Experts call for a different development process for e-patient records

Contents

The electronic patient record (ePA) has been the subject of discussion since its introduction—often described as too complicated, too insecure, or too little used. Changes are coming with the Nursing Competence Act, which has now been passed by the Bundestag. Among other things, it stipulates that billing data will no longer be visible to everyone in the system in the future and that further identification procedures will simplify access to the ePA.

Representatives from politics, science, medicine, health insurance companies, and consumer protection met in Mainz to discuss the opportunities, risks, and current status of the ePA. ePA for all—data for all? Germany torn between digital opportunities and real dangers was the title of the event, organized by the State Commissioner for Data Protection of Rhineland-Palatinate, Prof. Dieter Kugelmann, and the local consumer association.

“The ePA will only be a success story if insured persons have confidence in the instrument,” said the President of the Rhineland-Palatinate State Parliament, Hendrik Hering, at the opening of the event. It is equally important that patients retain control over their data and become aware of their personal responsibility. The new mandatory ePA since October 1st enables more transparency, avoids duplicate examinations, and creates the basis for better research—but trust and data protection are crucial, he explained.

Prof. Dr. Fruzsina Molnár-Gábor from Heidelberg University presented the legal framework of the ePA and the European Health Data Space (EHDS) and the associated shift from an opt-in to an opt-out procedure, meaning the automatic creation of the ePA. She emphasized that patients retain extensive control rights despite the automatic creation of a record. The ePA offers opportunities for better care and research but must comply with strict data protection and security standards. In her opinion, too much time was lost discussing the opt-out.

Kastl points out deficiencies

From a technical perspective, IT expert Bianca Kastl, who has often pointed out security vulnerabilities in the ePA in the past, highlighted significant weaknesses in the current implementation and development. Although the system has become fundamentally more secure, technical deficiencies remain that could have been avoided with established technology. Kastl called for more transparency, independent security audits, and easily accessible information for citizens. “Trust is not created by decree but by comprehensibility,” she said.

ePA is a digital cardboard box

Family doctor Dr. Anja von Buch reported that technical problems with connecting practice software are still widespread. “At the moment, the ePA is a digital cardboard box. Findings can only be uploaded as PDFs.” While this works, it's not really possible to work with it. “If you're unlucky, it will say 'Report Dr. Müller' and 'Report Dr. Meier', and not necessarily 'Report Rheumatologist', 'Report Surgeon', or 'Report Diakonie Hospital'.” Sometimes there are no further details in the description of the uploaded documents. “And you have no search capabilities yet,” which was already criticized before the ePA was launched. “You also have no diagnosis lists yet in the ePA. You have no structure,” said von Buch.

Criticism of information letters about the ePA

Jörn Simon, head of Techniker Krankenkasse Rhineland-Palatinate, nevertheless saw progress. Access to medication lists is increasing significantly, and the benefits are becoming noticeable with growing routine. Consumer advocate Heike Troue criticized that many people misunderstood the information letter from the health insurance companies as advertising. “A significant opportunity was missed to truly engage the insured.”

Patient records can save lives

“The use, the competent use of health data electronically through electronic patient records, has proven to be of enormous added value in many different healthcare systems,” said Prof. Sebastian Kuhn, Director of the Institute for Digitalization in Medicine at the University Hospital Gießen-Marburg. Many treatment errors occur due to missing health information.

A patient record, not the ePA, can help in certain situations to “truly save lives, enormously reduce patient morbidity and mortality, and also treatment costs.” However, the current situation is “an example of one of the biggest failures in the healthcare system that we have experienced in recent decades.” To this day, there is a lack of basic understanding of “how to design such processes—at the political level, […], among various relevant actors in the system.”

According to Kuhn, digitalization in Germany continues to be seen “primarily as a technical challenge and not as a medical-professional, technical-legal, ethical, and societal one.” He confirmed Kastl's view that the process, which has been ongoing for 20 years, is flawed. “The whole thing has essentially been focused on a technical specification by Gematik and then implemented by many, many companies that do it,” said Kuhn. However, the technical component only accounts for a quarter of the overall task of a successful digitalization process. To this day, there is a lack of basic understanding of this, both at the political level and among relevant actors in medicine.

Dr. Traugott Gruppe from the pharmaceutical company Böhringer Ingelheim considers the public discussion about security to be “absolutely justified. I believe it must even be carried further. I believe it must be discussed much more transparently. […] We are interested in aggregated, collectivized, large datasets that help us understand issues understand care processes. And it's not about the individual transparent patient, who is often mentioned, but about the entirety, and that we don't have access to this data, but that the ePA remains with the patient.” This communication needs to improve significantly.

Gruppe sharply criticized the current data basis: “There is virtually no good quality currently.” The ePA resembles an unsorted archive. “I found the image of the cardboard box very descriptive. If you imagine taking a cardboard box and tipping it onto a table with 20 documents of very different types, you first have to sit down and sort it.” For the future, it is important: “How can we bring this data to a certain level of quality and also establish uniform standards?,” asked Gruppe.

Balance between security and personal responsibility

From a data protection perspective, Kugelmann spoke of a balancing act between security and personal responsibility, which both the legislator and implementing institutions such as Gematik must continue to work on. Furthermore, responsibility also lies with the insured themselves: “There are possibilities to act self-determinedly with the electronic patient record.” Data protection is ultimately “a joint task that requires responsibility and self-participation.”

Kuhn urged that the ePA must finally be understood as an ethical obligation. It is ethically unacceptable to continue to disadvantage particularly vulnerable groups—especially in research. The non-use of available data can have real consequences. “We have knowledge deficits there as well as in the reality of care,” said Kuhn.

Learning System Instead of Digital Archive

There was agreement that the ePA can only be successful if all relevant actors are involved—from politics and technology to medicine, data protection, and the patients themselves. Kuhn therefore called for a fundamental change: “The ePA can be a success if we manage to enter into a different process, into a different development process. […] We must move away from a politically dependent GmbH making the technical specifications and seeing that as the central or largest piece of the whole process – that is absolutely a flawed way of thinking.”

Only results can convince: “Only then will we achieve the trust-building that the ePA so urgently needs.” While the ePA is a milestone in digitalization in healthcare, its benefits fall far short of expectations. Data protection, user-friendliness, and technical stability must go hand in hand. Patient trust—everyone agreed—remains the decisive key to success.

(mack)