How secure is the Electronic Patient record (ePA)?

The security of your data is important - this also applies when using the Electronic Patient record (ePA). To ensure that data protection is guaranteed, strict security rules are met. Here you can find out how your data is protected in the ePA and what control you have as an insured person. 

"High data security is a key feature of the electronic patient file," explains Kevin Röthel, digital expert and team leader of the Telematics eSolutions department at AOK Rheinland/Hamburg. "Access to patient data is strictly regulated and takes place via secure authentication, for example using the Electronic Health Card (eGK) or the new ID card and a PIN."

The health data in the ePA is securely stored and encrypted in a special network, the telematics infrastructure. This network connects various players in the healthcare sector, including doctors, hospitals and pharmacies, and enables the secure exchange of data. 

"Unauthorised access must be ruled out. The encryption of patient data therefore meets the highest standards and still enables secure use in everyday healthcare," says Claudia Plattner, President of the German Federal Office for Information Security (BSI). Her authority helped develop the specifications according to which all ePA apps are checked. This is done by gematik, the national agency for digital medicine, which is responsible for the secure networking of the healthcare system in Germany.

Insured persons can specify which persons are authorised to access which data in the ePA and for how long this access is valid. They can also set certain documents such as medical reports or doctor's letters so that only they themselves can see them. Prof Ulrich Kelber, Federal Commissioner for Data Protection and Freedom of Information, recommends in the AOK interview: "Every insured person should think carefully about what information can be shared with whom." He adds: "All insured persons should therefore consider the authorisation management for their data."

If insured persons cannot or do not wish to use the ePA themselves, they can nominate a representative such as a relative. Alternatively, access can also be arranged via the health insurance company's ombudsman's office. The ombudsman's office is an independent body that mediates and provides support in the event of conflicts or questions.

The data in the ePA is only accessible to authorised persons - AOK Rheinland/Hamburg is not one of them. Although the health insurance funds are responsible for providing the "ePA for all", they do not have access to the data in the file. This is regulated by law and protects the insured person's data. If you change health insurance provider, the ePA is transferred to the new health insurance provider in encrypted form. There is no exchange of personal health data in this process. An objection to the ePA is possible at any time, even after the introduction of the patient file. 

back