Electronic patient file

3 min
Tags: Electronic patient ePA digitization Healthcare patient file sensitive data research

Electronic patient file - what does that mean for me?

The electronic patient file (ePA) is to be introduced in Germany on a mandatory basis by the end of 2024. These are the plans of Health Minister Karl Lauterbach. The digitization of all data is intended to put an end to the paper economy once and for all.

However, the introduction of the electronic patient file is not wholeheartedly welcomed by all parties involved. Here you can find out what this step means for you and what data is collected in the ePA.

This data is stored

Healthcare practice to date has looked like this: Patients' diagnoses, X-rays, MRI reports, and medications reside directly with the physician and, if necessary, are sent to the primary care physician by a healthcare facility such as a radiology institute.

With the introduction of the ePA, this practice will end. The electronic patient file works like a data container in which all the health data of a patient is combined and stored. This means that, in addition to the documents and records listed, the vaccination card, the living will, the maternity passport and the bonus booklet for the dentist are also stored in electronic form in the ePA.

It is also planned that insured persons can create their own data, such as a diary of blood pressure measurements.

Advantages of the electronic patient file

The main advantage of electronic patient files is the elimination of mountains of paper. Experts have long criticized the slow pace of digitization in the healthcare sector. In addition, the constant availability of all data should ensure faster help in an emergency. Doctors gain insight into an insured person's entire medical history and can add documents and data themselves. The aim is also to reduce healthcare costs, for example by avoiding multiple examinations.

Can the ePA be rejected?

The German Minister of Health has been criticized by patient advocates for the planned principle of objection to the electronic patient file. Insured persons who have data protection concerns must expressly object to the creation of this data repository if they do not want it (opt-out procedure). Until now, insured persons had to give their express consent if they wanted to use an ePA (opt-in procedure).

Who has access to the data?

Anyone using the electronic patient file must authorize access at hospitals, doctors' offices and pharmacies. This is done by entering a PIN. The physicians themselves need another personal identification number to access the data. It should also be possible for insured persons to limit access authorization to a specific period of time. This case occurs, for example, when treatment with a specialist is required for a limited period of time.

How secure is the data?

Questions about data security were followed by the usual promises from the Ministry of Health. The original statement from the agency hired to run the health system's digital infrastructure is that "data resides securely and encrypted in the ePA record systems of the respective operators, which are operated in the telematics infrastructure. “

End-to-end encryption and two-factor authentication are planned. This means that the data can only be read with the respective end device. The targeted interception on the way from the transmitter to the receiver would therefore be useless.

Despite all the full-bodied promises made by developers and politicians, data protectionists are warning of data misuse. Since the insured are to access the electronic patient file via an app, the usual security leaks of all commercially available smartphones lurk.

Conclusion: The introduction of the electronic patient file is intended to ensure faster help in emergencies and to result in cost savings in the healthcare system. What is questionable is the fact that the introduction of the principle of objection is intended to virtually take away the control of the insured person over his or her medical history.

Lauterbach also indicated that the data from the electronic patient file may be used for research purposes. Should it turn out at some point that sensitive data was passed on to the pharmaceutical industry without the consent of the patients, from a data protection point of view this would amount to a super-disaster.