Psychological and therapeutic associations demand better protection of ePA data

Psychotherapeutic and psychological professional associations are warning against Europe-wide official access to highly sensitive health data in the course of implementing the so-called E-Evidence Regulation. Both the German Psychotherapists' Network (DPNW) and the Professional Association of German Psychologists (BDP) are calling for legislative improvements to ensure medical and psychotherapeutic confidentiality and the protection of the electronic patient record (ePA).

The reason for this is the national implementation of the E-Evidence Regulation, already decided at EU level, which allows member state investigative authorities to request electronic evidence across borders. According to the associations, this could also include medical and psychotherapeutic data from the ePA. Following a public hearing in the Bundestag, the association warns of “significant risks of cross-border data exchange.” While according to DPNW chairman Dieter Adler, a complete halt to national implementation is not possible, the legislator has leeway. He warns of scenarios in which investigative authorities from other member states could access data even though the underlying offense is not punishable under German law.

“Suppose a Polish citizen is being investigated in Poland for an abortion that is punishable there. It turns out that she previously received counseling in Germany and consulted both a doctor and a psychotherapist. The Polish prosecutor then requests the handover of the relevant data from the electronic patient record. According to the E-Evidence Regulation, this data would have to be transmitted,” Adler illustrated with an example.

“Observation-free zone” for ePA

The DPNW is therefore calling for an “observation-free zone” for the ePA, comparable to the special protection that applies to drug counseling centers, for example. The aim is to prevent access by investigative authorities – particularly from other EU states – to particularly sensitive health data.

The BDP also sees an urgent need for action, as stated in a press release from the end of 2025. The background is a draft bill from the Federal Ministry of Justice for the implementation of the E-Evidence Regulation, which the Bundesrat has already approved. The association criticizes that seizure protection and the preservation of confidentiality for data in the electronic patient record are not yet explicitly regulated by law. While health data in practices are protected by confidentiality under Section 203 of the German Criminal Code and by the seizure prohibition under Section 97 of the German Code of Criminal Procedure, this protection does not clearly apply to the insurer-maintained ePA.

The BDP particularly warns of the consequences of current political debates about registers and data usage in connection with violent crimes. Especially for mentally ill people, insecure data protection could lead to affected individuals avoiding necessary treatment. The association therefore calls for the seizure protection and confidentiality for all data stored in the ePA to be legally anchored in a legally secure and timely manner.

With the electronic patient record for everyone, there is for the first time a central digital storage location for comprehensive health data, which doctors are obliged to fill. While clear seizure prohibitions apply to traditional patient records in doctors' offices, this has not been the case for the ePA for years. The record is provided by health insurance companies and is considered patient-led, thus not in the custody of the treating physicians. Critics see this as a security loophole.

Data protection authorities and professional associations have long warned against weakening the trust relationship between patient and caregiver. The Federal Constitutional Court has repeatedly classified health data as highly personal and subjected it to the special protection of the right to privacy. At the same time, confidentiality is not absolute: in cases of acute danger to the life and limb of third parties, doctors may disclose information. However, professional associations reject a general opening of the ePA for law enforcement purposes, as they fear negative consequences for the willingness to seek treatment and thus also for public safety.

(mack)