Edgeless Systems software protects the data of millions of insured individuals in electronic patient record system

The electronic patient record (ePA) is a cornerstone of Germany’s digital healthcare system. Its operation is subject to strict data protection and technical requirements. One of the most demanding aspects is the “technical operator exclusion” mandated by Gematik, which must be implemented via a trusted execution environment (TEE): the infrastructure and backend operator must verifiably have no access to the health data. At the same time, the infrastructure must serve millions of insured individuals reliably and with high performance. 

Edgeless Systems provides confidential computing software that fulfills exactly these requirements. In collaboration with IBM, the software is used in the ePA to run sensitive applications inside isolated, hardware-protected environments based on Intel confidential computing CPUs. This ensures that even the infrastructure operator cannot access patient data. The software from Edgeless Systems comes with transparent source code, enables holistic attestation of the application, and it faciliates easy scaling on Kubernetes. 

The complete solution, including Edgeless Systems’ confidential computing software, is certified by Gematik and enables a secure, scalable ePA backend system for up to 50 million insured individuals, including members of AOK, Barmer, and Techniker Krankenkasse. The project demonstrates how regulatory data protection requirements and technical operator exclusion can be reliably and efficiently realized with confidential computing.