heise PlusAbo
Anzeige

The recipe for a better ePA: more honesty

That some things don't work after a year of ePA was to be expected. But public communication must finally be honest, argues Christina Czeschik.

listen Print view
Unhappy doctor in front of a card reader and a computer

(Image: Tero Vesalainen / Shutterstock.com / Bearbeitung heise medien)

5 min. read
iX Magazin
By
  • Dr. Christina Czeschik
Contents

The electronic patient record (ePA) has arrived in healthcare in 2025 – at least by law. It has been launched nationwide, and doctors are required to use it for their statutory insured patients. Millions of records have been created. However, one year of “ePA for all” is not an unclouded success story. Not because the ePA has fundamentally failed, but because its public communication promised much more than it could deliver.

A commentary by Dr. Christina Czeschik
Dr. Christina Czeschik

Dr. Christina Czeschik is a physician and medical informatician. She writes as a freelance author on digitalization, new technologies, and information security in healthcare and other fields.

The launch of the ePA in January 2025 is a good example. The communication was about an “ePA for all.” In reality, practical use initially began in model regions – in Franconia, in Hamburg and its surroundings, and in parts of North Rhine-Westphalia. This is neither unusual nor reprehensible. On the contrary, a phased rollout is sensible for a system of this magnitude.

The problem was not the path, but the choice of words. Anyone who speaks of an ePA “for all” raises expectations of immediate, nationwide availability. When these expectations are subsequently qualified, an unnecessary impression of intransparency arises – and precisely that undermines trust. Especially with sensitive health data, however, trust is not a secondary matter but a prerequisite.

Information means more than FAQ pages

The same applies to informing insured people. Formally, information was provided: through letters from health insurance companies, through websites, through FAQs. In terms of content, much remained vague. What does it concretely mean to have an ePA without ever using an app? Who can see which data, and when? What access options do I have – and which ones do I no longer have?

Many insured individuals learned late or not at all that with ePA 3.0, the fine-grained access control was rolled back. That they can no longer block individual documents for specific doctors or medical specialties. That the electronic medication list is either always fully visible or cannot be used at all. Anyone who discovers such restrictions only afterward does not feel taken seriously – even if the regulations are legally watertight.

Farewell to the illusion of perfect security

Already in the first days of 2025, the communication surrounding the ePA started off on the wrong foot: the ePA was launching without “residual risk” of a major hacker attack, said the then Federal Minister of Health. One does not know whether such statements are made in good faith of their truth or only because they make a good impression when spoken and printed. But one knows: every technical system has residual risks.

The ePA is not perfect. It never was and it never will be. There have been security vulnerabilities, failures of the telematics infrastructure, unrolled software modules, and availability that is significantly below what one would expect from critical infrastructure. All of this is known – and not surprising for a system of this complexity. Problems can be fixed one by one, new ones detected as early as possible, and pragmatic solutions found.

Videos by heise

It only becomes problematic when these difficulties, these learning tasks, are downplayed or treated as fringe phenomena. Because that is precisely when the impression arises that something is being hidden. Yet the opposite would be more sensible: an open naming of risks, limitations, and open issues.

Transparency enables real consideration

The central societal question is not whether the ePA has only advantages. Of course it does not. The question should rather be whether we are willing to accept certain risks to achieve other advantages: better availability of information, more efficient care, fewer duplicate examinations. However, this consideration can only be made if the facts are openly on the table.

In this context, transparency does not mean stirring up fear or badmouthing technology. It means honestly communicating what a system can do – and what it cannot yet do. It means not dismissing problems as minor background noise but understanding them as part of a learning process in which insured individuals, service providers, developers, and politicians are equally involved.

More honesty, less marketing

The ePA needs less marketing and more honesty. Less superlatives, more precision. Fewer promises, more context. A digital patient record can only gain acceptance if those whose data it contains feel informed and involved – not surprised or bypassed.

After one year of “ePA for all,” it is clear: the technical foundation has been laid. Whether this will lead to a long-term accepted instrument will be decided not by the details of the next version but by whether transparency becomes the guiding principle for further development.

Read also

(axk)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten