Knowledge BaseFrequently Asked
Frequently Asked
Questions.
Everything you need to know about Health ID integration, compliance standards, and the future of the Telematics Infrastructure.
General & Compliance
BSI TR-03161 defines the security requirements for applications in healthcare. Compliance with this guideline and proof through appropriate expert opinions (e.g. according to BSI and BfArM specifications) is mandatory for DiGAs. azuma doa is developed from the ground up according to these standards.
TI 1.0 was based heavily on hardware (eGK, connectors). TI 2.0 (TI Federation) represents the transition to a purely software-based, decentralized zero-trust architecture. The Health ID is the identity service for patients in TI 2.0 and enables authentication without a physical card, e.g. via smartphones and passkeys.
Yes, azuma is multi-tenant and supports international standards. For the Swiss market, we offer integration of the HIN ID to provide service providers with secure and familiar access to applications in the Swiss e-health ecosystem (e.g. EPD).
azuma doa
Generic IAM systems like Keycloak or Auth0 do not natively support the specific German healthcare standards (gematik, TI Federation, Health ID). azuma is the specialized alternative that combines modern identity management with full compliance for the German and European healthcare markets.
azuma doa is a specialized Health IAM for DiGA manufacturers, clinics, and patient portals. It offers multi-tenancy, MFA with device binding, passkeys and FIDO2 biometrics, and seamless OIDC integration — with out-of-the-box compliance for BSI TR-03161, MDR, and GDPR.
azuma doa offers a free Developer plan for sandbox testing and prototyping, a Standard plan for startups and SMEs in production, and an individually priced Enterprise plan for clinics and large systems with multi-tenancy, sub-tenants, and dedicated instances (HSM).
A Hardware Security Module (HSM) is a dedicated hardware component for securely storing cryptographic keys. azuma doa offers HSM-based solutions to physically isolate and protect user identities and signature keys. This is a critical building block for meeting the high security requirements of BSI TR-03161.
Yes, our architecture is prepared for eIDAS 2.0 and upcoming European standards. azuma doa will support the EuDI Wallet as an identity source, allowing your application to benefit from European digital sovereignty without technological detours.
azuma mimoto
The Health ID is the digital identity for insured persons in the Telematics Infrastructure (TI). It enables patients to access applications such as the ePA or e-prescription securely and without a card. All providers of digital health applications (DiGAs) must support this identity to offer TI services. In the future, patient portals and telemedicine applications should also support the Health ID.
Integration with azuma starts at just €250 per month for our Starter Plan. This includes full access to the Health ID Federation and is specially tailored to the needs of DiGA startups. For large organizations, we also offer custom enterprise packages.
Thanks to our standardized OIDC interface and intuitive developer portal, azuma mimoto can usually be integrated within a few days. Our customers save several months of development time and significant compliance effort compared to developing it themselves.
The easiest way is to download the XML via our dashboard. Simply go to the Registration (XML) tab under the Relying Party, download it here, and send it to the BfArM. You only need to enter the MemberID and the Procedure ID. You can obtain these from gematik.
azuma nori
azuma nori is an agentic compliance workstation: a desktop app that runs locally on the developer's machine and automatically checks source code against pre-defined compliance matrices using bounded LLM Sub-Agents, instead of relying on rigid regex rules. Available policies are BSI TR-03161 (Parts 1–3) plus BSI TR-02102-1 and TR-02102-2; the EU Cyber Resilience Act is available as a Beta, and BSI TR-03107 and the EU AI Act are in development.
No. azuma nori is built on a zero-code-upload principle: source code is read and evaluated exclusively locally. Only strictly filtered telemetry (e.g. run ID, commit hash, compliance score) is sent to azuma's servers — never the source code itself.
azuma nori offers a free tier with self-service registration and 3 curated controls. In the Standard plan, policies are booked individually — pricing depends on each policy's complexity and is available on request.
Do You Have Further Questions?
Our team of experts will be happy to advise you individually on your project and the technical details.