Welcome to F136 - the gematik technology blog

The gematik technology blog was created to give back to the community. As open source is part of our DNA, we do not only share our work results on GitHub but also want to share the stories behind them. We hope it helps people to prevent making mistakes we made and motivates them to explore technologies for modern healthcare!

The name “F136” is not a new stealth fighter airplane but derives from our location in the heart of Berlin, at Friedrichstrasse 136. It’s a commonly used internal term for our office.

Have fun reading at the gematik tech blog!

Our blog articles

testing

• How the KOB Test Suite Improves Development and Compliance Processes - 16 Dec 2024
  Gematik’s open-source KOB Test Suite, powered by Tiger, transforms healthcare digitization by enabling local testing, CI integration, and streamlined development. Discover how it fosters trust and efficiency in ePA rollout.
  
  
• Zero-line test suite - 13 Oct 2022

  Writing test suites that don’t age, don’t require software developers to set up, and still have significant technical depth is an impossible goal we at Gematik are constantly working towards. Zero-line test suites are a concept for minimizing required code while maximizing technical depth.

tech

• RMI Migration - Preventing Legacy - 09 Dec 2025
  This article examines how to prevent a project from becoming legacy by migrating RMI (Remote Method Invocation) as a case study. When an outdated technology becomes a blocking factor, replacement is often more effective than continued maintenance. RMI was once a prominent component of the Java ecosystem, but Spring has discontinued its support due to evolving industry standards and modern alternatives. This article discusses at first,why RMI has become problematic in contemporary projects, then the strategies for migrating away from RMI, at last how to ensure long-term project maintainability and updatability. While this demonstration focuses on RMI, the principles and migration strategies presented can be applied to similar scenarios involving deprecated technologies. Proactively replacing outdated dependencies prevents technical debt and keeps projects aligned with current frameworks and security standards.
  
  
• How Setting Everything as Code Accelerated the DEMIS Development - 05 Dec 2025
  We show how Shifting-Left-and-Down contributed to the moderization of the DEMIS Platform, reducing the time-to-production and improving the overall quality of the product.
  
  
• Audit Preparation in E-Rezept App (iOS) - 06 May 2025
  Our technical approach for preparing for audits explained.
  
  
• The 3 Levels of VAU (version 1) Data Types Explored in Kotlin - 28 Feb 2025
  Presenting the VAU (version 1) data types in Kotlin
  
  
• The VAU channel to the Aktensystem - 03 Feb 2025

  A trusted runtime environment (VAU) is a technical measure to ensure that data in the ePA file system can be processed in plain text on the server side without individual employees of the operator having access to this data.

• Audit Preparation in E-Rezept App (Android) - 21 Jan 2025

  As an open-source and publicly funded application, the E-Rezept app must consistently pass rigorous audits. These audits are critical, and while auditors have access to the entire codebase, it’s our responsibility to make their task easier by providing well-documented and structured audit artifacts.

• Check TLS Client Certificate in Java - 08 Jan 2025
  This article explains how to interrupt a TLS handshake on the server side (using Java and Spring Boot) to validate the client's certificate and, if necessary, abort the handshake. The certificate validation process adheres to the specifications provided by Gematik. The Java library introduced in this article implements this validation and is already in use by several software companies.
  
  
• Introducing Windows Containers - 17 Dec 2024
  How Windows containers are helping us to keep legacy projects working and to support new requirements at the same time.
  
  
• Maintaining a Legacy System - 21 Nov 2024
  This article helps understanding Legacy Systems. It shows that maintaining legacy systems can be challenging due to outdated technology, lack of documentation. It supplies experience from practice the strategies and measures through gradual modernization, regularly plan for gradual updates and replacement of the system to modern technologies.
  
  
• How to replace the builder pattern in Kotlin - 11 Jan 2023
  Java has Lombok with its @Builder annotation. How to replicate this functionality when moving the codebase to Kotlin
  
  
• How we established a Secure Software Development Lifecycle - 09 Dec 2022
  Building secure software is hard. In this post, we share our experience with establishing a Secure Software Development Lifecycle during the development of the E-Prescription app.
  
  
• Software Factory - 14 Nov 2022

  Since May 2022 and after a long preparation, we’ve officially opened at gematik the Software Factory to all our colleagues. It is a collection of services that help developers, test analysts, and software architects to build, test, and release their projects in a stable, trackable, and consistent way.

• Validating FHIR resources is easy, right? Right?? - 04 Nov 2022
  It's pretty easy to build a reference validator for a given FHIR specification. And we'll show you how to do it.
  
  
• VAU and the Brainpool; plus some Kotlin - a more lightweight approach to ECIES - 12 Oct 2022

  Probably you’re here for an answer on how to implement the Elliptic Curve Integrated Encryption Scheme (ECIES) in something like Kotlin or Java for communicating with the trusted execution environment (TEE; or in german, we like to call this VAU) of our e-prescription server. Perfect! Because otherwise, I would lose your attention to three lines of code:

• Localization of the NFC antenna on Android devices - 07 Oct 2022
  In order to fully use the *E-Rezept-App* the users have to authenticate themselves with their digital identity which is stored on their health card (eGK). NFC-Localization-Android is an open source project which was implemented by the author to gather position data of the NFC-antennas of various Android based mobile phones. The goal is to provide users with better guidance during the authentication process by displaying the correct positioning of the health card relative to the mobile phone and its NFC antenna.
  
  
• OpenHealthCardKit - 23 Sep 2022

  The digitalization of the German Health System is progressing. One essential part for the users is having a digital identity on a health card that authenticates oneself. OpenHealthCardKit is the link to provide access to this card via a mobile device. It abstracts the technical communication and provides a semantic interface for your use case. With OpenHealthCardKit, accessing a card’s data and applications in your health-related app is now easy.

culture

• We open a new chapter - 30 Sep 2022
  We recently switched the organizational structure of the software development department from a line reporting focus to a learning focus. This is how we did it and what we learned.
  
  
• Welcome to the show! - 15 Sep 2022

  Welcome to the tech blog of the gematik! We know that starting a blog in 2022 is by no means innovative. But sharing knowledge is part of our DNA! We do it internally with our fellow developers, testers, and product owners - and we do it externally by sharing code and specifications on GitHub.