Medical Registry Act – Between Public Welfare and External Determination

Contents

Germany has more than 350 medical registries. These are databases in which structured data on treatments and diseases are stored and used by various healthcare institutions. The primary purpose of these registries is to support care and ensure the quality of treatment. Many registries also explicitly serve research purposes. The idea behind the registries is to collect cross-institutional data in a standardized form, allowing conclusions to be drawn for both individual treatment and care in general.

An Assessment by Thilo Weichert

Thilo Weichert is currently co-chair of the Digitalcourage association and is committed to data protection. From 2004 to 2015, he served as the State Data Protection Commissioner of Schleswig-Holstein.

To date, only cancer registries at the state level and their consolidation into a national cancer registry, a transplant registry, and since 2019 the central implant registry have had a legal basis. The relevant laws regulate which data must be reported by service providers, what rights affected individuals have, and how registry data may be used.

From Patient Confidentiality to Comprehensive Health Data Use

Most medical registries are based on the consent of the registered patients. The black-red coalition agreement 2025 now states: “To improve data utilization, we will enact a registry law and enhance data utilization at the Health Research Data Center.” This is intended to authorize and even oblige medical registries, after a qualification process with specific requirements, to make data available to third parties for secondary purposes.

On March 11, 2026, the German Federal Government approved the draft of a Medical Registry Act. With this, the government is pursuing a strategy that was unimaginable in our healthcare system a few years ago: When dealing with health data, patient confidentiality was paramount. Significantly accelerated by the realization during the Corona pandemic that current data is necessary to manage this special health situation, both the European Union and German politics are pursuing the goal of making health data usable as comprehensively and quickly as possible.

At the EU level, the European Health Data Space (EHDS) was adopted for this purpose in 2025, which will create a comprehensive legal basis for channeling health data into secondary uses in the public interest from 2029 onwards. Almost simultaneously, the German legislator passed a Health Data Use Act (GDNG), which pursues the same goal.

The Health Research Data Center (FDZ), operated by the Federal Institute for Drugs and Medical Devices (BfArM), is to serve as the central data infrastructure. Scientific researchers have had access to billing data from statutory health insurance funds there since autumn 2025. The FDZ also stores pseudonymized electronic patient records (ePAs). Since October 2025, medical service providers have been obliged to populate these ePAs, operated by the insurance funds, unless patients have objected. These ePAs are automatically forwarded to the FDZ in pseudonymized form. Affected individuals also have the right to object to this. According to the GDNG, cancer registries are also intended as a further data source for secondary uses, and their data can be compared with FDZ data.

The Cabinet Draft for a Medical Registry Act

The Medical Registry Act consistently pursues the concept that data utilization takes precedence over confidentiality: Registries, which have so far operated without a legal basis and whose data processing is regularly based on a – rather vague – consent, the “Broad Consent,” are to receive a legal basis and then serve comprehensive secondary purposes as well. For this, the registries must undergo a qualification process, during which they must demonstrate quality, reliability, sustainability, transparency, and data protection compliance to the “Center for Medical Registries” (ZMR) to be established at BfArM through documentation. An affirmative ethics vote from an ethics commission formed under state law must be submitted. If the prerequisites are met, then “qualification as a medical registry with the option to object” will follow.

The registry is populated by “reporting healthcare institutions” that have agreed to registry cooperation. Before the first report on a patient is made, the patient must have been informed about the reporting process and must not have objected. The healthcare institutions are then obliged to report according to a data set standardized for each registry. This may lead to the healthcare institution collecting more data in the interest of populating the registry than is necessary for individual treatment.

The data from qualified medical registries will then be available for a broad catalog of purposes. Secondary data use is mostly promoted for scientific research. However, much more is planned: quality assurance, support for political decision-making processes, public health tasks, health reporting, development, and monitoring of medicines, medical devices, and treatment methods, development, training, validation, and testing of artificial intelligence systems.

This broadly defined catalog of purposes opens up extensive data uses. This can occur with the patient's name mentioned in the context of cooperation between statutory and qualified registries, provided the affected individuals have not objected. However, the information for affected individuals is not provided individually but through a general publication of the respective registry. Registry cooperation with data merging is also planned in pseudonymized form. The basis for the pseudonymized merging of data sets is to be the unchangeable part of the health insurance number according to SGB V. And this is also intended for individual data users who submit a usage request to the respective registry. For such pseudonymized data use, applicants must describe and justify their project and commit not to re-identify. They must demonstrate technical-organizational data protection measures and the special qualification of their employees.

Transparency regarding the pseudonymized data evaluations of medical registries is to be ensured by the fact that they report usage requests to the Center for Medical Registries, which then publishes the requests. Even with named data transfer of health data, there will be no individual information for affected individuals as provided for in the GDPR, but only public information.

Recipients of data from medical registries will be subject to a duty of confidentiality, the violation of which can lead to criminal prosecution. As is already the case with violations of professional secrecy according to § 203 StGB, such offenses will only be prosecuted upon request.

What to Make of It

The cabinet decision of March 2026 was preceded by a draft bill from the Federal Ministry of Health (BMG) from October 2025. This was sent to 60 institutions, primarily from medical research, for comment, but no data protection organization except the Stiftung Datenschutz, whose task is not to provide assessments of draft laws. Nevertheless, the Netzwerk Datenschutzexpertise fundamentally criticized the draft bill in a statement dated December 2025 (PDF). While the BMG published the requested affirmative statements on the draft, the BMG refrained from publishing the critical statement on its website, despite corresponding requests.

The statement from the Netzwerk Datenschutzexpertise concluded that the draft bill violated European and German constitutional law in many respects. Even though the BMG did not publicly address the statement, some obvious legal deficiencies were rectified. Nevertheless, from the critics' perspective, the cabinet draft still has significant deficiencies, particularly regarding the preservation of patient confidentiality and data protection:

• The Center for Medical Registries (ZMR) provided for the administration of the law is not sufficiently independent and has an unclear relationship with other organizational units within the Federal Institute for Drugs and Medical Devices.
• Information for affected individuals is not provided specifically in individual cases, but only generally, thus not meeting the transparency requirements of the GDPR.
• The permitted purposes for data use go far beyond research use and extend (even with pseudonymized, i.e., person-related data) to operational purposes with a high risk of misuse, without adequate security measures being in place.
• Data exchange between registries is permitted comprehensively, without protective measures being provided. Patient data can thus wander uncontrollably and unsanctioned from registry to registry and be made linkable to health insurance numbers.
• Permission for data use is granted by the registries themselves and is non-transparent and uncontrolled.
• Patient confidentiality is abolished by further use, which among other things means that there is no protection against use by law enforcement agencies for the data.
• The sanctioning regulations for data protection violations are so restrictive that effective investigation, prosecution, and punishment are unlikely.
• Protective measures for the use of health insurance numbers are lacking.
• A regulation for the evaluation and limitation of the law is missing.
• The requirements of the binding European Data Governance Act are completely ignored.

It therefore remains the task of the legislative bodies, the Bundestag, and Bundesrat, to turn the cabinet proposal into a viable law. There is likely broad consensus that data from medical registries should also be evaluated for public welfare purposes. It is also to be welcomed that the confusing and largely unregulated landscape of medical registries is being legally organized. However, as the federal government plans it, the doctor-patient trust relationship could be harmed because the data collected during treatment would be expanded and made available to a large number of data users and other registries without adequate control. This would not be beneficial to research, which relies on patient trust. The cabinet draft should therefore be thoroughly revised.

(dmk)