer.

Fuchs also said that he was convinced that adequate encryption was as essential for USB sticks as it was for storage in data centres. To provide this encryption, he recommended using the private key of the German patient smartcards. This would mean that patient information could only be written or read when both USB stick and patient smartcard are available. Sounds complicated.

There is a good chance that the prospect of USB tests at some time in 2009 or shortly afterwards will pacify the smartcard discussions for the next couple of months. As these are the months of the first wave of the smartcard rollout in North-Rhine Westphalia, gematik’s USB announcement comes at a fortuitous moment.

Even declared smartcard critics praised gematik for its decision. In particular, NAV Virchow Bund, a non-official doctors association, made a political turnaround and announced that it will support the USB test in the test regions. In an ideal world, the USB tests might lead to more relaxed discussions about benefits and dangers of digital data storage in medicine.