B3S for hospitals

The industry-specific security standard

Book a demo

Contact Sales

White paper

Consulting for information security

What is the industry-specific security standard (B3S)?

German hospitals need to become more digital.

As of January 1, 2022, all German hospitals are obliged to implement state-of-the-art information security measures. With the new Section 75c SGB V, the obligation for KRITIS hospitals (§ 8a BSI Act), which has already existed since 2017, is also being introduced for non-KRITIS hospitals. What this initially rather technical-looking requirement means is that in addition to the actual technical measures, hospital management is obliged to introduce an information security management system (ISMS) as a priority.

As a guide, the German Hospital Federation has developed an industry-specific security standard for healthcare in hospitals in close consultation with the German Federal Office for Information Security (BSI), which specifies the legal requirements and supports their implementation.

Individual guidelines and policies have already been drawn up in numerous facilities and implemented in the organization. Other facilities are still in the early stages. A fully implemented and consistent ISMS is rarely found at present.

B3S helps to sustainably improve IT security in German hospitals and ultimately benefits patient safety. By its name, B3S means a security standard for IT infrastructures – however, it is a guideline that helps hospitals to comply with the provisions of the IT Security Act and the BSI Act. These stipulate that critical infrastructures in the area of information technology must be protected in accordance with the state of the art.

But smaller hospitals can align with this standard too, since the well-thought-out and structured guideline helps to comprehensively protect digital nerve fibers in hospital operation. The standard describes requirements for processes and measures that ensure good information technology.


The German government is providing funding of 3 billion euros as part the Hospital Future Act (KHZG). This funding will be used to drive digitalization and enhance IT security in hospitals and clinics.

What this means specifically is that clinics can invest, for example, in digital admissions management, in telemedicine technology or in the modernization of the emergency room. The funding is associated with the introduction of a standardized information security management system (ISMS) for all data in critical systems as well as for inpatient care processes. In addition to all patient data, such as medical results, case history or therapy documentation, this also includes documentation of function diagnostics and control data for therapy devices.

Industry-specific security standard

Process – from admission to discharge

B3S describes the optimal structure of the information security system in the hospital. The scope of the ISMS is defined first. This is based on critical systems and processes in inpatient care.

The core processes include patient admission, diagnostics, therapy, accommodation and care and discharge management. These core processes are accompanied by support processes, in other words information that is relevant for the provision of critical services.

Certified expertise in data protection management
IBM Control Desk: Deployment, optimization, operation and expansion

Your professional consultant for B3S

Our certified consultants advise and support you in implementing the ISMS and the requirements of the B3S, drawing on agile project management methods.

The individual sub-areas are grouped together in streams, which reflect the workflows. SCRUM project management methods are used to yield additional results. Hospitals are thus provided with ongoing insight into the progress of the project. This approach allows agile and rapid reactions to changes in the project.

The experts at handz.on are always at your side with advice and support to ensure that introducing an ISMS is not like leaping into the unknown, rather a smooth and guided transition to a B3S-compliant ISMS.

handz.on – Information security

The benefits of implementing B3S for your hospital

Availability – integrity – authenticity – confidentiality

In the face of increasing demands on IT security, the implementation of an ISMS not only creates the foundation for fulfilling statutory obligations. Rather, it can become the decisive competitive edge for hospital operators. The range of services as well as processes can be replicated and optimized digitally. This investment pays off and forms the basis for a series of downstream digitalization projects.

Certified expertise in data protection management
ISMS – Hospital Future Act (KHZG)

How can we support you?

  • Preparation of a cost estimate
  • Planning of the implementation
  • Implementation of agile project management for execution purposes
  • Operational design
  • Coaching of the information security officer
  • Employees training

Consulting for information security

Our handz.on service – strategy, processes, solutions from a single source


Trust is the basis for a good and long-term cooperation. Strengthen the trust of patients and partners in your company. With transparency and complete control of your information assets and data, you set a high standard and prove yourself to be a trustworthy partner.


Streamlined and at the same time effective information security processes can be easily implemented in day-to-day business and significantly increase acceptance among your patients and partners. An effectively implemented information security management system will help you to reduce your costs and boost your sales.


We are experts in our field. Get professional consultancy and support from our trained and distinguished consultants. Our certified employees are always at your side as a competent partner with advice and support.

We support you in implementing your B3S

Your contact

Britta Weber
Director Sales & Marketing


1 Step 1
Privacy Notice

* Required field

FormCraft - WordPress form builder
Scroll to Top
Scroll to Top