Sign In
Medical practice · § 203 StGB

Patient mail.Encrypted.No hurdle.

Patient communication and lab-result transfer outside mandatory KIM cases. § 203 StGB context, EU hosting, audit log per GDPR Art. 30. As of 2026.

Request a demoSecureMail in detail
At a glanceAs of 2026

Patient mail without an account and without forcing KIM.

  • Lab results via fax or unencrypted mailWeb reader or S/MIME, audit log included
  • Patient data sending as a manual risk stepSecureMail default straight from Outlook
  • Bulk attachment in the GP mailSecureFiles as a direct line for DICOM bundles
Conbool complements the KIM telematics infrastructure for everyday needs: patient to practice, practice to GP, practice to insurer. Web reader for patients without software, EU hosting, audit log.
Right for you if:Practice 1–20 doctorsMVZ and practice groups§ 203 StGB
100 %
EU hosting
§ 203
StGB context
Audit
per access
30 min.
Setup per mailbox

Compliance anchors

§ 203 StGB medical confidentialityGDPR Art. 9 special categoriesGDPR Art. 32 securityKBV IT security guideline reference

Conbool does not replace KIM or ePA and does not interact with the telematics infrastructure. Conbool covers patient and practice communication outside mandatory KIM cases, with § 203 context assuming correct configuration.

Four building blocks for practices and MVZ.

SecureMail for patient mail, SecureFiles for lab-result bundles, MailGuard against practice phishing, Disclaimer for required disclosures.

SecureMail

SecureMail

S/MIME, OpenPGP or web reader for patients without software. Outlook add-in for the practice.

SecureMail in detail
SecureFiles

SecureFiles

DICOM and lab-result bundles as a direct line between practice and GP or hospital.

SecureFiles in detail
MailGuard

MailGuard

Detect practice phishing and forged insurer mail at the authentication layer.

MailGuard in detail
Disclaimer

Disclaimer

Practice-owner disclosures server-side in every outbound mail.

Disclaimer in detail
Typical workflows

Four scenarios from a working practice.

From patient to clinic and back.

1

Lab result to the patient

A patient without software receives the result via the web reader, no KIM account. Audit log records access and read time.

2

DICOM to the referring colleague

SecureFiles as a direct line for DICOM bundles beyond Outlook size limits.

3

Insurer query

Insurer queries containing patient data sent encrypted, with documented receipt.

4

Catch practice phishing

Forged KV or insurer mails to reception are caught by MailGuard before patient data is exposed.

Architecture

Practice IT stays practice IT.

Conbool sits in front of Microsoft 365 or Exchange Online of the practice. Telematics infrastructure and practice management system remain unchanged.

MX switch

SMTP inbound runs through Conbool, M365 tenant remains the back-end.

KIM stays in parallel

Conbool does not replace KIM. Mandatory KIM cases continue through the telematics infrastructure.

Outlook add-in

Classic, New and Web. No setup on practice machines.

Coexistence with PVS

Practice management systems remain unchanged. Conbool coexists via Outlook and SMTP.

Compliance mapping

§ 203 StGB and GDPR Art. 9 in technical terms.

Patient data is a special category. Conbool delivers the protections from Art. 32 GDPR as a default.

End-to-end encryption

S/MIME, OpenPGP or web reader, depending on the recipient.

Audit log per GDPR Art. 30

Per patient contact: who, when, from where accessed.

DPA per GDPR Art. 28

Processing agreement with Conbool, sub-processor list in the DPA.

Retention

Patient-record retention configurable per practice.

Migration

Pilot in one practice, then MVZ-wide.

One practice starts, the MVZ follows. No interaction with telematics.

Pilot in one practice

One practice tests, the rest remains unchanged.

MVZ rollout

Outlook add-in for all practices via the Microsoft admin centre.

KIM stays KIM

Mandatory cases like eAU and eRezept continue undisturbed.

Training

Recommendations for practice-staff training included.

Frequently asked questions

Does Conbool replace KIM?
No. KIM is the legally specified channel for mandated medical transmissions like eAU or eArztbrief. Conbool covers patient communication outside mandatory KIM cases and complements the telematics infrastructure.
How does this fit § 203 StGB?
Conbool supports medical confidentiality under § 203 StGB technically through encryption, EU hosting and audit log. Professional responsibility remains with the practice owner; correct configuration and staff training are prerequisites.
How do patients read our mail?
Patients receive a link to the web reader and read the message in a browser session, no account or software install required. For repeat recipients passwordless return kicks in for 12 months.
What does Conbool cost for practices?
Modular per function and per mailbox. Small practices can start without forced editions. Concrete pricing on request.
What about DICOM and large result bundles?
SecureFiles accepts large bundles without a hard per-file cap. DICOM bundles and imaging flow directly from practice to clinic or GP.
Is Conbool suitable for MVZ?
Yes. Conbool scales per mailbox and can be rolled out centrally for an MVZ with multiple practices, in separate tenants or one central tenant.
What about practice management systems?
Conbool coexists with common practice management systems through Outlook and standard mail protocols. PVS functions remain unchanged.

Verwandte Lösungen

SEPPmail-Alternative

SaaS-SecureMail aus der EU, ohne Appliance-Pflege.

NIS-2 E-Mail-Verschlüsselung

S/MIME, PGP und Domain-Verschlüsselung nach NIS-2 angemessen.

NIS-2 E-Mail-Sicherheit

NIS-2-konforme E-Mail-Sicherheit mit Audit-Trail.

PDF-Verschlüsselung

Sensible PDFs verschlüsselt versenden, ohne Empfänger-Konto.

Secure Message Portal

Empfänger-Web-Reader für Schlüssel-lose Empfänger.

Verwandte Branchen

Conbool ist in benachbarten Branchen mit ähnlichem Compliance-Profil im Einsatz.

Krankenhaus & Klinik

Klinik-Pendant mit KIS-Anbindung, KHZG und KRITIS-Pflichten nach § 8a BSIG.

Pharma & MedTech

Hersteller-Anwender-Kommunikation, Studienunterlagen und EU-MDR-Bezug.

Anwaltskanzlei

Schweigepflicht-Schwester: § 203 StGB außerhalb des Gesundheitswesens.

Patient mail encrypted, with no hurdle for the patient.

Demo in 30 minutes. Pilot in one practice. Modular by function.

Request a demoSecureMail in detail

Sources and date

Statements about § 203 StGB are based on the respective German statute in force. Statements about GDPR are based on Regulation (EU) 2016/679, in particular Art. 9 and Art. 32. Statements about KIM are based on the gematik specifications in their respective version. As of 2026.

KIM and ePA are designations of gematik GmbH. Microsoft, Microsoft 365 and Outlook are trademarks of Microsoft Corporation. Conbool is a trademark of Conbool GmbH.