TI is Telematik Infrastruktur. So TI-Messenger is just a messenger running on the VPN used for patient-data.
It's good to see this happening. One of the biggest German healthcare contractors - famous for terrible code - had managed to creep their S/MIME demo implementation derivative code as a standard for secure communication in the healthcare world. With a MITM at each Kassenaerztliche Vereinigung(i.e. the people that represent the doctors and that charge ~2% per transaction for charging the public insurance companies). So it's unaudited "E2E" with a MITM by design. Given the complexity of this codebase, I do hope that they just use it unmodified.
EDIT: one of the reasons why the KVs rolls/ed their own is because of inherent distrust between the physicians or the institution representing them and the governments health ministry getting that data. They believe that the government is incentivizing hospitals to take over physicians share of the cake. I wouldn't say that the distrust is misplaced, but unfortunately these crappy half baked own solutions born out of nepotism don't help their case.
As a sidenote, it's crazy how bad some of the government IT projects are. In the country I'm thinking of I'm pretty sure corruption plays a big role in it, but even so, you have to be very illiterate in IT for it to not be obvious that the contractor didn't do their job. I guess a lot of the administrators responsible for evaluating the project's status are too old to have grown up with internet and computers around them.
I think there's a lot of corruption there, but it goes beyond that. Government IT consulting is a very exclusive niche that's hard to get into.
None of the managers are willing to risk losing an IT contractor/or product no matter how terrible they/it are/is. There are basically two IT choices that they do:
1. Choose a really big expensive company that is in Gartner(they do have the best dinners though, also you get to travel business class to visit them for seminars).
2. Choose someone that they know through somebody. It's quite amazing that Matrix has managed to get as much government traction as it has. I've seen a person not willing to kick out a product where I had to walkthrough the creator of it on a Teamviewer on how to debug his own app in the web inspector, and it was unable to display pdfs if they were in landscape(for years). And everyone knew they were bad, the managers would joke about it.
As they say, nobody ever got fired for buying IBM. These people are absolutely terrified of making a bad decision that may cost them a promotion in the future.
It's not really corruption. It's moral hazard, and its self-reenforcing. The moral hazard is that the people paying for the solution don't make it and don't support it. They make poor decisions based on what they can see and don't know enough to ask deeper, relevant questions about complexity. It's self-reenforcing because the kinds of people who do know enough to ask deeper, relevant questions usually have little interest the work of keeping fundamentally broken systems alive on life support, and their thoughtful improvements will go unnoticed or worse, taken as evidence of incompetence. (I suppose the value proposition of some companies is that they can do both; I have doubts that that has ever happened.)
If your job is to allocate money to the actual doers, and they don't get it done, is it the allocator's fault, or the doer's fault? The best case is when you get the authority but no responsibility for failure, which is precisely what many modern American middle-adminstrators do.
I'm having a hard time understanding this dynamic. I just can't imagine a professional environment like this. I feel like people involved at all stages should understand that they're doing the wrong thing.
It's good to see this happening. One of the biggest German healthcare contractors - famous for terrible code - had managed to creep their S/MIME demo implementation derivative code as a standard for secure communication in the healthcare world. With a MITM at each Kassenaerztliche Vereinigung(i.e. the people that represent the doctors and that charge ~2% per transaction for charging the public insurance companies). So it's unaudited "E2E" with a MITM by design. Given the complexity of this codebase, I do hope that they just use it unmodified.
EDIT: one of the reasons why the KVs rolls/ed their own is because of inherent distrust between the physicians or the institution representing them and the governments health ministry getting that data. They believe that the government is incentivizing hospitals to take over physicians share of the cake. I wouldn't say that the distrust is misplaced, but unfortunately these crappy half baked own solutions born out of nepotism don't help their case.