The Hospital Future Act Mandatory Criteria

The most important thing in brief:

• Die Hospital Future Act Mandatory Criteria define binding safety, interoperability and digitization requirements that clinics must meet for eligible projects.
• A clear analysis of existing processes and systems forms the basis for specifically closing gaps with regard to KHZG requirements.
• Clean, continuous documentation of all technical and organizational measures is crucial to meet requirements in the long term and to safely pass audits.

KHZG Must-Criteria: What is behind them?

The Hospital Future Act (KHZG) is one of the most important modernization programs in the German healthcare system. Through the Hospital Future Fund (KHZF), it is providing around 4.3 billion euros to advance digitization and IT security in German clinics. A particular focus is on the so-called Hospital Future Act Mandatory Criteria, which are intended to ensure that funded projects are not only implemented digitally, but also securely, interoperably and sustainably.

The KHZG Muß-Criteria define binding requirements — including IT security, interoperability, data protection, process efficiency and patient orientation. KHZG-funded measures are only considered compliant with the rules if these criteria are met. In essence, it is always a question of which technical, organizational and safety-relevant standards clinics must meet in order to correctly implement KHZG funding.

Why the Hospital Future Act Mandatory Criteria are so important

The criteria serve as guidelines so that digital infrastructure projects in clinics function sustainably and do not result in isolated solutions. Particularly central reasons are:

1. Legal requirements & funding requirements

Hospitals must meet the mandatory criteria in order to receive funding and prevent misuse. They are based, among other things, on:

• Requirements of the Hospital Structural Fund Ordinance (KHSFV)
• Requirements of the Federal Social Security Office (BAS)
• General Data Protection Regulation (GDPR)
• IT Security Act and Industry-Specific Safety Standards (B3S Hospital)

2nd Protection against cyber attacks

Hospitals are among the most frequently attacked CRITIS sectors. Modern IT security — a key requirement — is vital for smooth processes.

3rd Efficiency gains in everyday hospital life

Digitalization should relieve processes such as patient admission, report management or surgical planning. Mandatory criteria help to avoid media breaks.

4th Better patient care

For patients, meeting the KHZG mandatory criteria means faster processes, lower error rates and greater transparency.

‍

Here is another possible example that underlines how important the KHZG and its criteria are:

In a fully occupied intensive care unit, the internal communication system fails for half an hour one night. Nurses have to laboriously share information over the phone, laboratory results are delayed and a planned procedure has to be postponed due to a lack of data. For affected patients, such a delay can be life-critical. This incident — real and not uncommon — shows how important modern, reliable digital structures are in hospitals. This is exactly where the Hospital Future Act (KHZG) comes in with its mandatory criteria.

‍

An overview of the most important KHZG Muß criteria

The mandatory KHZG criteria include the following areas:

1. Information security

• Implementation in accordance with B3S hospital
• Role and authorization concept
• Regular risk analyses
• Emergency and restart concepts

2. Interoperability

• Use of international standards (HL7, FHIR)
• Structured data formats
• Cross-system communication

3. Usability & Accessibility

• Intuitive user interfaces
• Accessibility in accordance with BITV

4. Process-oriented digitization

• Optimized workflows
• Smooth media transitions
• Demonstrable efficiency gains

5. IT documentation & verification

A point that is often underestimated in everyday clinical practice, but is decisive for eligibility: The complete documentation of all systems, interfaces, responsibilities and safety measures.

This often involves a great deal of effort — and this is exactly where Docusnap significant added value.

How Docusnap helps clinics meet KHZG Muß criteria

Digital infrastructure is complex — particularly in hospitals, where medical devices, laboratory systems, management software and communication platforms are interconnected. Compliance with the mandatory criteria requires clear transparency. This is where Docusnap shows its strengths.

1. Complete IT inventory — basis for KHZG evidence

Many mandatory criteria require an up-to-date and precise overview of the entire IT landscape. Docusnap provides:

• automatic, agentless inventory of all systems
• detailed overview of servers, clients, network devices, software versions and services
• reports and schemes, which can be updated at any time

Especially in the KHZG context, this enables clean verification.

2. Transparency about role and authorization concepts

The mandatory criteria require comprehensible authorization management. Docusnap delivers:

• comprehensive User rights evaluations
• Recognition of critical combinations of rights
• audit-proof documentation

3. Assistance with security and risk analyses

Without a complete overview of IT assets, it's hard to identify security gaps. Docusnap supports clinics by:

• dependencies makes visible between systems
• Outdated or insecure systems identified
• Generates network plans that reveal areas of attack

4. Documentation for audits & evidence

KHZG projects almost always end with an audit or audit phase. Docusnap helps here by:

• automatic, exportable reports
• complete system documentation
• clearly comprehensible changes and histories

Step-by-step: This is how hospitals successfully implement KHZG mandatory criteria

1. Current analysis & gap assessment

First, clinics must clarify which mandatory criteria have already been met and where there are gaps.

• IT inventory
• process analysis
• Safety analysis

2. Prioritization & action planning

Not everything can be implemented at the same time. It is important to prioritize according to risk, effort and funding requirements.

3. Technical implementation

This includes the introduction or adjustment of:

• patient portals
• Digital care and treatment documentation
• OP management systems
• Communications solutions
• IT security measures

4. Documentation & verification

This step is often decisive for the recognition of funding.

5. Continuous testing

KHZG is not a unique project. The mandatory criteria must be met over the long term — a clear advantage when IT documentation is automated.

What clinics should pay particular attention to when implementing

Don't underestimate interoperability

Interfaces are among the biggest challenges in everyday hospital life. The mandatory criteria clearly specify which standards must be met.

Take safety requirements into account at an early stage

Safety aspects are often only considered at the end — a common mistake. A modern authorization and emergency concept is mandatory.

Understanding documentation as an ongoing process

Many funding projects fail not because of the technology — but because of the lack of documentation.

Schedule change management

Technical solutions must work in everyday life. Training, clear responsibilities, and feedback loops are crucial.

Conclusion: Meet mandatory criteria — improve patient care

The Hospital Future Act is a great opportunity for clinics to future-proof their digital infrastructure. The KHZG mandatory criteria ensure a minimum level of quality, safety and interoperability. They are not only a bureaucratic hurdle, but also crucial for a stable IT foundation — and therefore for better supply.

Docusnap provides clinics with all tools to meet mandatory criteria in a structured, efficient and sustainable way. From inventory to access controls to audit-proof documentation, the entire process is supported. If you want to implement KHZG projects successfully and securely, there is no way around professional and automated IT documentation — and this is exactly where Docusnap makes a key contribution.