Digital Health Application for Ankylosing Spondylitis Builds Trust and Security
Patients with ankylosing spondylitis suffer from an incurable, chronic inflammatory disease which, in addition to severe pain, often leads to stiffness of the spine. Consistently performed exercise therapy is a central pillar of treatment. However, in practice, many patients implement this therapy insufficiently or not at all.
To address this challenge, Applimeda GmbH developed the “Axia” app in cooperation with the German Ankylosing Spondylitis Association (Deutsche Vereinigung Morbus Bechterew e.V.), physicians from Würzburg University Hospital, and physiotherapists from the Association for Medical Assistant Professions. The app motivates patients in a playful and practical way to perform their exercise therapy correctly and regularly. Applimeda GmbH’s goal was to demonstrate that the “Axia” app meets the highest IT security and data protection requirements and can therefore be reimbursed by all statutory health insurance providers as a digital health application (DiGA).
Initial Situation
To achieve this, the highest standards of IT security and data protection had to be met, particularly due to the sensitive nature of patients’ personal data. To ensure compliance with the requirements of the Federal Institute for Drugs and Medical Devices (BfArM) and the Federal Office for Information Security (BSI), Applimeda GmbH commissioned TÜV TRUST IT to conduct an audit in accordance with the technical guideline TR 03161.
Approach
Digital health and care applications (DiGA/DiPA) process highly sensitive data and therefore require an especially high level of protection. To meet these requirements, TÜV TRUST IT, as a testing body recognized by the BSI, evaluated the “Axia” app in accordance with the BSI TR 03161 standard.
The TR 03161 audit procedure includes a comprehensive technical analysis, examining, among other things, the following aspects:
- Security architecture
- Secure use of third-party software
- Authentication and authorization
- Cryptographic implementations (encryption)
- Secure data storage
- Source code security
- Network communication
The security of the “Axia” app was ensured through a comprehensive assessment. In addition to an in-depth source code analysis, dynamic penetration tests (simulations of real-world attacks) were conducted. The independent audit confirmed that “Axia” meets the high standards set by the BSI. With the successful certification, the project was completed—clear evidence of quality, security, and reliability.
Robert Leppich, CTO of Applimeda GmbH, particularly emphasized the collaboration:
“Working with TÜV TRUST IT made a significant contribution to the successful completion of the certification process. We would especially like to highlight the open communication, the high level of technical expertise, and the exceptional attention to detail demonstrated by the auditors. Their expertise had a decisive impact on the quality of the process and its swift implementation.”
The auditors at TÜV TRUST IT were equally positive:
“We were very impressed by the fast response times and the high level of technical expertise within the Applimeda GmbH team. In particular, the structured preparation and open communication contributed to the audit being carried out smoothly and efficiently.”
Benefits
Thanks to the successful certification, Applimeda GmbH benefits from a wide range of advantages:
- Compliance with the highest IT security and data protection requirements
- Minimization of the risk of financial losses due to potential security incidents
- Increased credibility among patients, users, and business partners
The “Axia” app is therefore not only an innovative tool for supporting patients with ankylosing spondylitis, but also a demonstrably secure and trustworthy product. Feedback from all parties involved clearly shows that the combination of technical expertise, efficient project management, and close communication was a key factor in the project’s success.