Information on electronic patient records (ePA) in accordance with Section 343 (1a) of the German Social Code, Book V (SGB V)

1 Introduction

This document provides information about electronic patient records (ePA).

In the following, we would like to show you the possibilities that the ePA offers you. Some of the functions presented will not be available from the outset, but will be added gradually. The current roadmap for the introduction of the ePA is presented in full in Section 13 Next steps in the further development of the electronic patient record (ePA) and future possibilities. Your health insurance company will update this information text on an ongoing basis and inform you in good time about new ePA functions and how to use them securely.

The introduction gives you an initial overview of the ePA and its possibilities. Further information can be found in section 3 onwards, organized by topic.

1.1 Thematic overview

The ePA is intended to improve medical care by enabling the secure and rapid exchange of health data between insured persons and service providers such as doctors' offices, hospitals, or pharmacies. You can find more details on this in Section 3, The Benefits of the Electronic Patient Record (ePA).

Use of the ePA is voluntary. If you object to the ePA and do not use it, you will not be disadvantaged in any way. However, you will also not be able to enjoy the benefits of the ePA. For more information, see section 3.4. Will I be disadvantaged if I object to the ePA or deny individual service providers access to my ePA?

You will automatically receive an ePA from your health insurance company if you do not object to your health insurance company. For more information about the ePA, its benefits, and the industry partner with whom your health insurance company is working to provide the ePA, see section 2 The electronic patient record (ePA).

You can object to the ePA at any time, which will result in the deletion of the ePA and all data stored in it. You can revoke an objection you have made at any time by contacting your health insurance company. When you first create your ePA, it will be empty and will be filled with data when, for example, your health insurance company transmits data on services you have used or you are prescribed medication. You also have other options for objecting when using an ePA, e.g., against access by individual service providers. For more information on the various options for objecting, see Section 10 Options for objecting within the framework of the electronic patient record (ePA).

The ePA is divided into different document types and categories, which contain data from service providers, health insurance companies, insured persons, and others. You can find out more about this in section 4 The electronic patient record (ePA) in detail

The ePA app allows you to manage your ePA independently, delete or hide documents, grant or revoke access permissions, and appoint representatives. For an overview of all options, see Section 5 Independent use of the electronic patient record (ePA) with the ePA app

If you are unable or unwilling to use the ePA app, you can contact your health insurance company's ombudsman to control access to the ePA by individual service providers or to view the log data of your ePA. Alternatively, you can also appoint a person you trust as your representative in connection with the ePA. For more information on supported use of the ePA, see Section 8 Support for using the electronic patient record (ePA).

Some service providers are required to enter certain data into the ePA unless you object. Access permissions and access duration vary depending on the type of service provider and the data stored. You can restrict or extend access to the ePA or individual documents. For more information, see Section 6 Use of the electronic patient record (ePA) by service providers

Among other things, the ePA can support certain medical applications, such as the electronic medication list, the medication process, or laboratory findings. With the introduction of the ePA, the electronic medication list is available to you and your healthcare providers. For more information, see Section 7 Medical applications of the electronic patient record (ePA).

If you change your health insurance provider, your new health insurance provider will automatically take over your ePA with all the data stored there. If you have objected to the use of the ePA with your previous health insurance provider, the objection remains valid when you change health insurance providers. For more information, see Section 9 Changing health insurance providers and the electronic patient record (ePA).

To protect against unauthorized access and ensure data integrity, the ePA uses encryption technologies and access controls, among other things. For detailed information, see Section 11 Data protection and data security

The law stipulates that data stored in the ePA may be used for public interest purposes, such as research. The data will only be made available if you do not object to this separately and if the recipients of the data comply with data protection regulations. The ePA replaces direct personal references such as names, dates of birth, etc. with a pseudonym. This conceals your identity from the users of the data. If you do not want your data to be made available for public welfare purposes, you can object to this use of data by the ePA separately. For more information, see Section 12 Use of electronic patient record (ePA) data for public welfare purposes. Information on the introduction date can be found in Section 13 Next steps in the further development of the electronic patient record (ePA) and future possibilities.

Your health insurance company has been continuously developing the ePA in accordance with gematik's specifications since its introduction. For more information, see Section 13 Next steps in the further development of the electronic patient record (ePA) and future possibilities.

1.2 Terms used

In this document, the term " electronic patient record (ePA) " refers to the entire digital infrastructure, i.e., all IT systems required for the provision of the ePA. The service providers involved in your treatment use their own IT systems to access the ePA. These IT systems are not part of the ePA.

The ePA app refers to the program that you use on your device to access your ePA and the data stored therein. This may be a standalone app from your health insurance company that is only used to access the ePA. However, your health insurance company may also have integrated the ePA app into its general service app ("health insurance app"). You can also use the ePA without the ePA app; see section 5.10 What changes if I don't use the ePA app?

Service providers are all groups of people and institutions that provide health care services within the framework of statutory health insurance (GKV). These include, for example, doctors, dentists, hospitals, and pharmacies. The term also includes people who work as assistants or are training for the profession with the relevant persons.

Institutions in which service providers work are referred to below as service provider institutions. These can be doctors' offices, pharmacies, hospitals, medical care centers (MVZ), and other healthcare institutions. However, individual organizational units such as a hospital department or a specific specialty within an MVZ can also constitute their own service provider institution.

The ePA will be gradually linked to other digital medical care applications. These are referred to below as medicaluse cases of the ePA . Priority is given to care processes that are important for a particularly large number of people. Further information on this can be found in section 7 The medical use cases of the electronic patient record (ePA)

2 The electronic patient record (ePA)

2.1 What is the ePA?

The ePA is your[1] personal, secure storage location for your health data. With the help of the ePA, you and authorized persons, such as the doctors treating you, can securely manage personal health and medical data digitally.

All persons with statutory health insurance receive an ePA. It is provided to you by your health insurance company. Whether you want to use the ePA or not is your voluntary decision. If you do not want to use an ePA, you must object to your health insurance company. Once you have objected to the ePA, you can revoke your objection at any time. For more information, see sections 10.1 I do not want an ePA to be created for me. What do I have to do? and 10.4 What do I have to do if I no longer want the ePA?

The ePA is provided as an opt-out file. This means that treating service providers, e.g., doctors, and service provider institutions, e.g., hospitals, are generally authorized to access your ePA. They are also legally obliged to store certain data in your ePA—unless you object. For more information, see Section 6 Use of the electronic patient record (ePA) by healthcare providers

[1] If, for example, you have comprehensive care authority for another person as a legal guardian or through a power of attorney, you may be able to exercise the options mentioned in this document on behalf of the person you are caring for.

2.2 How does the ePA benefit my healthcare?

Ideally, your ePA will accompany you throughout your life. It serves as a secure storage location for your health data and as an exchange platform between you and the service providers involved in your healthcare. The ePA is therefore your own personal digital health management system for your care.

In addition, the ePA also supports certain medical applications that are specified by law. Currently, this is the electronic medication list. To this end, the ePA automatically stores all medications that have been prescribed to you and that you have received on the basis of an e-prescription. For more information, see Section 7 Medical applications of the electronic patient record (ePA).

For more detailed information on the personal benefits of the ePA, please refer to section 3 The benefits of the electronic patient record (ePA).

2.3 Who offers the ePA and who operates it?

The ePA is offered to you by your health insurance company. Health insurance companies work together with industry partners who develop and operate the ePA from a technical perspective. They must comply with the basic requirements of gematik GmbH (hereinafter: gematik) and undergo a strict approval process for the ePA they have developed and the associated ePA app. This is to ensure the security of your data.

Your ZF BKK health insurance company works with BITMARCK GmbH, Krupp-Straße 64, 45145 Essen, as the operator of the ePA, to provide you with the ePA. Neither your health insurance company nor the operator may or can access the data in the ePA. Encryption technologies and specific organizational measures protect your ePA from unauthorized access.

2.4 Is the ePA mandatory?

Use of the ePA is voluntary. Your health insurance company will automatically provide you with an ePA. If you want to use an ePA, you do not need to do anything. However, if you do not want an ePA, you must object to its provision by your health insurance company.

Co-insured children also receive an ePA. Once they reach the age of 15, they can use the ePA independently and on their own responsibility. Until the age of 15, the legal guardians decide whether an ePA should be provided or whether they wish to object to its provision.

Further information on objection can be found in section 10, "Options for objection in the context of the electronic patient record (ePA)."

2.5 How does the ePA app work?

To access your ePA via a suitable device, you need a special app on your smartphone or computer. This is provided by your health insurance company. It can either be a standalone app designed solely for managing your ePA. However, some health insurance companies also integrate this function into an existing service app, the health insurance app.

The ePA app establishes a connection via the internet to the telematics infrastructure where the actual ePA is located. Various service providers in the German healthcare system are or will be connected to this network.

The ePA app was developed and security-tested in accordance with gematik specifications. It allows you to use all the functions of the ePA independently, e.g.:

• Upload, view, download, or delete documents and data
• Managing access permissions – from service providers, but also from company doctors or doctors in the public health service
• Appoint support persons for ePA use (representatives)

For more information, see section 5 Independent use of the electronic patient record (ePA) with the ePA app

In principle, it is possible to use the ePA and exercise your rights and entitlements even without the ePA app. If you do not have a mobile device or PC/laptop, or if you do not want to use your health insurance company's ePA app for other reasons, you can still benefit from the ePA in medical care. For more information, see sections 5.10 What changes if I don't use the ePA app? and 8 Support for using the electronic patient record (ePA).

3 The benefits of the electronic patient record (ePA)

3.1 What added value does the ePA offer me?

The advantage of using the ePA for you personally is that you can store documents, findings, or information about your treatment digitally in one central location, view them, and pass them on to service providers such as doctors or hospitals. This digital data exchange, which you control and manage, can help improve your medical care.

By accessing relevant health data in your ePA, you help your treating physicians and other healthcare providers make the best possible therapeutic decisions, avert undesirable effects, and avoid unnecessary treatments or stressful multiple examinations. Instead of a loose-leaf collection at home or scattered treatment records in different practices, you and your treating physicians will have all important documents securely available in one place.

With the ePA, many processes related to healthcare are digitized, making them easier and more secure. For example, by automatically transferring data from your e-prescriptions, the ePA allows you to see at any time which medications you are currently taking and which ones have been prescribed to you in the past. Due to the complex interactions between medications, this information is extremely important for your doctors and pharmacists. Especially if you have to take several medications, this knowledge can help avoid unwanted side effects.

In the future, laboratory data can also be stored in a structured form in the ePA so that all important findings are available in one place. The ePA also contains references to important personal documents such as power of attorney, patient declarations, or organ donor cards.

In addition to the direct benefits for your care, the data provided in the ePA is intended to be used for public welfare purposes in the future. It is important to note that all data from your ePA will be pseudonymized. This means that it cannot be directly traced back to you personally, but it does provide important information about healthcare in Germany and can help in the further development of our healthcare system. Further information can be found in section 12 Use of data from the electronic patient record (ePA) for public welfare purposes.

3.2 How can I get the most out of the ePA?

As a general rule, the more complete your ePA is, the greater the added value for your care. If you are new to a practice or need to go to the hospital, important information such as existing allergies or intolerances, previous laboratory values, or previous medication treatment is available in the ePA. The diagnosis and your treatment can be specifically based on this information.

It is important that everyone involved in your treatment has access to the data in your ePA and is allowed to store current treatment data themselves. You must grant them this permission before treatment begins. You can manage permissions either with the ePA app or by scanning your insurance card, the eGK, on site. For a complete ePA, you should exclude as few service providers as possible from accessing the ePA or individual documents in the ePA.

3.3 Will I be disadvantaged if I delete data from the ePA?

If you delete data from your ePA, this data will no longer be available in the ePA. The deletion takes effect immediately and cannot be undone using the ePA. Accordingly, deleted data will no longer be available to you or your service providers for your care. Only documents that have already been transferred from the ePA to your service providers' own systems, such as your doctor's office or pharmacy, will remain available to your service providers even after deletion.

Therefore, please consider carefully whether you want to delete data from your ePA. You can hide documents in the ePA that you do not want service providers to see. For more information, see section 6.11 What can I do to prevent service providers from seeing certain documents in the ePA (hiding documents)?

3.4 Will I be disadvantaged if I object to the ePA or deny individual service providers access to my ePA?

Whether you decide against an ePA and object to it, or whether you want to have an ePA but do not want to grant a service provider full or any access to it, is entirely your decision. This will not result in any disadvantages for your healthcare. This will continue to be guaranteed in the future by the established procedures. However, in this case, you will not benefit from the advantages of the ePA in your medical treatment.

4 The electronic patient record (ePA) in detail

4.1 What can be stored in the ePA?

Service providers involved in your treatment can generally store all information and data collected in the course of your healthcare, unless you object. This can include, for example, findings, diagnoses, and therapeutic measures, doctor's letters, prescriptions, electronic certificates of incapacity for work, etc. A detailed list of what service providers are allowed to store in your ePA and under what conditions can be found in section 6 Use of the electronic patient record (ePA) by service providers

You can also store personal health data yourself. This could include, for example, diabetes diaries that you keep yourself, digitized findings from previous treatments that your doctors have provided you with, or your own records. This data must be stored in the ePA as PDF/A documents.

Your health insurance company will also automatically enter information about the services you have used in the ePA, unless you have objected to this.

If you use a digital health application (DiGA), i.e., a health or medical app, you can also have this data stored in the ePA if you wish and if the DiGA supports data storage in the ePA. In the future, the ePA will also be able to support data transfer from activity trackers or smart watches, known as wearables.

4.2 How is the ePA structured?

For greater clarity, the data in the ePA is divided into the following document types or categories:

4.2.1 Data from service providers

• Findings, diagnoses, completed and planned therapeutic measures, early detection examinations, treatment reports, and other examination- and treatment-related medical information, separated into the following areas:
• Family doctor's office
• Hospital
• Laboratory and human genetics
• Physical therapy
• Psychotherapy
• Dermatology
• Urology/gynecology
• Dentistry and oral and maxillofacial surgery
• Other specialist areas
• Other non-medical professions
• eMedication plan (electronic medication plan)
• ePatient summary (data from the electronic emergency data record or patient summary)
• eDoctor's letters (electronic doctor's letters)
• eDental bonus booklet (electronic dental bonus booklet)
• eExamination booklet for children (electronic examination booklet for children with data for the early detection of diseases in children)
• eMaternity record (electronic maternity record with data on medical care during pregnancy and after childbirth)
• eVaccination documentation (electronic vaccination documentation)
• Information on storage locations and the existence of declarations on organ and tissue donation, powers of attorney, and living wills
• Data on nursing care
• E-prescription data (prescription data and information on their redemption)
• eAU (electronic certificates of incapacity for work)
• Other medical data (e.g., data from participation in structured treatment programs (DMP))
• Data on medical treatment and rehabilitation
• Copies of treatment documentation from service providers (e.g., hospitals) in accordance with Section 630g of the German Civil Code (BGB)
• Declarations on organ and tissue donation

4.2.2 Your data

• Health data provided by you

4.2.3 Data from other providers

• Data from digital health applications (DiGA)
• Data on services used (provided by your own health insurance company)
• Information about a specific health risk, the risk of illness or need for care, or the existence of an indication for vaccination in accordance with Section 25b of the German Social Code, Book V (SGB V) (provided your health insurance company supports the procedure)

Note: The classification of the individual document types/categories is legally stipulated for both the ePA and the ePA apps of the health insurance companies. However, the document types or categories may be named differently in the ePA apps of the individual health insurance companies.

4.3 Who has access to the ePA?

You can access the ePA yourself if you use the ePA app. In addition, the following groups of people can use the ePA, either to read data or to enter data, unless you actively object or have already objected:

• Service providers and service provider institutions

Detailed information on the access options for a service provider institution, the requirement for your consent, and your options for objection can be found in section 6 Use of the electronic patient record (ePA) by service providers

• Health insurance

Your health insurance company can store data on the services you have used in the ePA. In addition, it must transfer information on individual health risks to the ePA and store it there if it evaluates the available data in accordance with Section 25b of the German Social Code, Book V (SGB V) and the evaluation reveals a specific health risk, a specific risk of illness or need for care, or the existence of an indication for vaccination. Your health insurance company will also store any medical documents you send to the health insurance company for digitization in the ePA.
Your health insurance company is not legally permitted to access the data stored in the ePA, and access is prevented by technical and organizational measures.

• Applications of the telematics infrastructure (TI)

To provide automated support for your medical care, TI applications access your ePA for specific medical use cases defined by law. This is done exclusively in accordance with gematik specifications. For more information, see Section 7 Medical use cases of the electronic patient record (ePA)

• People you trust

You can also authorize people you particularly trust to access your ePA. These are your so-called representatives. Your representative has the same access rights as you, can grant or revoke access to service providers, and request health insurance companies to provide data. However, your representative cannot delete your ePA, appoint additional representatives, or revoke representations. For more information, see Section 8 Support for using the electronic patient record (ePA)

• ePA ombudsman office of your health insurance company

Every health insurance company has an ombudsman office for the ePA. One of the tasks of the ombudsman office is to support insured persons who do not have access to a (mobile) device in exercising their rights. For example, it can assert your objection to individual service providers accessing the ePA on your behalf. For more information, see Section 8 Support in using the electronic patient record (ePA)

• Digital health applications (DiGA) and digital care applications (DiPA)

If you use a DiGA or DiPA, this health data can also be transferred to your ePA. For more information, please contact your health insurance company and the manufacturer of your health application. In a later stage of the ePA's development, you will also be able to grant a DiGA or DiPA permission to access the data in the ePA.

• In the future: Public interest data use

Unless you specifically object, in a future expansion stage, the ePA will automatically make your health data available in pseudonymized form for public interest projects within the scope of the EU General Data Protection Regulation. This objection can be declared independently of any possible objection to the use of the ePA. Pseudonymization takes into account the protection of your personal data and is intended to minimize conclusions about you as a person. For more information, see Section 12 Use of electronic patient record (ePA) data for public welfare purposes.

4.4 Who has to enter data into the ePA?

The ePA thrives on having as much personal health data stored in it as possible – only then can it deliver its full added value to you and your treating service providers.

In addition to the data you enter yourself, the data collected during your treatment by doctors or in hospital and entered into the ePA is of course also crucial. The doctors, dentists, and hospitals involved in your care arerequired (in accordance with Sections 347 and 348 of the German Social Code, Book V) to enter certain data into your ePA, unless you have objected to this.

Other service providers, e.g., in the field of remedies (physiotherapy, occupational therapy, podiatry, speech therapy, nutritional therapy) or in home or inpatient care, can enter data into the ePA (in accordance with Section 349 of the German Social Code, Book V).

In addition, automatic transfer of data to the ePA is provided for medical applications of the ePA (in accordance with § 342 (2a), (2b), (2c) SGB V). Further information on this can be found in section 7 Medical applications of the electronic patient record (ePA).

For more information on what information is to be entered into the ePA as part of your treatment, please refer to Section 6 Use of the electronic patient record (ePA) by service providers

4.5 What data does my health insurance company provide in the ePA?

You are entitled to have your health insurance company automatically provide data on the statutory health insurance services you have used. Due to established processes and billing checks by health insurance companies, the provision of this data may be significantly delayed. Information on costs is not included in the data provided by health insurance companies.

In addition to data on services used, your health insurance company must also enter data on personal health risks into the ePA if it evaluates the data available to it accordingly. This information may relate to health risks, the risk of illness or need for care, and the existence of an indication for vaccination. If you do not want your health insurance company to use your data in this way, you can object to this in accordance with Section 25b of the German Social Code, Book V (SGB V).

In addition, you also have the option of having your health insurance company digitize paper documents and enter them into the ePA. This service covers up to ten paper-based doctor's letters or documents relating to findings, diagnoses, completed and planned therapeutic measures, early detection examinations, treatment reports, and other examination and treatment-related medical information. You can use this service twice in 24 months. For more information, please contact your health insurance company.

5 Independent use of the electronic patient record (ePA) with the ePA app

This section describes how to use the ePA independently with the help of your health insurance company's ePA app.

5.1 What do I need to use the ePA independently?

In addition to the ePA app provided by your health insurance company and tested in accordance with gematik specifications, you need a suitable device. This can be a smartphone or tablet computer, for example. The ePA app must be activated in order to use it. For more information, see section 5.4 How do I activate the ePA app for my ePA?

You can also use the ePA without a suitable device and the corresponding ePA app. For more information, see section 8 Support for using the electronic patient record (ePA).

5.2 What key functions does my health insurance company's ePA app offer me?

The ePA app has been created in accordance with the specifications of the BSI and gematik. Among other things, these specifications regulate which functions the ePA app of your health insurance company must provide and how the stored data is to be structured.

You are generally entitled to read, transfer, delete, and hide all data in the ePA. To enable you to exercise this right independently, your health insurance company's ePA app provides you with at least the following functions:

§ Upload, view, download, and delete documents

§ Granting and revoking objections to access by individual service providers

§ Hide and display documents

§ Hide and make visible electronic medication lists for individual service providers

§ Create and revoke proxies

§ Control access to the ePA based on log data and download the log data

§ Object to the provision of your data on the services you have used from your health insurance company or withdraw an objection you have already issued

§ Object to the use of the ePA, close the file completely, and delete all data stored in the ePA

§ Manage the ePA of another person as an authorized representative

In addition, it is regulated by law that the following functions must be integrated into the ePA app, even if they are not directly related to the ePA:

§ Direct access from the ePA app to quality-assured health information on the national health portal "http://gesund.bund.de "

§ Secure transmission of instant messages using the TI Messenger (TIM) to your health insurance company and, if possible, your service providers

§ Option to submit your organ donation declaration to the organ donation registry

5.3 What other functions does my health insurance company's ePA app offer me?

Since your health insurance company's ePA app is an individually programmed app, your health insurance company has the option of offering additional functions that are not directly related to the ePA.

For example, your health insurance company can integrate functions for managing e-prescriptions into the ePA app. This allows you to manage e-prescriptions and, for example, assign your prescriptions to a pharmacy. For more information, please refer to the information provided by your health insurance company on using the ePA app in conjunction with e-prescriptions.

Your health insurance company may also offer you additional applications for voluntary use in conjunction with the ePA. You can make data from the ePA available to these applications. To do so, you must consent to the use of your data by these applications. Your health insurance company may only process the data you provide for the purposes specified by the application. The health insurance company still has no technical access to your data stored in the ePA. Your health insurance company will inform you about the type of data processed in the application, the storage location, and the access rights.

5.4 How do I activate the ePA app for my ePA?

After installation, your ePA app must be activated for your ePA when you use it for the first time. There are several ways to do this:

• Activation via your electronic health card (eGK) in conjunction with a mobile device (smartphone)

This activation is carried out using the contactless NFC interface of your eGK and the corresponding PIN, which you will receive from your health insurance company after successful identification. To activate, simply hold your eGK in front of your smartphone in the appropriate manner.

• Activation using the Health ID

The Health ID is your digital access to the healthcare system. It is created individually for you and contains your personal data, e.g., your name and health insurance number. The Health ID is therefore your digital key that gives you access to online health applications such as the ePA. The use of the Health ID is specific to each health insurance company. If you have any questions, please contact your health insurance company.

• Activation using the eID function of your identity card, residence permit, or eID card for EU citizens

Activation is similar to the procedure for the eGK and mobile device. Instead of the eGK and PIN, you use the corresponding eID function of one of the cards mentioned above.

For security reasons, use of the ePA app is linked to the device you used to activate it. You can activate additional devices for use with the ePA. The activated devices are stored centrally. A new device must be activated for its first use with the ePA.

The individual procedures may differ in detail from ePA app to ePA app. For more information, please contact your health insurance company.

5.5 How do I handle my health data securely in the ePA?

To ensure the security of your ePA data, it is essential that you only use an ePA app approved by gematik that you have downloaded from a trusted source. Trusted sources include Apple's App Store for the iOS operating system and Google Play for Android. For the operating systems of other devices (laptops or PCs), the stores of the operating system manufacturers (e.g., Microsoft or Apple) or the website of your health insurance company are the trusted sources. In this regard, health insurance companies are obliged to comply with data protection regulations, including with regard to the transfer of data to third countries.

You should also always run your ePA app on devices that are under your control. Accessing the ePA via a public PC, e.g., in an internet café, should therefore be avoided at all costs! In order to use the ePA securely from your own device, you must also ensure that your devices are protected. The instructions you need to follow for this can be found in the ePA app documentation. You should also follow the BSI's recommendations on device security. The BSI provides information on this on the internet: https://www.bsi-fuer-buerger.de

5.6 What measures must I take if I lose my eGK or the access data for the ePA app, or suspect that they have been misused?

Protecting access to the ePA is particularly important. If you lose your eGK or suspect that it has been misused, or if you lose your access to the ePA and the ePA app, you must block them as soon as possible with your health insurance company to ensure the security of your data. Health insurance companies offer various options for blocking access (e.g., by phone or online). If you suspect misuse, contact your health insurance company immediately.

5.7 Can I delete the documents in the ePA or the entire file?

The principle of voluntariness also means that you have the right to delete the documents stored in the file yourself at any time.

Please note that when you delete data, it is irrevocably removed from the ePA. After deletion, the data is no longer available in the ePA. You cannot restore this data yourself later using the ePA. If you need this data again later, it must be made available by other means (e.g., via the service providers who provided this data). However, this is not possible in all cases: for example, automatically transferred data from e-prescriptions cannot usually be restored from another source after deletion from the ePA.

Therefore, before deleting data, always check whether hiding the data might be a better alternative. Hiding data means that a document remains in the ePA, but is no longer visible to service providers. For more information, see section 6.11 What can I do to prevent service providers from seeing certain documents in the ePA (hiding documents)?

5.8 How can I keep track of who has changed something in my file?

The ePA records all activities in a log, e.g., access and changes made by service providers or your representatives. If you use your health insurance company's ePA app, the contents of the log are displayed in a convenient and uniform manner.

5.9 How can I save data from a digital health application (DiGA) in the ePA?

Some DiGAs offer the option of transferring data to the ePA. In order for a DiGA to store data in your ePA, you must grant the appropriate permissions in both applications. In your health insurance company's ePA app, you must authorize the desired DiGA to store data. In the DiGA itself, you must consent to this data being transferred to the ePA. Further information about the relevant consents and settings in the DiGA can be obtained from the DiGA manufacturer.

5.10 What changes if I do not use the ePA app?

Preliminary remark: If you do not want to or cannot use the ePA app, you have the option of appointing a representative. This person can then access your ePA with their own ePA app and manage it for you. For more information, please refer to section 8.2 What exactly is the representative function of the ePA?Your health insurance company's ombudsman service also offers further support options. For more information, please refer to section 8.3 How does my health insurance company's ombudsman service support me in using the ePA?

If you do not use the ePA app yourself, this has the following implications for the exercise of your rights as a data subject:

• You will not be able to independently access your data stored in the ePA, delete data, or restrict access permissions to certain data. Your health insurance company also has neither the legal authority nor the technical capability to read the data in your ePA and make it available to you.
• You cannot store your own documents (e.g., previous medical findings) in the ePA. You must contact the service provider that has the relevant data and request that it be stored in the ePA.
• You can only grant service providers access to the ePA directly using your eGK. If you want to technically revoke a service provider's access to your ePA (i.e., lodge an objection), you must contact your health insurance company's ombudsman. For more information, please refer to section 8.4 What options does the ombudsman's office offer me with regard to access by service providers?
• You cannot hide documents already stored in the ePA from service providers or make them visible to them. If a service provider enters data for you in the ePA, you can ask the provider to hide certain data. Hidden information will still be available in your ePA, but other service providers will not be able to see these documents or use them from the ePA. To make a hidden document visible to other service providers again, you will need to use an ePA app. You can appoint a representative for this purpose, for example.
• The access period for service providers cannot be customized individually; it corresponds to the legal requirements in Table 1.

6 Use of the electronic patient record (ePA) by service providers

6.1 Who can access my ePA and when?

Access from a service provider institution may only take place if it is actually necessary for the purposes of health care or occupational medicine, for assessing the fitness for work of employees, for medical diagnostics, for care or treatment in the health or social sector, or for the administration of systems and services in the health or social sector. Access must be related to your visit or your use of a corresponding service.

When visiting a service provider facility (e.g., a doctor's office), the connection to the treatment and thus the access option can be established immediately by presenting the eGK. Alternatively, you can also grant access authorization via your health insurance company's ePA app, regardless of whether you visit the facility in person. By granting service providers access to the ePA, you automatically consent to the processing of your personal data by the respective service provider in accordance with Section 353 of the German Social Code, Book V (SGB V).

Access can only take place if you have not previously objected to this – in the ePA app, at the service providers, or via the ombudsman's office. Further information on this can be found in section 10. The options for objection within the framework of the electronic patient record (ePA)

For company doctors and public health service institutions, you must give your prior consent for them to access the ePA. Without your consent, these institutions are not permitted to access the ePA. By presenting your eGK, you technically grant access to the ePA.

Access authorization always extends to the entire service provider institution or organizational unit. You therefore grant access to the entire medical staff of a service provider institution, e.g., a doctor's office, a medical care center, or a hospital. If you object to access, you withdraw the authorizations from the entire institution or department accordingly.

For some service providers, the legislator has stipulated in Section 352 of the German Social Code, Book V (SGB V) that they may only view certain information in your ePA. You cannot grant access rights beyond these legally stipulated access rights. For example, a pharmacist may not view data from your electronic dental bonus booklet. Table 2 provides a complete overview of access permissions.

Every service provider institution is legally obliged to log who accessed which data in your ePA and when. Access by the service provider institution is stored in the ePA in a traceable manner. The service provider institution must in turn log which person working for the institution accessed the data.

6.2 How long can a service provider access the ePA by default?

By default, a service provider can only access your ePA within a certain period of time after your visit or treatment. The duration depends on the type of service provider. If you use healthcare services again and your eGK is scanned, the ePA will extend the access period accordingly. Table 1 below shows the respective durations.

You can use your health insurance company's ePA app to control the access duration for individual healthcare providers yourself. You can choose between access for a minimum of one day and unlimited duration.

Table 1: Access duration of service providers

6.3 Which service providers are allowed to access which data in the ePA?

The service providers who are permitted to access which data under the aforementioned conditions is regulated in detail by law (in accordance with Section 352 of the German Social Code, Book V). We have summarized these regulations for you in Table 2 below. Please note that data entered into the ePA by your health insurance company regarding individual health risks cannot yet be shared with service providers via the ePA due to the current lack of legal regulations.

The table shows the maximum permissible access authorizations for all users of an ePA. Granting permissions beyond this is not permitted and is technically prevented. By objecting to or hiding documents and document categories, you can restrict permissions at any time and extend them again within the specified framework. This gives you precise control over which service provider institution is allowed to access which data in the ePA. For more information, see sections 6.11 What can I do to prevent service providers from seeing certain documents in the ePA (hiding documents)? and 6.12 I no longer want a service provider to be able to access my ePA. What can I do?

Example 1: The table shows that, for example, doctors and staff at medical service providers can access all service provider data for writing, reading, and deleting purposes without any further restrictions on their authorization.

Example 2: Pharmacists (and pharmacy staff) have write access to the electronic medication plan, electronic vaccination documentation, prescription data, and dispensing information from prescriptions without any further restrictions on their authorization, i.e., they can create and update this data in your ePA. Authorized pharmacists and pharmacy staff have read-only access to all other documents.

Example 3: Remedial service providers, including staff, e.g., physical therapy practices, can read all data in the ePA, with the exception of vaccination documentation, if the appropriate authorizations have been granted. They can create, modify, and delete findings, diagnoses, completed and planned therapeutic measures, treatment reports, and other examination- and treatment-related medical information from their respective therapeutic area (e.g., physical therapy).

Important note: Read access (i.e., a check mark in the "Read" column) means that the data can be downloaded from the ePA and transferred to the treatment documentation of the respective service provider. Even if the authorization is revoked, data that service providers have transferred to their treatment documentation remains available to the formerly authorized service provider facility. The reason for this is that they have downloaded the data from the ePA and created their own copy of the data. This is necessary from a legal perspective, as service providers must document their treatment in full in accordance with Section 630f of the German Civil Code (BGB).

6.4 What data must the contract physicians and hospitals involved in my treatment enter into the ePA?

The obligation to store certain data in the ePA by contracted medical service providers and hospitals is regulated by law.

According to Sections 347 and 348 of the German Social Code, Book V (SGB V), contracted healthcare providers and hospitals are legally obliged to store the following data in the ePA, even without your express request, provided that this data is collected and processed electronically as part of your current treatment and you have not expressly objected to its storage:

• Data to support medical applications
• Data on laboratory findings
• Findings reports from imaging diagnostics
• Findings from invasive and non-invasive, surgical or conservative measures
• Electronic doctor's letters or electronic discharge letters from hospitals

If the above data has been collected and electronically processed by service providers in the course of previous treatments, it may be entered into the ePA in accordance with Section 348 of the German Social Code, Book V (SGB V), if they deem it necessary for your care. Service providers are obliged to inform you about which data is stored in the ePA.

6.5 What data must other service providers involved in my treatment enter?

Other service providers involved in your treatment, e.g., pharmacies, physical therapy practices, or nursing facilities, may also store data related to your treatment in your ePA.

Unlike contract physicians and hospitals, however, other service providers are not necessarily connected to the telematics infrastructure (TI). Without a TI connection, they have no way of accessing your ePA and are not obliged to store data in your ePA.

Other service providers can store the following data in the ePA – provided that it is collected as part of your current treatment, processed in a machine-readable format, and you have not expressly objected to its storage:

• Data to support medical applications
• Data on laboratory findings
• Findings reports from imaging diagnostics
• Findings from invasive and non-invasive, surgical, or conservative measures
• Electronic doctor's letters or electronic discharge letters from hospitals

The above data can only be stored in the ePA if this is also permitted for the relevant service provider. For more details, see section 6.3 Which service providers are allowed to access which data in the ePA?

If the above data has been collected and processed electronically as part of previous treatments, it can also be entered into the ePA if this is necessary for care from the perspective of the respective service provider. In this case, you must be informed of this in advance.

6.7 What data do the service providers involved in my treatment enter into the ePA at my request?

In addition to the above-mentioned data, the service provider institution must , in accordance with Sections 347–349 of the German Social Code, Book V (SGB V), store further data in the ePA at your request – provided that this data has been collected as part of your current treatment and is processed in a machine-readable format. To do this, the service providers require your express consent, which must then be recorded in the treatment documentation. In addition, the service provider must be connected to the TI.

An overview of the data that can be entered into the ePA can be found in section 4.2.1 Data from service providers

A prerequisite for storing this data is that this is also permitted for the relevant service provider facility. Further information can be found in section 6.3 Which service providers are allowed to access which data in the ePA?

In addition, a contract medical facility or hospital must store electronic copies of your treatment documentation in the ePA at your request in accordance with Section 630g of the German Civil Code (BGB).

1.4 Can I object to the storage of certain data by service provider institutions?

You have the right to object to the transfer of individual pieces of information. If you object to the transfer, the data may not be stored in the ePA. The service provider is obliged to document the objection. For more information, see section 10 Options for objection within the framework of the electronic patient record (ePA).

If you object to certain service providers accessing the ePA, they will not be able to enter any data into the ePA, even if they are involved in your treatment. In this case, the data will continue to be kept separately at the facility as before.

1.5 What data do the company doctors involved in my treatment and the public health service enter into the ePA?

Unlike all other service providers, your explicit consent is required for company doctors and public health service providers to access the ePA. Technically, you grant access in the same way as in a doctor's office or hospital: either using your health insurance company's ePA app or by presenting and scanning your eGK when visiting the relevant facility.

The company doctors involved in your treatment and the doctors in the public health service must store data to support the medical applications of the ePA at your request if this data is collected and processed in a machine-readable form as part of your current treatment. In addition, no other legal provisions may prevent the transfer of data. Further information on medical use cases can be found in section 7 Medical use cases of the electronic patient record (ePA)

The following data is included:

• Data on findings, diagnoses, completed and planned therapeutic measures, early detection examinations, treatment reports, and other examination- and treatment-related medical information
• Electronic dental bonus booklet
• Electronic examination booklet for children
• Electronic maternity log and data from midwifery care
• Electronic vaccination documentation
• Data on nursing care
• Electronic certificate of incapacity for work (eAU)

1.6 What applies to the storage of particularly sensitive data, such as data on mental illness?

Before service providers enter data into the ePA that could lead to discrimination or stigmatization, such as data on mental illness, sexually transmitted diseases, or abortions, they must inform you of your right to object to the entry. If you then declare your objection, this must be recorded by the service provider in their treatment documentation. The institution may then not transfer the relevant data to the ePA. You can read about how to exercise your right to object in section 10, Options for objection within the framework of the electronic patient record (ePA).

If service providers intend to enter data from genetic tests within the meaning of the Genetic Diagnostics Act into the ePA, your express consent in written or electronic form is required in advance.

1.7 Who has to update my electronic medication plan and my emergency data (or short patient file)?

If your electronic medication plan, patient summary, or emergency-related data stored on the eGK changes and you keep this data in the ePA, you are entitled to have the data updated if it changes in the course of current treatment. At your request, the service providers who made the changes to the data are obliged to store them in the ePA.

As long as this data is still on the eGK, the entitlement applies to both the data in the ePA and the data on the eGK.

However, if you object to the data being stored in the ePA, the service providers must delete the relevant data from the eGK. This serves to minimize health risks due to outdated data on the eGK.

Good to know: The paper-based (nationally standardized) medication plan can still be used without the ePA.

1.8 What can I do to prevent service providers from seeing certain documents in the ePA (hiding documents)?

If you do not want service providers to be able to view particularly sensitive documents, you can hide these documents completely from all service providers. You can hide individual documents or entire categories of documents.

If you hide documents completely, only you and your representatives will have access to these documents, but not service providers or service provider institutions.

Individual documents that have been stored in the ePA for medical purposes may not be hidden. This is particularly the case if the data is relevant to your medical care in its entirety. You can find relevant information on this in section 7 Medical uses of the electronic patient record (ePA).

Information on the possible effects of unavailable information on the benefits of the ePA can be found in Section 3 The benefits of the electronic patient record (ePA)

1.9 I do not want a service provider to be able to access my ePA (anymore). What can I do?

You can object to a service provider accessing your ePA directly on site at the facility or using the ePA app. If you do not use the ePA app, you can also submit your objection to your health insurance company's ombudsman. The ombudsman offices are obliged to enforce your objection technically. Once you have lodged an objection, the healthcare provider will be technically excluded from accessing your ePA. If you object to access directly on site without using the ePA app or the ombudsman office, this will not be implemented technically in the ePA and may only apply to the visit in question to the healthcare provider.

Of course, you can revoke an objection at any time if you wish to allow a service provider access again at a later date. This can also be done either via the ePA app (e.g., directly with the service providers) or with the help of your health insurance company's ombudsman.

Please note that an objection always completely excludes the service provider facility from accessing your ePA. If you only want to withhold certain information from all service provider facilities and use your health insurance company's ePA app, you can hide specific data. For more information, see section 6.11 What can I do to prevent service providers from seeing certain documents in the ePA (hiding documents)?

You can either use the ePA app itself to deny public health service providers, such as doctors in public health departments and company doctors, access to the ePA, or you can lodge an objection with the ombudsman's office.

2 Medical use cases for the electronic patient record (ePA)

2.1 What are medical use cases in the context of the ePA?

A medical use case is a legally defined process for supporting medical care (in accordance with Section 342 (2a–c) of the German Social Code, Book V (SGB V)), which runs automatically and is supported by the ePA. To this end, the ePA automatically imports data from other applications in the telematics infrastructure, e.g., from e-prescriptions. This means that the service providers involved in your treatment have immediate access to information that has already been collected by other parties in the course of your healthcare.

2.2 What medical use cases already exist?

You can use the electronic medication list to support your treatment. The electronic medication list automatically contains all medications prescribed via e-prescription and dispensed to you on the basis of the prescriptions. This information gives you and your healthcare providers a quick overview of your medication.

In the future, the digital medication process will be available to you. The currently planned launch date can be found in section 13 Next steps in the further development of the electronic patient record (ePA) and future possibilities. In the future, the digital medication process will be based on the data in the electronic medication list and will expand it to include data for checking the safety of your drug therapy (such as your body weight or information about your kidney function) and support service providers in creating your electronic medication plan directly from the ePA. The digital medication process contributes to your health, for example, by helping to avoid undesirable drug interactions. Your health insurance company will provide you with timely, updated information on all use cases of the ePA.

2.3 What other medical applications will the ePA support in the future?

The legislator plans to support further medical applications through the ePA. Details regarding the introduction, scope, and use of future applications are still being regulated by the Federal Ministry of Health. Your health insurance company will inform you in good time. You can find the planned delivery dates in section 13 Next steps in the further development of the electronic patient record (ePA) and future possibilities.

2.4 Do I have to use the medical applications of the ePA?

As with the ePA itself, the decision is yours: if you do not want data to be automatically provided in your ePA through a medical use case, you can object to the individual use case directly via your health insurance company's ePA app. You can revoke an objection once it has been submitted at any time.

For more information on objection options, see section 10.2 What objection options are available in connection with the ePA and individual access authorizations?

2.5 I do not want to use the ePA's electronic medication list. What do I have to do?

If you do not want to use the ePA's electronic medication list, you can object to it. There are two options:

• You object to the medical use case itself. In this case, the ePA will continue to receive a medication list with information about all your prescribed and redeemed e-prescriptions, but your service providers will no longer be able to use this information. Only you will still be able to view the complete medication list with the ePA app.
• You object to the entire data exchange between e-prescriptions and the ePA. Any medication list that may already exist will then be deleted from the ePA. This data will also be irrevocably unavailable when the digital medication process is introduced. If you later withdraw your revocation and then wish to use the digital medication process, drug prescriptions and dispensing will only be recorded from that point onward.

You can revoke an objection once it has been submitted at any time. For more information on objection options, see section 10.2 What objection options are available in connection with the ePA and individual access authorizations?

2.6 Can I withdraw access to the medication list from individual service providers?

If you do not want a particular service provider to have access to your medication list, you can hide it using the ePA app. The service provider will then not be able to see the information stored in your electronic medication list. All other service providers with access to your ePA will still be able to see the electronic medication list. The automatic transfer of prescribed medications and the transfer of e-prescription redemptions to your electronic medication list will also continue to take place.

If you want to grant the service provider access to the medication list again, you can undo the hiding at any time using the ePA app.

3 Support for using the electronic patient record (ePA)

3.1 Where can I get support for using the ePA?

On the one hand, your health insurance company offers you the so-called representation function of the ePA. On the other hand, you can also contact your health insurance company's ombudsman. Both options can be combined according to your needs.

3.2 What exactly is the ePA representation function?

The law stipulates that you can appoint representatives to manage your ePA via the ePA app provided by your health insurance company. The representative and the person being represented do not have to be insured with the same health insurance company.

Representatives can also be set up via the ePA app of the person who is to represent you. In this case, you do not need your own device or ePA app, but you must authorize the representative to access your ePA, e.g., by using your eGK and PIN on the representative's device. Please note, however, that an ePA app is required to revoke the power of representation, which is possible at any time. It is not possible to revoke this authorization via the ombudsman's office.

Your representative has almost the same rights as you do. For example, they can lodge objections with service providers who have access rights (doctor's offices, hospitals, pharmacies, etc.) and view the documents stored in your file. However, your representatives cannot appoint further representatives and are not authorized to close the file.

It is important that you only assign this responsible task to people whom you trust completely and to whom you would also grant power of attorney, for example. Unlike authorizations for service providers, representations cannot be granted for a limited period of time and therefore do not expire. You must actively release your representative from their representation via your health insurance company's ePA app. If necessary, your health insurance company will explain the option and procedure for granting representation authorizations in more detail.

3.3 How does my health insurance company's ombudsman service support me in using the ePA?

The ombudsman service set up by your health insurance company will advise you on all questions and problems relating to the use of the ePA. In particular, the ombudsman service will inform you about the application procedure, the procedure for providing the ePA, and the appeal procedure, as well as your other rights and claims in connection with the ePA and how it works.

In addition, the ombudsman service also supports you in the specific use of the ePA. It accepts objections to the medical applications of the ePA and to access by individual authorized persons and enforces these for you technically. It is also possible to revoke objections that have been lodged via the ombudsman service. Upon request, the ombudsman's office can also provide you with the log data of your ePA. In addition, you can object to the ombudsman's office against the use of the data in your ePA for public welfare purposes (see Section 12 Use of data from the electronic patient record (ePA) for public welfare purposes).

3.4 What options does the ombudsman service offer me with regard to access by service providers?

The ombudsman's office can enforce your objections to access by service providers and handle their revocation. This gives you control over who can access your health data even without the ePA app.

To prevent a service provider facility from accessing your data, you can lodge an objection with your health insurance company's ombudsman. You can also revoke this in the same way.

You can also use the withdrawal of access rights to revoke existing access rights before the access authorization expires, e.g., because you want to end treatment at a service provider facility and prevent that facility from continuing to access your ePA.

4 Changing health insurance companies and the electronic patient record (ePA)

4.1 Can I simply take the data stored in the ePA with me when I change health insurance companies?

The ePA is offered to you by your health insurance company. If you change health insurance companies, the data from the ePA will be transferred in encrypted form. The transfer of the ePA from your previous health insurance company to your current one happens automatically without you having to do anything. The authorizations and objections you have granted, as well as any representations, will also be transferred.

If you have objected to your previous health insurance provider providing data about the services you have used, this objection does not automatically continue to apply. If you still do not want such data to be stored, you must submit a new objection to your new health insurance provider. However, if you decide to store this data, you do not need to do anything when you change health insurance providers.

Please note that information from health insurance-specific applications in the ePA may not automatically be available to the new health insurance company. If necessary, you should back up the relevant data yourself so that it is still available after you change health insurance companies. Your health insurance company will provide you with further information on data transfer when changing health insurance companies.

If you use the representation function, your representatives will be automatically informed of any change of operator when you change health insurance companies. Further information on the representation regulation can be found in section 8 Support in using the electronic patient record (ePA)

4.2 Do I have to object to the use of the ePA again if I change health insurance providers?

What applies to the file created also applies to the objection to a file: just like the file, the information that you have objected to the provision of the ePA is exchanged between the two health insurance companies involved. Your new health insurance company will therefore not automatically set up an ePA for you if you have objected to your previous health insurance company. If you would like an ePA with your new health insurance company, you must revoke your objection to your new health insurance company. 5 Options for objection in the context of the electronic patient record (ePA)

5.1 I do not want an ePA to be created for me. What do I have to do?

As part of the introduction of the opt-out solution for the ePA, the legislator provides for an objection period of 6 weeks against the creation of the ePA after you have received the relevant information from your health insurance company. The same procedure also applies if you are contacting the statutory health insurance company for the first time.

So if you do not want an ePA, you must object to its creation by contacting your health insurance provider. You can obtain more detailed information about the procedure from your health insurance provider.

5.2 What options for objection are available in connection with the ePA and individual access authorizations?

The ePA offers a variety of options for objection, allowing you to tailor its use to your needs. Table 3 below shows the options for objection. You can revoke an objection at any time. The procedure used for the objection may differ from the procedure for revocation. For example, you may have submitted an objection directly via the ePA app, but revoked it via the health insurance company's ombudsman.

With the help of the ePA app, you have the option of explicitly objecting to access by individual service providers. The objection can be lodged in the ePA app before or after visiting the relevant service provider. An objection always applies to the entire file. Once lodged, an objection can be withdrawn at any time via the ePA app. If you do not use the ePA app, the other procedures listed in the table are available to you.

Table 3: Objection options when using the ePA

5.3 Will I experience any disadvantages in my healthcare if I object to the ePA as a whole or to individual functions?

If you decide not to use the ePA or individual features, you will not experience any disadvantages in your healthcare. Your healthcare will continue to be guaranteed by the established procedures. However, you will not be able to benefit from the advantages of the ePA. For more information, please refer to section 3, The benefits of the electronic patient record (ePA).

5.4 What do I have to do if I no longer want the ePA?

You have the option of completely closing your ePA, i.e., having it deleted, at any time. To do this, you must object to the use of the ePA to your health insurance company. This objection to the use of the ePA must be expressed to your health insurance company in an appropriate form. This can be done, for example, via the ePA app provided by your health insurance company or in writing, e.g., by letter. Please contact your health insurance company for the exact procedure.

Objecting to an existing ePA will result in its deletion. All contents of your file will be deleted: all documents, authorizations granted, and log entries. In this case, you are responsible for backing up the documents stored in your file. If you want to keep certain documents even after closing your ePA, you must store them elsewhere.

If you use the ePA app provided by your health insurance company to access the ePA, you also have the option of saving the log data on your own device. The application offers a corresponding function for this purpose. In addition to backing up the documents, it also makes sense from a data protection perspective to back up the log data so that you can later trace who had access to your file. Your health insurance company's ombudsman's office can also provide you with the logs in a suitable form. For more information, see section 8.3 How does my health insurance company's ombudsman's office support me in using the ePA?

Important to know: You must request or retrieve the logs before your objection to the use of the ePA takes effect.

5.5 I have objected to the ePA, but now I would like to have it after all. What do I have to do?

You can withdraw your objection to your health insurance company at any time. You can do this, for example, via your health insurance company's ePA app or in writing. If necessary, you can obtain more detailed information on the procedure from your health insurance company.

5.6 What happens to the ePA after my death?

Since the ePA is designed to be a lifelong file, the legislator has also made provisions for the event of death. A health insurance company must delete the ePA within 12 months of learning of the death of an insured person. This does not apply if conflicting legitimate interests of third parties are asserted and proven.

6 Data protection and data security

6.1 How secure is the ePA?

All ePA operators must undergo the gematik approval process with the ePA they have developed. gematik checks the functionality and interoperability of the ePA on the basis of the test criteria it has published. Security is verified in accordance with specifications developed in collaboration with the Federal Office for Information Security (BSI).

The data in your file is always stored in encrypted form. If you yourself or a service provider involved in your treatment is authorized to access the ePA, the ePA transfers the data in encrypted form to the relevant computer systems, e.g., your doctor's office. Data processing in the ePA takes place in a technical environment that has been security-tested to the highest level and is trustworthy. Neither the operator nor the health insurance company has access to your data.

6.2 How secure is my health insurance company's ePA app?

In addition to the ePA itself, all ePA apps must also undergo the gematik approval process. gematik also checks the functionality and interoperability of the ePA app based on the test criteria it has published. Security is verified in accordance with specifications developed with the participation of the BSI.

The ePA app provided by your health insurance company has therefore been security-tested to the highest standards. It can be installed on smartphones with Android or iOS operating systems and run on desktop computers and laptops with current, suitable operating systems such as Windows, MacOS, and, if applicable, Linux.

You are responsible for the security of your application environment (smartphone, PC hardware, operating system) in which the application is installed. For more information, see section 5.5 How do I handle my health data securely in the ePA?

6.3 What data does the health insurance company exchange with the ePA operator?

In order to set up your ePA, the health insurance company and the respective industry partner exchange administrative personal information. In addition, your health insurance company or the ePA operator uses your health insurance number to check whether an ePA already exists for you. No personal health data is exchanged at this point.

If you change health insurance providers, the ePA operator will transfer your ePA in encrypted form from your previous health insurance provider to the ePA operator of your new health insurance provider. If you have objected to the use of an ePA, the two health insurance providers will also exchange information about the objection via the ePA operators when you change health insurance providers.

6.4 What rights do I have vis-à-vis my health insurance company with regard to the data processing operations of the ePA and the ePA apps?

Your rights vis-à-vis your health insurance company are derived from the legal provisions of the General Data Protection Regulation (GDPR) and the social data protection regulations of the Social Security Code. Within the meaning of this regulation, the health insurance company is the "controller." As an insured person, you can assert your "rights as a data subject" under the GDPR vis-à-vis your health insurance company. This includes, in particular, the obligation of health insurance companies to inform insured persons about the collection of personal data (Art. 13 GDPR in conjunction with § 82 SGB X and Art. 14 GDPR in conjunction with § 82a SGB X). Furthermore, insured persons have the following rights:

• the right to obtain information on whether and, if so, for what purpose certain personal data is processed by the health insurance company or its contractors (Art. 15 GDPR in conjunction with § 83 SGB X)
• the right to rectification of inaccurate personal data (Art. 16 GDPR in conjunction with § 84 SGB X)
• the right to erasure of personal data (Art. 17 GDPR in conjunction with § 84 SGB X)
• the right to restriction of processing (Art. 18 GDPR in conjunction with § 84 SGB X)
• the right to data portability (Art. 20 GDPR)
• the right to object (Art. 21 GDPR in conjunction with § 84 SGB X)

It should be noted that the legislator has excluded these rights if their exercise cannot be guaranteed by the health insurance fund as the body responsible for data protection, or can only be guaranteed by circumventing protective mechanisms such as encryption or anonymization. This restriction applies to data stored in encrypted form in the ePA, as the health insurance fund, as the responsible body, has no technical access to this data. Accordingly, the health insurance fund cannot comply with requests from insured persons for information or correction of data stored in the ePA (e.g., doctor's letters). An exception is data on services used, which your health insurance fund provides to you in the ePA. Since this data is imported into your ePA from your health insurance company's billing data, you have the option of having this data corrected by the health insurance company. To do this, you need confirmation of the correct diagnosis from the respective service providers. Your health insurance company will inform you about the detailed procedure.

However, the above rights do not apply to data that is not encrypted, such as log data.

6.5 What rights do I have if ePA data needs to be corrected?

Your health insurance company provides you with an ePA app so that you can exercise your rights under the GDPR yourself. However, you cannot use the ePA app to correct the data provided by your service providers. If corrections to this data are necessary, please contact the respective service providers treating you.

You are entitled to read data from the ePA, store it in the ePA, and delete it. You have the right to restrict access to data in the ePA or to lift this restriction and to grant or revoke authorizations. In addition, you can object to access to data in the ePA or must give your consent for the storage of particularly sensitive data (such as genome data). You can also process the following data yourself, i.e., change it and store it in your ePA:

• Health data that you have entered into the ePA yourself
• In the future: Data on information provided by insured persons regarding the existence and storage location of:
• Declarations on organ and tissue donation
• Health care proxies or living wills

6.6 Are all registration procedures for using the ePA secure?

There are basically the following registration procedures for the ePA:

• Registration with the Health ID
• Registration with the electronic health card (eGK)
• Registration with the eID function of the identity card, residence permit, or eID card for EU citizens

Using the Health ID allows for different levels of security during authentication. With the eGK and PIN, you can achieve the highest possible level of security, just as you would with your ID card, residence permit, or eID card for EU citizens. Alternatively, you can also register without a card and PIN. Although the security level of this registration is lower than that achievable with a card and PIN, it still guarantees an appropriately high level of protection.

The law also provides for the possibility, in individual cases, of declaring to your health insurance company your wish to use a more convenient registration procedure with a potentially lower level of security, after receiving comprehensive information from your health insurance company about the specifics of the procedure. If you are considering this, please note the following information. The health data stored in the ePA generally requires a high level of protection, as the damage caused by loss or misuse cannot be quantified in material terms. The Federal Commissioner for Data Protection and Freedom of Information (BfDI) recommends refraining from lowering the security level if possible.

Your health insurance provider will give you comprehensive information about the options available, the potential risks, and ways to avoid them.

7 Use of electronic patient record (ePA) data for public welfare purposes

7.1 How is its use regulated by law?

The further use of ePA data, particularly for research purposes, should be possible from the date specified in Section 13 Next steps in the further development of the electronic patient record (ePA) and future possibilities. The legal and technical framework is currently being developed by the Federal Ministry of Health and gematik. The following information is therefore based exclusively on the legal basis in accordance with Section 363 of the German Social Code, Book V (SGB V).

7.2 What does "use of ePA data for public welfare purposes" mean?

The ePA data of as many people in Germany as possible can provide important insights for the future design of health and nursing care. The provision of data from your ePA for public welfare purposes is voluntary. You can use it, for example, to support healthcare research and contribute to improving the safety and quality of care, prevention, and nursing. The purposes that are considered to be in the public interest and who is allowed to use the data are defined by law. On this basis, the Research Data Center at the Federal Institute for Drugs and Medical Devices (BfArM) controls the further use of the data.

7.3 How is my personal data protected?

The data in the ePA is always provided in pseudonymized form for use for public interest purposes. This means that the data does not allow any conclusions to be drawn about your person. All personally identifiable data, such as your name, address, and health insurance number, is removed and replaced with a delivery pseudonym. This pseudonym is used in further data transmission instead of your personally identifiable data. Pseudonymization is automated. The data transfer to the Research Data Center at the BfArM is documented in your ePA.

7.4 What do I have to do to make my ePA data available for public benefit purposes?

The legislator has stipulated that the data in the ePA can probably be used automatically for public interest purposes from the date specified in section 13 Next steps in the further development of the electronic patient record (ePA) and future possibilities, provided you have not objected to its use. If you want your ePA data to be used for public interest purposes, you do not need to do anything.

You can find out how to object to the disclosure of your ePA data for public welfare purposes, either in whole or in part, in Section 12.7 How can I object to the use of data for public welfare purposes?

7.5 How is data provided and used?

In order to make the data stored in your ePA available for public welfare purposes, the ePA automatically determines which data is suitable. According to gematik's specifications, this currently includes data from the medical use case "digital medication process."

In the next step, all personal information is replaced by a pseudonym. For more information, see section 12.3 How is my personal data protected?

The ePA transmits the delivery pseudonym and a work number to the trust center at the Robert Koch Institute (RKI). For more information, see section 12.6 Which agencies are involved in the use of ePA data for public welfare purposes?

In addition, the ePA encrypts the pseudonymized data and the work number for the research data center and transfers them there. For documentation purposes, the ePA stores the fact that data has been transferred for public welfare purposes.

The trust center uses the work number and the delivery pseudonym to determine a so-called cross-period pseudonym and sends both to the research data center. With the help of these two codes, the research data center can merge everything into a single database without it being directly traceable to you personally. In the event of an objection to the use of the data for research purposes, your data can also be deleted by the research data center.

Authorized users submit an application to the research data center for data use within the scope of a usage project. The research data center decides whether the data use is permissible based on the criteria specified by law. A project must serve specific purposes (see section 12.7 How can I object to the use of data for public interest purposes? If the Research Data Center approves the application, it grants the corresponding project access to the data. Sensitive health data is not disclosed, but can only be used in the secure processing environment of the Research Data Center. Only aggregated and anonymized data (i.e., data that can no longer be traced back to a specific person or can only be traced back to a specific person with a disproportionate amount of time, cost, and effort) will be released.

7.6 Which bodies are involved in the use of ePA data for public welfare purposes?

Your health insurance company, as the provider of the ePA, is the body responsible for data protection in connection with the ePA.

The Robert Koch Institute (RKI) operates the trust center in accordance with Section 303c of the German Social Code, Book V (SGB V) and is the body responsible for the compatibility of pseudonyms.

The Federal Institute for Drugs and Medical Devices (BfArM) operates the research data center in accordance with Section 303d of the German Social Code, Book V (SGB V) and receives the data provided by the ePA. The research data center makes the data available to those legally authorized to use it upon request. It must delete your pseudonymized data after 100 years or in the event of your objection.

7.7 How can I object to the use of data for public interest purposes?

If you do not want your data stored in the ePA to be used for public welfare purposes, you can object to its use. The objection may relate to the continued use of your data in general or only to its use for specific purposes. You can exercise your right to object via your health insurance company's ePA app or via the ombudsman's office.

The option to object via the ombudsman service is already available to you today. The option to object directly via the ePA app is expected to be available from the date specified in section 13 Next steps in the further development of the electronic patient record (ePA) and future options.

If you only want to make your ePA data available for specific purposes, you have the option of exercising your right to object accordingly. The legislator distinguishes between the following purposes (in accordance with Section 303e (2) SGB V):

• Performance of control tasks by the collective bargaining partners
• Improving the quality of care and improving safety standards for prevention, care, and nursing
• Planning of service resources, e.g., hospital planning or care structure planning recommendations in accordance with Section 8a (4) SGB XI
• Scientific research on issues in the fields of health and care, analyses of care provision, and basic research in the field of life sciences
• Support for political decision-making processes for the further development of statutory health and long-term care insurance
• Analyses of the effectiveness of cross-sector forms of care and of the effectiveness of individual contracts of health and long-term care insurance funds
• Performing health reporting tasks, other federal reporting obligations under SGB V or SGB XI, and official statistics, as well as reporting obligations of the federal states
• Performing statutory tasks in the areas of public health and epidemiology
• Development, further development, and monitoring of the safety of drugs, medical devices, examination and treatment methods, aids and remedies, digital health and care applications, and artificial intelligence systems in the healthcare sector, including the training, validation, and testing of these systems
• Benefit assessment of medicinal products, medical devices, examination and treatment methods, aids and remedies, and digital health and care applications, negotiation of reimbursement amounts or setting of maximum amounts and thresholds in accordance with Section 134 SGB V, and agreement or setting of reimbursement amounts for medicinal products in accordance with Section 130b SGB V

Any objection made will be documented in the ePA with the date and time.

Important to know: If you object to the use of your data for public welfare purposes before the planned introduction date of the ePA data and then change your health insurance company, you must object again to your new health insurance company. Health insurance companies cannot yet exchange your objection with each other during the aforementioned period.

7.8 What happens to my data stored at the research data center if I object?

If you object, the data that has already been transferred to the research data center will be deleted there. The deletion procedure is analogous to the data transfer and linking described in section 12.5 How is data provided and used?

If you object to the use of your data for specific purposes, this data may no longer be used for these purposes. However, the data will remain stored in the research data center for use for other purposes to which you have not objected.

Data transmitted prior to the objection and already used for specific projects may continue to be processed for these research projects. Your rights as a data subject under Articles 17, 18, and 21 of the EU General Data Protection Regulation (Regulation (EU) 2016/679) are excluded for these research projects. Once the specific projects have been completed, the data will be deleted from the research data center.

7.9 When will the use of ePA data for public interest purposes be introduced?

At the earliest six weeks after the option to object to the use of ePA data for public interest purposes has been made available via the ePA app, your health insurance companies will be able to provide the research data center with the relevant data for the first time.

8 Next steps in the further development of the electronic patient record (ePA) and future possibilities

8.1 What are the next steps in the further development of the ePA?

This section summarizes the measures currently planned for the further development of the ePA in healthcare, together with the planned implementation dates.

8.2 What else is legally planned for the ePA?

The ePA options listed below are provided for by law. In contrast to the functions described in the previous section, however, no implementation date has yet been set for them.

The legislator also plans to include further medical applications in the ePA, such as

• the inclusion of emergency-related information in a patient summary in the ePA, or
• the storage of laboratory findings and laboratory data in a structured form.

In the future, your ePA will also be able to transfer data to the digital health applications (DiGA) you use, with your consent. This will allow you to use certain data from the ePA directly in the DiGA.

In addition, the use of the ePA by service providers in other EU countries is also planned, e.g., if you are staying there on vacation. The electronic patient summary will be used for this purpose, providing a quick overview of your important emergency data.

Another important aspect of the further development of the ePA into a digital health platform is the gradual conversion of document-based data into electronically processable data records. This will be carried out in accordance with the specifications of the Federal Ministry of Health. In this context, the legislator is also planning further refinements with regard to the control of access rights to the ePA by means of corresponding objection options at the level of individual data records.

As of November 20, 2025, Version 2.0