Electronic Patient Record: Open Data Protection Questions Despite Improvements
Despite new and planned data protection enhancements, the electronic patient record remains problematic for particularly sensitive data.
(Image: KomootP/Shutterstock.com)
Discussions about IT security and data protection for the electronic patient record (elektronische Patientenakte, ePA) are ongoing. While there have recently been improvements in data protection for information regarding the medication process and in the future, billing data will no longer be automatically visible to all service providers, fundamental questions remain unanswered. This is shown in a response from the German government to a minor inquiry by the parliamentary group "Die Linke" (Printed Paper 21/2238). The government sees significant responsibility with health insurance companies, for example, regarding user-friendliness and accessibility.
Critical questions regarding cooperation with companies like IBM and the implications for digital sovereignty were only answered to a limited extent. According to its own statement, the Federal Ministry of Health (BMG) has no knowledge of the contracts between the operators and the health insurance companies. Instead, it refers to existing security measures: ePA data is encrypted and stored on servers in Germany and cannot be read without the insured person's key.
Digital Sovereignty
The German government is not planning its own review of dependencies on non-European providers. Instead, it refers to the Act on the Federal Office for Information Security (BSIG), which defines security requirements for so-called critical infrastructures – including healthcare. According to § 9b BSIG, the Federal Ministry of the Interior (BMI) can prohibit the use of a technical component if its manufacturer is considered untrustworthy, for example, due to state control from abroad.
According to the response, no evaluations of the opt-out procedure for the electronic patient record (ePA) are currently planned, although Gematik is evaluating the procedure. However, there are no "coordinated regulations or agreements with the health insurance companies." The German government emphasized that it is in regular exchange with professional organizations and associations representing the users of the ePA on the provider and insured person sides to assess the procedure – but a systematic scientific review is not planned. An official evaluation seems appropriate, given that patient records are repeatedly created despite objections.
Access Rights Only Roughly Controllable
The German government also confirms that insured persons can only grant or revoke access rights in the ePA "institutionally" and cannot specifically block or grant access to individual documents for certain practices or doctors – they can only be completely hidden, which then applies to everyone. The German government justifies this weakening of the so-called "fine-grained authorization management," which existed in the earlier opt-in version of the ePA, with a lack of practical suitability. The old ePA was too complex and used by too few insured individuals. So far, around 3.7 million insured people have a HealthID necessary for active use of the ePA.
If documents such as doctor's letters are hidden, this applies to all service providers; it cannot currently be blocked for individual ones. Insured individuals can set the period during which a service provider has access themselves or terminate it prematurely – either via the ePA app or via their health insurance company's ombudsman. From January 1, 2030, it will also be logged which individuals have accessed the data, not just which institution.
Billing Data No Longer Visible to All
According to an amendment (PDF) to the bill on the expansion of powers and deregulation in nursing, billing data entered into the electronic patient record by health insurance companies will no longer be automatically visible to everyone in the future. The Federal Ministry of Health had confirmed this to heise online. This is intended to prevent service providers who are not involved in the respective treatment from accessing sensitive billing information.
In emergencies, the same access rules apply as in regular treatment: doctors may access stored data if it is necessary for diagnosis or treatment and there is no explicit objection from the patient. The German government emphasizes the potential benefit of the ePA for a "seamless exchange" between outpatient practices, clinics, and psychiatric facilities. In practice, however, this is rarely the case so far, as only a few hospitals have technically integrated the ePA and actively incorporated it into their workflows.
Data on Mental Illnesses
The German government attributes a "special need for protection" to particularly sensitive data, such as that on mental illnesses, abortions, or sexually transmitted infections. Doctors are therefore required to explicitly inform patients of their right to object before storing such data. However, no further protective mechanisms are planned.
The German government currently has no concrete indications of misuse cases involving ePA data. However, experts have long criticized that patients with mental illnesses, in particular, are often unable to make complex data protection decisions themselves. "There are patients who may not even manage to object to data storage because they cannot fully read the written information in the admission documents due to concentration problems," said Susanne Berwanger from the Professional Association of German Psychologists at heise online at the end of 2024. And other issues also leave data protection advocates wanting, such as the lack of seizure protection.
(mack)
