Information on the Electronic Patient Record (ePA) pursuant to Section 343(1a) of the German Social Code, Book V (SGB V)

1 Introduction

This document provides information about the electronic patient record (ePA).

We would like to show you below what possibilities the ePA offers you. Some of the features presented here will not be available from the start but will be added gradually. The current roadmap for the introduction of the ePA is fully outlined in Section 13, “Next Steps in the Further Development of the Electronic Patient Record (ePA) and Future Possibilities.” Your health insurance provider will continuously update this information and notify you in a timely manner about new ePA features and how to use them securely.

The introduction provides you with an initial overview of the ePA and its capabilities. Further information is organized by topic starting in Section 3.

1.1 Overview of Topics

The ePA is intended to improve medical care by enabling the secure and rapid exchange of health data between insured individuals and healthcare providers, such as doctors’ offices, hospitals, or pharmacies. You can find more details on this in Section 3: The Benefits of the Electronic Patient Record (ePA)

Use of the ePA is voluntary. If you object to the ePA and do not use it, you will not face any disadvantages. However, you will also not be able to take advantage of the benefits of the ePA. For more information on this, see Section 3.4: “Will I face disadvantages if I object to the ePA or deny individual healthcare providers access to my ePA?”

You will automatically receive an ePA from your health insurance provider if you do not object to it. For more information about the ePA, its benefits, and the industry partner with whom your health insurance provider collaborates to provide the ePA, see Section 2: The Electronic Patient Record (ePA)

You can object to the ePA at any time, which will result in the deletion of the ePA and all data stored within it. You can revoke an objection at any time by contacting your health insurance provider. When a new ePA is created, it is initially empty and will be populated, for example, when your health insurance provider transmits data on services you have used or when a medication is prescribed to you. You have additional options to object even while using an ePA, e.g., against access by individual service providers. For more information on the various options to object, see Section 10: Options for Objecting within the Electronic Patient Record (ePA)

The ePA is divided into various document types and categories containing data from service providers, health insurance companies, insured individuals, and others. You can learn more about this in Section 4: The Electronic Patient Record (ePA) in Detail

The ePA app allows you to manage your ePA independently, delete or hide documents, grant or revoke access permissions, and designate representatives. You can find an overview of all options in Section 5: Independent Use of the Electronic Patient Record (ePA) with the ePA App

If you are unable or unwilling to use the ePA app, you may contact your health insurance provider’s ombudsman office to, for example, control individual providers’ access to the ePA or view the log data of your ePA. Alternatively, you may also designate a trusted individual as your representative regarding the ePA. For more information on support for using the ePA, see Section 8: Support for Using the Electronic Patient Record (ePA)

Some healthcare provider facilities are required to upload certain data to the ePA unless you object. Access permissions and the duration of access vary depending on the type of healthcare provider facility and the stored data. You can restrict or expand access to the ePA or individual documents. You can learn more about this in Section 6: Use of the Electronic Patient Record (ePA) by Healthcare Providers

Among other things, the ePA can support specific medical use cases, such as the electronic medication list, the medication process, or laboratory results. With the introduction of the ePA, the electronic medication list is available to you and your healthcare providers. For more information, see Section 7: Medical Use Cases of the Electronic Patient Record (ePA)

If you switch health insurance providers, your new provider will automatically take over your ePA along with all the data stored there. If you have objected to the use of the ePA with your previous health insurance provider, that objection remains valid when you switch providers. You can find more details in Section 9: Changing Health Insurance Providers and the Electronic Patient Record (ePA)

To protect against unauthorized access and ensure data integrity, the ePA uses encryption technologies and access controls, among other measures. Detailed information can be found in Section 11: Data Protection and Data Security

The law provides that data stored in the ePA may be used for public interest purposes, such as research. Data will only be provided if you do not specifically object to this and the data recipients comply with data protection regulations. The ePA replaces direct personal identifiers such as names and dates of birth with a pseudonym. This conceals your identity from data users. If you do not wish to make your data available for public interest purposes, you may separately object to this use of data by the ePA. Further information on this can be found in Section 12: The Use of Data from the Electronic Patient Record (ePA) for Public Interest Purposes. Information on the implementation timeline is provided in Section 13: Next Steps in the Further Development of the Electronic Patient Record (ePA) and Future Possibilities.

Your health insurance provider has been continuously developing the ePA in accordance with gematik’s guidelines since its introduction. You can read more about this in Section 13: Next Steps in the Further Development of the Electronic Patient Record (ePA) and Future Possibilities

1.2 Terms Used

In this document, the term “electronic patient record (ePA) ” refers to the entire digital infrastructure, i.e., all IT systems required for the provision of the ePA. The healthcare providers involved in your treatment use their own IT systems to access the ePA. These IT systems are not part of the ePA.

The term “ePA app” refers to the program you use on your device to access your ePA and the data stored within it. This may be a standalone app from your health insurance provider designed solely for ePA access. However, your health insurance provider may also have integrated the ePA app into its general service app (“health insurance app”). You can also use the ePA without the ePA app; see Section 5.10 What changes if I don’t use the ePA app?

“Healthcare providers” refers to all groups of people and institutions that provide healthcare services under the statutory health insurance (GKV). These include, for example, physicians, dentists, hospitals, and pharmacies. The term also includes individuals who work as assistants or are training for the profession under the supervision of such healthcare providers.

Facilities where service providers work are referred to below as service provider facilities. These can include medical practices, pharmacies, hospitals, medical care centers (MVZ), and other healthcare facilities. However, individual organizational units, such as a hospital department or a specific specialty within an MVZ, can also constitute their own service provider facility.

The ePA is being gradually linked with other digital healthcare applications. These are referred to below as medicaluse cases of the ePA . Priority is given to care processes that are important to a particularly large number of people. Further information on this can be found in Section 7: The Medical Use Cases of the Electronic Patient Record (ePA)

2 The Electronic Patient Record (ePA)

2.1 What is the ePA?

The ePA is your[1] personal, secure storage location for your health data. With the help of the ePA, you and authorized groups of people, such as the doctors treating you, can securely manage personal health and medical data digitally.

All individuals with statutory health insurance receive an ePA. It is provided to you by your health insurance provider. Whether or not you wish to use the ePA is your voluntary decision. If you do not wish to use the ePA, you must object to your health insurance provider. Once an objection to the ePA has been filed, it can be revoked at any time. For more information, see sections 10.1 I do not want an ePA created for me. What do I need to do? and 10.4 What do I need to do if I no longer want the ePA?

The ePA is provided as an opt-out file. This means that treating healthcare providers, such as doctors, and healthcare facilities, such as a hospital, are generally authorized to access your ePA. Furthermore, they are legally required to store certain data in your ePA—unless you object. For more information, see Section 6: Use of the Electronic Patient Record (ePA) by Healthcare Providers

[1] If, for example, you have comprehensive guardianship authority over another person as a legal guardian or through a power of attorney for healthcare, you may be able to exercise the options described in this document on behalf of the person under your care.

2.2 How does the ePA benefit my healthcare?

Ideally, your ePA will accompany you throughout your life. It serves as a secure repository for your health data and as a platform for communication between you and the healthcare providers involved in your care. The ePA is therefore your very own personal digital health management system for your care.

In addition, the ePA also supports certain medical use cases that are defined by law. Currently, this is the electronic medication list. To this end, the ePA automatically stores all medications that have been prescribed to you and that you have received based on an e-prescription. You can find more information on this in Section 7: The Medical Use Cases of the Electronic Patient Record (ePA)

For more detailed information on the personal benefits of the ePA, see Section 3: The Benefits of the Electronic Patient Record (ePA)

2.3 Who offers the ePA and who operates it?

The ePA is offered to you by your health insurance provider. In doing so, health insurance providers collaborate with industry partners who develop and operate the ePA from a technical standpoint. They must comply with fundamental requirements set by gematik GmbH (hereinafter: gematik) and undergo a rigorous approval process for the ePA they have developed, as well as the associated ePA app. This ensures the security of your data.

Your ZF BKK works with the company BITMARCK GmbH, Krupp-Straße 64, 45145 Essen, as the operator of the ePA to make the ePA available to you. Neither your health insurance provider nor the operator may or can access the data in the ePA. Your ePA is protected against unauthorized access through encryption technologies and specific organizational measures.

2.4 Is the ePA mandatory?

Use of the ePA is voluntary. Your health insurance provider will automatically provide you with an ePA. If you wish to use an ePA, you do not need to take any action. If, however, you do not want an ePA, you must object to its provision by your health insurance provider.

Co-insured children also receive an ePA. Upon reaching the age of 15, they can use the ePA independently and at their own discretion. Until the age of 15, legal guardians decide whether an ePA should be provided or whether to object to its provision.

For more information on opting out, see Section 10: Options for Opting Out of the Electronic Patient Record (ePA)

2.5 How does the ePA app work?

To access your ePA via a compatible device, you need a special app on your smartphone or computer. This app is provided to you by your health insurance provider. It may be a standalone app designed solely for managing your ePA. However, some health insurance providers also integrate this function into an existing service app, the health insurance provider’s app.

The ePA app establishes a connection via the internet to the telematics infrastructure where the actual ePA is stored. The various service providers in the German healthcare system are or will be connected to this network.

The ePA app was developed and security-tested in accordance with gematik specifications. With it, you can independently use all functions of the ePA, e.g.:

• Upload, view, download, or delete documents and data
• Manage access permissions—for healthcare providers, as well as for company physicians or physicians in the public health service
• Designating support persons for ePA use (proxies)

For more information, see Section 5: Independent Use of the Electronic Patient Record (ePA) with the ePA App

In principle, it is possible to use the ePA and exercise your rights and entitlements even without the ePA app. If you do not own a mobile device or a PC/laptop, or if you do not wish to use your health insurance provider’s ePA app for other reasons, you can still benefit from the ePA in your medical care. For more information, see sections 5.10 What changes if I don’t use the ePA app? and 8 Support for using the electronic patient record (ePA)

3 The Benefits of the Electronic Patient Record (ePA)

3.1 What added value does the ePA offer me?

For you personally, using the ePA offers the advantage of being able to digitally store, view, and share documents, test results, or information about your treatment in one central location with healthcare providers such as doctors or hospitals. This digital data exchange, which you manage and control, can help improve your medical care.

By providing access to relevant health data in your ePA, you help your treating physicians and other healthcare providers make the best possible therapeutic decisions, prevent adverse effects, and avoid unnecessary treatments or burdensome duplicate examinations. Instead of a loose-leaf collection at home or scattered treatment records across different practices, both you and your treating physicians have all important documents securely available in one place.

With the ePA, many processes related to healthcare are digitized, making them simpler and more secure. For example: By automatically importing data from your e-prescriptions, the ePA allows you to track at any time which medications you are currently taking and which have been prescribed to you in the past. Due to the complex interactions between medications, this information is extremely important for your doctors and for the pharmacy. Especially if you need to take multiple medications, this knowledge can help prevent adverse effects.

In the future, lab data can also be stored in a structured format in the ePA so that all important findings are available in one place. The ePA also contains references to important personal documents such as a health care proxy, patient declaration, or organ donor card.

In addition to the direct benefits for your care, the data provided in the ePA is intended to be used for public interest purposes in the future. It is important to note that all data from your ePA will be pseudonymized for this purpose. This means it cannot be directly traced back to you personally, but it provides important information for healthcare in Germany and can help in the further development of our healthcare system. For more information, see Section 12: Use of Data from the Electronic Patient Record (ePA) for Public Interest Purposes

3.2 How do I get the most out of the ePA?

As a general rule: The more complete your ePA is, the greater the added value for your care. If you are new to a practice or need to go to the hospital, important information—such as existing allergies or intolerances, previous lab results, or your current medication regimen—is available in the ePA. Diagnosis and treatment can be specifically based on this information.

It is important that everyone involved in your treatment has access to the data in your ePA and is permitted to enter current treatment data themselves. You must grant them this permission before treatment begins. You can manage these permissions either through the ePA app or by scanning your health insurance card (eGK) on-site. To ensure a complete ePA, you should exclude as few healthcare providers as possible from accessing the ePA or individual documents within the ePA.

3.3 Are there any disadvantages if I delete data from the ePA?

If you delete data from your ePA, that data will no longer be available in the ePA. The deletion takes effect immediately, and recovery is not possible using the ePA. Accordingly, deleted data will not be available to you or your healthcare providers for your care. Only documents that have already been transferred from the ePA to your healthcare providers’ own systems—such as your doctor’s office or pharmacy—will remain available to them even after deletion.

Therefore, please consider carefully whether to delete data from your ePA. You can hide documents in the ePA that you do not want service providers to see. For more information, see section 6.11: What can I do to prevent service providers from seeing certain documents in the ePA (Hiding Documents)?

3.4 Will I face any disadvantages if I object to the ePA or deny individual healthcare providers access to my ePA?

Whether you decide against an ePA and file an objection, or whether you want to have an ePA but do not wish to grant a healthcare provider full or any access to it, is entirely your decision. This will not result in any disadvantages for your healthcare. Your healthcare will continue to be guaranteed in the future through established procedures. However, in this case, you will not benefit from the advantages of the ePA in your medical treatment.

4 The Electronic Patient Record (ePA) in Detail

4.1 What can be stored in the ePA?

Healthcare providers involved in your treatment may generally store all information and data collected as part of your healthcare, provided you do not object. This may include, for example, test results, diagnoses, and treatment measures, doctor’s letters, prescriptions, electronic certificates of incapacity for work, etc. A detailed list of what healthcare providers are permitted to store in your ePA and under what conditions can be found in Section 6: Use of the Electronic Patient Record (ePA) by Healthcare Providers

You can also store your own personal health data. This may include, for example, self-managed diabetes diaries or digitized test results from previous treatments provided to you by your doctors, or your own records. This data must be stored in the ePA as PDF/A documents.

Your health insurance provider will also automatically upload information about the services you have used to the ePA, unless you have objected to this.

If you use a digital health application (DiGA), i.e., a health or medical app, you can also have this data stored in the ePA, provided you wish to do so and the DiGA supports data storage in the ePA. In the future, the ePA will also support data transfer from activity trackers or smartwatches, so-called wearables.

4.2 How is the ePA structured?

For greater clarity, the data in the ePA is divided into the following document types or categories:

4.2.1 Data from healthcare providers

• Findings, diagnoses, completed and planned therapeutic measures, early detection examinations, treatment reports, and other examination- and treatment-related medical information, separated into the following areas:
• Family physician’s practice
• Hospital
• Laboratory and human genetics
• Physical therapy
• Psychotherapy
• Dermatology
• Urology/Gynecology
• Dentistry and Oral and Maxillofacial Surgery
• Other medical specialties
• Other non-medical professions
• eMedication Plan (electronic medication plan)
• ePatient Summary (data from the electronic emergency record or patient summary)
• eDoctor's Letters (electronic doctor's letters)
• eDental Bonus Booklet (electronic dental bonus booklet)
• eChild Health Record (electronic child health record containing data for the early detection of childhood diseases)
• eMaternity Record (electronic maternity record containing data on medical care during pregnancy and after childbirth)
• eVaccination records (electronic vaccination records)
• Information on storage locations and the availability of declarations regarding organ and tissue donation, health care proxies, and advance directives
• Data on nursing care
• Data on e-prescriptions (prescription data and information on their redemption)
• eAU (electronic certificates of incapacity for work)
• Other medical data (e.g., data from participation in structured treatment programs (DMP))
• Data on medical treatment and rehabilitation
• Copies of treatment documentation from healthcare provider facilities (e.g., hospitals) pursuant to Section 630g of the German Civil Code (BGB)
• Declarations regarding organ and tissue donation

4.2.2 Your data

• Health data provided by you

4.2.3 Data from other providers

• Data from digital health applications (DiGA)
• Data on services utilized (provided by your health insurance provider)
• Information regarding a specific health risk, the risk of illness or the need for long-term care, or the existence of a vaccination indication pursuant to Section 25b of the German Social Code, Book V (SGB V) (provided your health insurance provider supports the procedure)

Note: The classification of the individual document types/categories is legally prescribed for both the ePA and the health insurance companies’ ePA apps. However, the document types or categories may be named differently in the ePA apps of the individual health insurance companies.

4.3 Who has access to the ePA?

You can access the ePA yourself if you use the ePA app. In addition, the following groups of people can use the ePA, either solely to read data or also to upload data, provided you do not actively object to this or have already objected:

• Healthcare providers and healthcare provider facilities

Detailed information on a healthcare provider’s access options, the requirement for your consent, and your options for objecting can be found in Section 6: Use of the Electronic Patient Record (ePA) by Healthcare Providers

• Health Insurance Companies

Your health insurance provider may store data regarding the services you have utilized in the ePA. In addition, it must transmit and store information regarding individual health risks in the ePA, provided that it evaluates the available data in accordance with Section 25b of the German Social Code, Book V (SGB V), and the evaluation identifies a specific health hazard, a specific risk of illness or the need for long-term care, or the existence of an indication for vaccination. Your health insurance provider also uploads any medical documents you have sent to them for digitization into the ePA.
Your health insurance provider is not legally permitted to access the data stored in the ePA, and such access is prevented through technical and organizational measures.

• Applications of the Telematics Infrastructure (TI)

To provide automated support for your medical care, TI applications access your ePA for specific medical use cases defined by law. This is done exclusively in accordance with gematik’s guidelines. For more information, see Section 7: Medical Use Cases of the Electronic Patient Record (ePA)

• People You Trust

You can also grant ePA access to people you trust particularly. These are your so-called representatives. Your representative generally has the same access rights as you do, can grant or revoke access to healthcare providers, and can request that health insurance companies provide data. However, your representative cannot delete your ePA, appoint additional representatives, or revoke representative authorizations. For more information, see Section 8: Support for Using the Electronic Patient Record (ePA)

• Your Health Insurance Company’s ePA Ombudsman Office

Every health insurance provider has an ombudsman office for the ePA. Among other things, the ombudsman office’s role is to assist insured individuals who lack access to a (mobile) device in exercising their rights. For example, it can file an objection on your behalf against individual healthcare providers’ access to the ePA. For more information, see Section 8: Support for using the electronic patient record (ePA)

• Digital Health Applications (DiGA) and Digital Care Applications (DiPA)

If you use a DiGA or DiPA, this health data can also be transferred to your ePA. You can obtain further information on this from your health insurance provider as well as from the manufacturer of your health application. In a later phase of the ePA’s development, you will conversely also be able to grant a DiGA or DiPA permission to access the data in the ePA.

• Future: Data Use for the Public Good

Unless you specifically object, the ePA will, in a future phase, automatically make your health data available in pseudonymized form for public interest projects within the scope of the EU General Data Protection Regulation. This objection can be made independently of any objection to the use of the ePA. Pseudonymization takes into account the protection of your personal data and is intended to minimize the ability to identify you as an individual. For more information, see Section 12: The Use of Data from the Electronic Patient Record (ePA) for Public Interest Purposes

4.4 Who is required to upload data to the ePA?

The ePA thrives on having as much personal health data stored in it as possible—only then does it deliver its full value to you and your treating healthcare providers.

In addition to the data you upload yourself, the data collected during your treatments by doctors or in hospitals and uploaded to the ePA is, of course, crucial. The doctors, dentists, and hospitals involved in your care arerequired (pursuant to Sections 347 and 348 of the German Social Code, Book V) to upload certain data to your ePA unless you have objected to this.

Other service providers, e.g., in the field of therapeutic interventions (physical therapy, occupational therapy, podiatry, speech therapy, nutritional therapy) or in home or inpatient care, may enter data into the ePA (pursuant to Section 349 of SGB V).

In addition, for the medical applications of the ePA , automatic transfer of data to the ePA is provided for (pursuant to Section 342(2a), (2b), (2c) of SGB V). Further information on this can be found in Section 7: The Medical Applications of the Electronic Patient Record (ePA)

For more information on what information is to be entered into the ePA as part of your treatment, see Section 6: Use of the Electronic Patient Record (ePA) by Healthcare Providers

4.5 What data does my health insurance provider make available in the ePA?

You are entitled to have your health insurance provider automatically provide data regarding the statutory health insurance services you have utilized. Due to established processes and billing audits conducted by health insurance providers, the provision of this data may be significantly delayed. Information regarding costs is not included in the data provided by health insurance providers.

In addition to data on services used, your health insurance provider must also upload data on personal health risks to the ePA if it evaluates the data available to it accordingly. This information may concern health risks, the risk of illness or the need for long-term care, and the existence of a vaccination indication. If you do not wish your health insurance provider to use your data in this manner, you may object to this in accordance with Section 25b of the German Social Code, Book V (SGB V).

In addition, you also have the option to have paper documents from your health insurance provider digitized and uploaded to the ePA. This service covers up to ten paper-based doctor’s letters or documents regarding findings, diagnoses, completed and planned therapeutic measures, early detection examinations, treatment reports, and other examination- and treatment-related medical information. You may use this service a total of two times within 24 months. For more information, please contact your health insurance provider.

5 Independent Use of the Electronic Patient Record (ePA) with the ePA App

This section describes how to use the ePA independently using your health insurance provider’s ePA app.

5.1 What do I need to use the ePA independently?

In addition to the ePA app provided by your health insurance provider and tested in accordance with gematik specifications, you need a suitable device. This can be, for example, a smartphone or tablet computer. To use it, the ePA app must be activated. You can find more information on this in section 5.4 How do I activate the ePA app for my ePA?

You can also use the ePA without a suitable device and the corresponding ePA app. For more information, see Section 8: Support for using the electronic patient record (ePA)

5.2 What key features does my health insurance provider’s ePA app offer?

The ePA app is designed in accordance with the guidelines of the BSI and gematik. These guidelines specify, among other things, which functions your health insurance provider’s ePA app must provide and how the stored data must be structured.

You are generally entitled to read, transfer, delete, and hide all data in the ePA. To enable you to exercise this right independently, your health insurance provider’s ePA app provides you with at least the following functions:

§ Upload, view, download, and delete documents

§ Object to and revoke access by individual healthcare providers

§ Hide and unhide documents

§ Hide and unhide the electronic medication list for individual healthcare providers

§ Create and revoke authorizations

§ Monitor access to the ePA using log data and download the log data

§ Object to the disclosure of your data regarding the services you have received to your health insurance provider, or withdraw an objection previously filed

§ Object to the use of the ePA, completely close the file, and delete all data stored in the ePA

§ Manage another person’s ePA as their authorized representative

In addition, the law stipulates that the following functions must be integrated into the ePA app, even if they are not directly related to the ePA:

§ Direct access from the ePA app to quality-assured health information on the national health portal“http://gesund.bund.de ”

§ Secure transmission of instant messages via the TI Messenger (TIM) to your health insurance provider and—if possible—your healthcare providers

§ Option to submit your organ donation declaration to the organ donation registry

5.3 What other features does my health insurance provider’s ePA app offer?

Since your health insurance provider’s ePA app is a custom-programmed app, your health insurance provider has the option to offer additional features that are not directly related to the ePA.

For example, your health insurance provider can integrate features for managing e-prescriptions into the ePA app. This allows you to manage e-prescriptions and, for example, assign your prescriptions to a pharmacy. For further details, please refer to the information provided by your health insurance provider regarding the use of the ePA app in conjunction with e-prescriptions.

Your health insurance provider may also offer you additional applications for voluntary use in conjunction with the ePA. You can make data from the ePA available to these applications. To do so, you must consent to the use of your data by the application. Your health insurance provider may only process the data you provide for the specific purposes of the application. The health insurance provider’s access to your data stored in the ePA remains technically impossible. Your health insurance provider will inform you about the type of data processed in the application, the storage location, and the access rights.

5.4 How do I activate the ePA app for my ePA?

After installation, your ePA app must be activated for your ePA when you use it for the first time. There are generally several ways to do this:

• Activation via your electronic health card (eGK) in conjunction with a mobile device (smartphone)

This activation is performed using the contactless NFC interface of your eGK and the corresponding PIN, which you receive from your health insurance provider after successful identification. To activate the app, simply hold your eGK against your smartphone in the appropriate manner.

• Activation using the Health ID

The Health ID is your digital access key to the healthcare system. It is created individually for you and contains your personal data, such as your name and health insurance number. The Health ID is thus your digital key that grants you access to online health applications such as the ePA. Use of the Health ID is specific to your health insurance provider. If you have any questions, please contact your health insurance provider.

• Activation using the eID function of your ID card, residence permit, or eID card for EU citizens

The activation process is similar to that for the eGK and a mobile device. Instead of the eGK and PIN, you use the corresponding eID function of one of the aforementioned cards.

For security reasons, use of the ePA app is linked to the device you used to activate it. You can activate additional devices for use with the ePA. The activated devices are stored centrally. A new device must be activated for its first use with the ePA.

The specific procedures may vary in detail from one ePA app to another. You can obtain further information from your health insurance provider.

5.5 How do I handle my health data securely in the ePA?

To ensure the security of your ePA data, it is essential that you use only an ePA app approved by gematik that you have downloaded from a trusted source. Trusted sources include, for example, the Apple App Store for the iOS operating system and Google Play for Android. For the operating systems of other devices (laptops or PCs), the stores of the operating system manufacturers (e.g., Microsoft or Apple) or your health insurance provider’s website are the trusted sources. In this regard, health insurance providers are obligated to comply with data protection regulations, including those regarding data transfers to third countries.

You should also always use your ePA app on devices that are under your control. Accessing the ePA via a public computer, e.g., in an internet café, must therefore be avoided at all costs! To use the ePA securely from your own device, you must also ensure the protection of your respective devices. The necessary instructions for this can be found in the ePA app documentation. You should also follow the BSI’s recommendations on device security. The BSI provides information on this topic online: https://www.bsi-fuer-buerger.de

5.6 What steps should I take if I lose my eGK or if I suspect misuse of my eGK or the login credentials for the ePA app?

Protecting access to the ePA is of particular importance. If the eGK is lost or you suspect misuse of the eGK or access to the ePA and the ePA app, these must be blocked with your health insurance provider as soon as possible to ensure the security of your data. Health insurance providers offer various options for blocking access (e.g., by phone or online). Therefore, if you suspect misuse, contact your health insurance provider immediately.

5.7 Can I delete the documents in the ePA or the entire file?

The principle of voluntariness also means that you have the right to delete the documents stored in the file yourself at any time.

Please note that when you delete data, it is permanently removed from the ePA. After deletion, the data is no longer available in the ePA. You cannot later restore this data yourself using the ePA. If you need this data again later, it must be made available through another channel (e.g., via the service providers who originally provided the data). However, this is not possible in all cases: For example, the automatically transferred data from an e-prescription is generally no longer recoverable from another source once it has been deleted from the ePA.

Therefore, before deleting any data, always check whether hiding the data might be a better alternative. Hiding a document keeps it in the ePA but makes it invisible to service providers. For more information, see section 6.11: What can I do to prevent service providers from seeing certain documents in the ePA (hiding documents)?

5.8 How do I keep track of who has made changes to my file?

The ePA records all activities in a log, e.g., accesses and changes made by healthcare providers or their representatives. If you use your health insurance provider’s ePA app, the contents of the log are displayed to you in a convenient and consistent manner.

5.9 How can I save data from a digital health application (DiGA) in the ePA?

Some DiGAs offer the option to transfer data to the ePA. For a DiGA to save data in your ePA, you must grant the necessary permissions in both applications. In your health insurance provider’s ePA app, you must authorize the desired DiGA to save data. In the DiGA itself, you must consent to allowing this data to be shared with the ePA. You can obtain further information about the relevant consents and settings in the DiGA from the DiGA manufacturer.

5.10 What changes if I don’t use the ePA app?

Preliminary note: If you do not wish to or are unable to use the ePA app, you have the option to designate a representative. This person can then use their own ePA app to access your ePA and manage it on your behalf. For more details, see Section 8.2: What exactly is the ePA’s representative function?Your health insurance provider’s ombudsman’s office also offers additional support options. You can find more information on this in Section 8.3: How does my health insurance provider’s ombudsman’s office support me in using the ePA?

If you do not use the ePA app independently, this has the following implications for the exercise of your rights as a data subject under data protection law:

• You have no way to independently access your data stored in the ePA, delete data, or restrict access permissions to certain data. Your health insurance provider also has neither the legal authority nor the technical capability to read the data from your ePA and make it available to you.
• You cannot store your own documents (e.g., previous medical reports) in the ePA. You must contact the healthcare provider that holds the relevant data and request that it be stored in the ePA.
• You can only grant service providers access to your ePA directly through the service providers themselves using your eGK. If you wish to technically revoke a service provider’s access to your ePA (i.e., file an objection), you must contact your health insurance provider’s ombudsman office. For more details, see Section 8.4: What options does the ombudsman’s office offer regarding service providers’ access?
• You cannot hide documents already stored in the ePA from healthcare providers or make them visible to them. If a healthcare provider enters data into your ePA, you can request that the provider set certain data to be hidden. Information set to hidden will still be available in your ePA, but other healthcare providers will neither be able to view these documents nor use them from the ePA. To make a hidden document visible to other healthcare providers again, you must use an ePA app. You can, for example, designate a representative for this purpose.
• The duration of access for healthcare providers cannot be customized individually; it corresponds to the legal requirements in Table 1.

6 Use of the Electronic Patient Record (ePA) by Healthcare Providers

6.1 Who can access my ePA and when?

Access from a healthcare provider facility may only occur to the extent that it is actually necessary for the purposes of preventive healthcare or occupational medicine, for assessing the work capacity of employees, for medical diagnostics, for care or treatment in the health or social sector, or for the administration of systems and services in the health or social sector. Access must be in the context of your visit or your use of a corresponding service.

When visiting a healthcare provider’s facility (e.g., a doctor’s office), the connection to the treatment—and thus the ability to access your ePA—can be established immediately by presenting your eGK. Alternatively, you can also grant access authorization via your health insurance provider’s ePA app, regardless of an in-person visit. By granting service provider facilities access to the ePA, you automatically consent to the processing of your personal data by the respective service provider facility in accordance with Section 353 of the German Social Code, Book V (SGB V).

Access can only be granted if you have not previously objected—in the ePA app, with the service providers, or through the ombudsman’s office. Further information on this can be found in Section 10: Options for Objection within the Framework of the Electronic Patient Record (ePA)

For company physicians and public health service facilities, you must give your consent in advance for their access to the ePA. Without your consent, these facilities are not permitted to access the ePA. By presenting the eGK, you technically grant access to the ePA.

Access authorization always applies to the entire healthcare provider facility or organizational unit. You are therefore granting access to all medical staff at a healthcare provider facility, such as a doctor’s office, a medical care center, or a hospital. If you object to access, you revoke the authorizations accordingly for the entire facility or department.

For some healthcare providers, the legislature has stipulated under Section 352 of the German Social Code, Book V (SGB V) that they may generally only view certain information in your ePA. You cannot grant access permissions beyond these legally defined access rights. For example, a pharmacist may not view data from your electronic dental bonus booklet. Table 2 provides a comprehensive overview of access permissions

Every healthcare provider facility is legally required to log who accessed which data in your ePA and when. The healthcare provider facility’s access is stored in the ePA in a traceable manner. The healthcare provider facility must, in turn, log which person working for the facility performed the access.

6.2 How long can a healthcare provider access the ePA by default?

By default, a healthcare provider’s access is only possible within a specific timeframe following your visit or treatment. The duration depends on the type of healthcare provider. If you use healthcare services again and your eGK is scanned as part of that process, the ePA extends the access period accordingly. Table 1 below lists the respective durations.

Using your health insurance provider’s ePA app, you can control the access duration for individual healthcare providers yourself. You can choose between access for at least one day up to an unlimited duration.

Table 1: Access Duration for Service Providers

6.3 Which service providers are permitted to access which data in the ePA?

The law provides detailed regulations regarding which service providers are permitted to access which data under the aforementioned conditions (pursuant to Section 352 of the German Social Code, Book V). We have summarized these regulations for you in Table 2 below. Please note that data regarding individual health risks that your health insurance provider uploads to the ePA cannot yet be shared with service providers via the ePA due to the current lack of legal regulations.

The table shows the maximum permissible access permissions for all ePA users. Granting permissions beyond these limits is not permitted and is technically prevented. By objecting or hiding documents and document categories, you can restrict permissions at any time and expand them again within the specified framework. You thus have precise control over which healthcare provider is allowed to access which data in the ePA. For more details, see sections 6.11 What can I do to prevent service providers from seeing certain documents in the ePA (hiding documents)? and 6.12 I no longer want a service provider to have access to my ePA. What can I do?

Example 1: The table shown indicates that, for example, physicians and staff at medical service provider facilities—without any further restrictions on their authorization assignments—can access all service provider data with write, read, and delete permissions.

Example 2: Pharmacists (as well as pharmacy staff) have—without further restrictions on their authorization—write access to the electronic medication plan, electronic vaccination records, and prescription data and dispensing information, meaning they can create and update this data in your ePA. Authorized pharmacists and pharmacy staff have read-only access to all other documents.

Example 3: Healthcare provider facilities, including staff, such as physical therapy practices, can view all data in the ePA with the appropriate permissions granted, with the exception of vaccination records. They can create, modify, and delete findings, diagnoses, performed and planned therapeutic measures, as well as treatment reports and other examination- and treatment-related medical information from their respective therapeutic area (e.g., physical therapy).

Important Note: Read-only access (i.e., a checkmark in the “Read” column) means that data can be downloaded from the ePA and transferred into the treatment documentation of the respective healthcare provider. Even if authorization is revoked, data that healthcare providers have transferred into their treatment documentation remains available to the formerly authorized healthcare provider facility. The reason for this is that, by transferring the data from the ePA, they downloaded it and created their own copy of the data. This is legally required, as service providers must fully document their treatment in accordance with Section 630f of the German Civil Code (BGB).

6.4 What data must the contracted medical providers and hospitals involved in my treatment upload to the ePA?

The obligation for contracted medical providers and hospitals to store certain data in the ePA is regulated by law.

Under Sections 347 and 348 of the German Social Code, Book V (SGB V), contracted medical service providers and hospitals are legally obligated to store the following data in the ePA—even without your explicit request—provided that this data is collected and electronically processed as part of your current treatment and you have not explicitly objected to its storage:

• Data to support medical use cases
• Data on laboratory findings
• Reports of findings from diagnostic imaging
• Findings from invasive and non-invasive, surgical or conservative procedures
• Electronic physician’s notes or electronic discharge summaries from hospitals

If the above-mentioned data was collected and electronically processed by healthcare providers during prior treatment, it may be uploaded to the ePA in accordance with Section 348 of the German Social Code, Book V (SGB V), if they deem it necessary for your care. Healthcare providers are required to inform you about which data is stored in the ePA.

6.5 What data must other healthcare providers involved in my treatment upload?

Other healthcare providers involved in your treatment, such as pharmacies, physical therapy practices, or nursing facilities, may also store data related to your treatment in your ePA.

Unlike contracted physicians and hospitals, however, these other healthcare providers are not necessarily connected to the telematics infrastructure (TI). Without a TI connection, they cannot access your ePA and are not required to store data in your ePA.

Other healthcare providers may store the following data in the ePA—provided that this data is collected as part of your current treatment, processed in a machine-readable format, and you have not expressly objected to its storage:

• Data to support medical use cases
• Data on laboratory findings
• Findings reports from diagnostic imaging
• Findings from invasive and non-invasive, surgical or conservative procedures
• Electronic physician’s notes or electronic discharge summaries from hospitals

Storing the above-mentioned data in the ePA is technically possible only if this is also permitted for the respective healthcare provider. For more details, see Section 6.3: Which healthcare providers are permitted to access which data in the ePA?

If the data listed above was collected and electronically processed as part of prior treatment, it may also be uploaded to the ePA if the respective healthcare provider deems it necessary for your care. In this case, you must be informed of this in advance.

6.6 What data do the healthcare providers involved in my treatment upload to the ePA at my request?

In addition to the data mentioned above, the healthcare provider must , at your request, store further data in the ePA in accordance with Sections 347–349 of the German Social Code, Book V (SGB V)—provided that this data is collected and processed in a machine-readable format as part of your current treatment. To do so, the healthcare providers require your explicit consent, which must then be recorded in the treatment documentation. In addition, the healthcare provider’s facility must be connected to the TI.

An overview of the data that can be entered into the ePA can be found in Section 4.2.1 Data from Service Providers

A prerequisite for storing this data is that the relevant healthcare provider facility is authorized to do so. For more information, see Section 6.3 Which healthcare providers are permitted to access which data in the ePA?

In addition, a medical provider facility or a hospital must, at your request, store electronic copies of your treatment documentation in the ePA in accordance with § 630g BGB.

6.7 Can I object to the storage of certain data by healthcare provider facilities?

You have the right to object to the transfer of specific information. If you object to the transfer, the data may not be stored in the ePA. The healthcare provider is obligated to document the objection. For more details, see Section 10: Options for Objection within the Electronic Patient Record (ePA)

If you have filed an objection to access to the ePA for certain healthcare providers, they cannot enter any data into the ePA, even if they are involved in your treatment. In this case, the data will continue to be managed separately at the facility as before.

6.8 What data do the occupational physicians involved in my treatment and the Public Health Service upload to the ePA?

Unlike all other healthcare providers, your explicit consent is required for company physicians and public health service providers to access the ePA. Technically, you grant access in the same way as at a doctor’s office or hospital: either using your health insurance provider’s ePA app or by presenting and scanning your eGK when visiting the relevant facility.

The occupational physicians involved in your treatment and the physicians of the public health service must store data to support the medical use cases of the ePA at your request if this data is collected as part of your current treatment and processed in a machine-readable format. Furthermore, no other legal provisions may preclude the transmission of this data. Further information on the medical use cases can be found in Section 7: The Medical Use Cases of the Electronic Patient Record (ePA)

The following data is included:

• Data on findings, diagnoses, completed and planned therapeutic measures, early detection examinations, treatment reports, and other examination- and treatment-related medical information
• Electronic dental bonus booklet
• Electronic health record for children
• Electronic prenatal record and data from midwifery care
• Electronic vaccination records
• Data on nursing care
• Electronic certificate of incapacity for work (eAU)

6.9 What are the rules for storing particularly sensitive data, such as data on mental health conditions?

Before healthcare providers upload data to the ePA that could lead to discrimination or stigmatization—such as data on mental health conditions, sexually transmitted diseases, or abortions—they must inform you of your right to object to the upload. If you subsequently declare your objection, the service provider must record this in their treatment documentation. The provider may then not transfer the relevant data to the ePA. To learn how you can exercise your right to object, see Section 10: Options for Objection within the Electronic Patient Record (ePA)

If healthcare providers intend to enter data from genetic tests as defined by the Genetic Diagnostics Act into the ePA, your express consent in written or electronic form is required beforehand.

6.10 Who is responsible for updating my electronic medication plan and my emergency data (or patient summary)?

If your electronic medication plan, your patient summary, or your emergency-related data stored on the eGK changes and you maintain this data in the ePA, you are entitled to have the data updated, provided that these changes occur in the context of current treatment. At your request, the healthcare providers who made the changes to the data are obligated to store them in the ePA.

As long as this data is still on the eGK, the right applies to both the data in the ePA and the data on the eGK.

However, if you object to the storage of the data in the ePA, the healthcare providers must delete the relevant data from the eGK. This is intended to minimize health risks arising from outdated data on the eGK.

Good to know: The use of the paper-based (nationally standardized) medication plan is still possible without the ePA, as before.

6.11 What can I do to prevent healthcare providers from viewing certain documents in the ePA (hiding documents)?

If you do not want healthcare providers to be able to view particularly sensitive documents, you can completely hide these documents from all healthcare provider facilities. You can hide a single document or entire categories of documents.

If you completely hide documents, only you and your representatives will have access to these documents, but not healthcare providers or healthcare provider facilities.

Individual documents stored as part of medical use cases of the ePA may not be concealable under certain circumstances. This is particularly the case if the data in its entirety is relevant to your medical care. You can find relevant information on this in Section 7: The Medical Use Cases of the Electronic Patient Record (ePA)

Information on the potential impact of unavailable information on the benefits of the ePA can be found in Section 3: The Benefits of the Electronic Patient Record (ePA)

6.12 I no longer want a healthcare provider to have access to my ePA. What can I do?

You can object to a healthcare provider’s access to your ePA directly on-site at the facility or using the ePA app. If you do not use the ePA app, you can also file your objection with your health insurance provider’s ombudsman office. The ombudsman offices are required to technically enforce your objection. Once an objection has been filed, the healthcare provider is technically blocked from accessing your ePA. If you object to access directly on-site without using the ePA app or the ombudsman office, this will not be technically implemented in the ePA and may only apply to the specific visit to the healthcare provider.

Of course, you can revoke an objection at any time if you wish to grant a healthcare provider access again at a later date. This can also be done either via the ePA app (e.g., directly with the healthcare provider) or through your health insurance provider’s ombudsman office.

Please note that an objection always completely excludes the healthcare provider from accessing your ePA. If you only wish to withhold certain information from all healthcare providers and are using your health insurance provider’s ePA app, you can selectively hide individual data. For more information, see Section 6.11: What can I do to prevent healthcare providers from seeing certain documents in the ePA (Hiding Documents)?

You can either revoke access to the ePA for public health service providers—such as doctors at public health departments or occupational physicians—using the ePA app yourself, or file an objection with the Ombudsman’s Office.

7 Medical Use Cases of the Electronic Patient Record (ePA)

7.1 What are medical use cases as defined by the ePA?

A medical use case is a legally defined process designed to support medical care (pursuant to Section 342(2a–c) of the German Social Code, Book V), which runs automatically and is supported by the ePA. To this end, the ePA automatically retrieves data from other applications within the telematics infrastructure, e.g., from the e-prescription. In this way, the healthcare providers involved in your treatment have immediate access to information that has already been collected by other parties as part of your healthcare.

7.2 What medical use cases are already available?

You can use the electronic medication list to support your treatment. The electronic medication list automatically contains all medications prescribed via e-prescription and dispensed to you based on those prescriptions. With this information, you and your healthcare providers have a quick overview of your medications.

In the future, the digital medication process will be available to you. You can find the currently planned launch date in Section 13, “Next Steps in the Further Development of the Electronic Patient Record (ePA) and Future Possibilities.” The digital medication process will be based on the data from the electronic medication list and will expand this to include data for verifying the safety of your medication therapy (such as your body weight or information on your kidney function) as well as support for healthcare providers in creating your electronic medication plan directly from the ePA. The digital medication process contributes to your health, for example, by helping to prevent adverse drug interactions. Your health insurance provider will provide you with timely, updated information on all use cases of the ePA.

7.3 What other medical use cases will the ePA support in the future?

The legislature plans to expand the ePA’s support for additional medical use cases. Details regarding the introduction, scope, and use of future applications are still being finalized by the Federal Ministry of Health. Your health insurance provider will inform you in a timely manner. You can find the planned rollout dates in Section 13, “Next Steps in the Further Development of the Electronic Patient Record (ePA) and Future Possibilities.”

7.4 Do I have to use the ePA’s medical use cases?

As with the ePA itself, the decision is yours: If you do not want data to be automatically made available in your ePA through a medical use case, you can object to the individual use case directly via your health insurance provider’s ePA app. You can revoke an objection at any time once it has been submitted.

For more information on objection options, see Section 10.2: What objection options are available in connection with the ePA and individual access permissions?

7.5 I do not want to use the ePA’s electronic medication list. What should I do?

If you do not want to use the ePA’s electronic medication list, you can object to it. There are two options:

• You object to the medical use case itself. In this case, the ePA will still receive a medication list containing information about all your prescribed and filled e-prescriptions; however, your healthcare providers will no longer be able to use this information. Only you can still view the complete medication list using the ePA app.
• You object to the entire data exchange between the e-prescription and the ePA. Any medication list that may already exist will then be deleted from the ePA. This data will remain irrevocably unavailable even after the digital medication process is introduced. In the event that you later withdraw your objection and wish to use the digital medication process, medication prescriptions and dispensing will only be recorded from that point forward.

You can revoke an objection at any time once it has been submitted. For more information on options for objection, see Section 10.2: What options for objection exist in connection with the ePA and individual access permissions?

7.6 Can I restrict access to the medication list for specific healthcare providers?

If you do not want a specific healthcare provider to have access to your medication list, you can hide it selectively using the ePA app. The healthcare provider will then not see the information stored in your electronic medication list. All other healthcare providers with access to your ePA will still be able to view the electronic medication list. The automatic transfer of prescribed medications and the transfer of filled e-prescriptions to your electronic medication list will also continue to take place.

If you wish to grant the healthcare provider access to the medication list again, you can undo the hiding at any time using the ePA app.

8 Support for using the electronic patient record (ePA)

8.1 Where can I get support for using the ePA?

On the one hand, your health insurance provider offers the so-called proxy function of the ePA. On the other hand, you can also contact your health insurance provider’s ombudsman office. Both options can be combined according to your needs.

8.2 What exactly is the ePA’s proxy function?

The law allows you to designate representatives to manage your ePA using the ePA app provided by your health insurance provider. The authorized representative and the person being represented do not need to be insured with the same health insurance provider.

You can also set up a representative relationship using the ePA app of the person who is to represent you. In this case, you do not need your own device or an ePA app, but you must authorize the representative to access your ePA, e.g., by using your eGK and PIN on the representative’s device. Please note, however, that an ePA app is required to revoke the power of attorney, which can be done at any time. Revocation of this authorization is not possible through the Ombudsman’s Office.

Your representative has nearly the same rights as you do. For example, they can file objections with authorized service providers (medical practices, hospitals, pharmacies, etc.) and view the documents stored in your file. However, your representatives cannot appoint further representatives and are also not authorized to close the file.

It is important that you entrust this responsible task only to people whom you trust completely and to whom you would, for example, also grant a power of attorney for healthcare. Unlike authorizations for healthcare providers, representative designations cannot be granted with a time limit from the outset and therefore do not expire. You must actively revoke your representative’s designation via your health insurance provider’s ePA app. If needed, your health insurance provider can explain the process for granting representative authorizations in greater detail.

8.3 How does my health insurance provider’s ombudsman office assist me in using the ePA?

The ombudsman’s office established by your health insurance provider advises you on all questions and issues regarding the use of the ePA. In particular, the ombudsman’s office informs you about the application process, the procedure for providing the ePA, and the objection process, as well as your other rights and entitlements in connection with the ePA and how it works.

In addition, the ombudsman’s office also supports you in the practical use of the ePA. It accepts objections to the medical use cases of the ePA and to access by individual authorized users and technically enforces these on your behalf. You can also withdraw any objections you have filed through the ombudsman’s office. Upon request, the Ombudsman’s Office can also provide you with the log data from your ePA. Furthermore, you may object to the Ombudsman’s Office regarding the use of data in your ePA for public interest purposes (see Section 12: The Use of Data from the Electronic Patient Record (ePA) for Public Interest Purposes).

8.4 What options does the Ombudsman’s Office offer me regarding access by healthcare providers?

The Ombudsman’s Office can enforce your objections to access by healthcare providers and handle their revocation. This way, even without the ePA app, you retain control over who is permitted to access your health data.

To prevent a healthcare provider from accessing your data, you can file an objection with your health insurance provider’s Ombudsman Office. You can also revoke access in the same way.

You can also use the revocation of access rights to withdraw existing access rights before the authorization expires, e.g., because you are ending treatment at a healthcare provider and wish to prevent that provider from continuing to access your ePA.

9 Changing Health Insurance Providers and the Electronic Patient Record (ePA)

9.1 Can I simply transfer data stored in the ePA when I switch health insurance providers?

The ePA is provided to you by your health insurance provider. If you switch health insurance providers, the data from the ePA will be transferred in encrypted form. The transfer of the ePA from your previous to your current health insurance provider occurs automatically without any action on your part. The granted permissions, objections, and designations of representatives are also transferred.

If you have objected to your previous health insurance provider sharing data regarding the services you have used, this objection does not automatically carry over. If you still do not wish for such data to be shared, you must submit a new objection to your new health insurance provider. However, if you decide to allow this data to be shared, you do not need to take any action when switching health insurance providers.

Please note that information from health insurance-specific applications within the ePA may not be automatically available to your new health insurance provider. If necessary, you should back up such data yourself to ensure it remains available after you switch health insurance providers. Your health insurance provider will provide you with further information regarding data transfer when switching health insurance providers.

If you use the proxy feature, your proxies will be automatically notified of any change in the operator when you switch health insurance providers. For more information on the proxy policy, see Section 8: Support for Using the Electronic Patient Record (ePA)

9.2 Do I have to object to the use of the ePA again if I switch health insurance providers?

What applies to the created record also applies to the objection to a record: Just like the record itself, the information that you have objected to the provision of the ePA is exchanged between the two health insurance providers involved. Your new health insurance provider will therefore not automatically set up an ePA for you if you have objected with your previous provider. If you wish to have an ePA with your new health insurance provider, you must withdraw your objection with your new health insurance provider. 5 Options for Objecting Within the Framework of the Electronic Patient Record (ePA)

10 Options for objecting to the electronic patient record (ePA)

10.1 I do not want an ePA created for me. What do I need to do?

As part of the introduction of the opt-out procedure for the ePA, the law provides for a 6-week objection period against the creation of the ePA after you have received the relevant information from your health insurance provider. The same procedure applies if you are contacting the statutory health insurance provider for the first time.

So, if you do not want an ePA, object to its creation by contacting your health insurance provider. You can obtain further information about the procedure from your health insurance provider.

10.2 What options for objection are available in connection with the ePA and individual access permissions?

Within the framework of the ePA, there are a variety of options for objecting that allow you to tailor its use to your needs. Table 3 below outlines the options for objection. You can revoke an objection at any time. The procedure used to file an objection may differ from the procedure for revocation. For example, you might have filed an objection directly via the ePA app but revoked it through your health insurance provider’s ombudsman office.

Using the ePA app, you have the option to explicitly object to access by individual healthcare providers. The objection can be submitted in the ePA app either before or after visiting the relevant healthcare provider. An objection always applies to the entire medical record. Once submitted, an objection can be withdrawn at any time via the ePA app. If you do not use the ePA app, the other procedures listed in the table are available to you.

Table 3: Options for objecting when using the ePA

10.3 Will I face disadvantages in my healthcare if I object to the ePA as a whole or to individual functions?

If you decide not to use the ePA or some of its features, this will not result in any disadvantages for your healthcare. Your healthcare will continue to be guaranteed through established procedures. However, you will then not have access to the benefits of the ePA mentioned above. For more information, see Section 3: The Benefits of the Electronic Patient Record (ePA)

10.4 What should I do if I no longer want the ePA?

You generally have the option at any time to completely close your ePA, i.e., to have it deleted. To do so, you must object to the use of the ePA with your health insurance provider. This objection to the use of the ePA must be communicated to your health insurance provider in an appropriate form. This can be done, for example, via the ePA app provided by your health insurance provider or in writing, such as by letter. Please contact your health insurance provider for the exact procedure.

Objecting to an existing ePA results in its deletion. This deletion affects all content in your file: all documents, granted permissions, and log entries. In this case, you are responsible for backing up the documents stored in your file. If you wish to keep certain documents even after closing your ePA, you must save them elsewhere.

If you use the ePA app provided by your health insurance provider to access the ePA, you also have the option to back up the log data on your own device. The app offers a feature for this purpose. In addition to backing up the documents, backing up the log data is also advisable from a data protection perspective so that you can later track who had access to your file. Your health insurance provider’s ombudsman’s office can also provide you with the logs in an appropriate format. You can find more details on this in Section 8.3: How does my health insurance provider’s ombudsman’s office support me in using the ePA?

Important to know: You must request or retrieve the logs before your objection to the use of the ePA takes effect.

10.5 I objected to the ePA, but now I want it after all. What should I do?

You can withdraw your objection to your health insurance provider at any time. You can do this, for example, via your health insurance provider’s ePA app or by submitting a written request. If needed, you can obtain further information about the procedure from your health insurance provider.

10.6 What happens to the ePA after my death?

Since the ePA is designed as a lifelong record, the legislature has also established regulations for the event of death. A health insurance provider must delete the ePA within 12 months of becoming aware of the death of an insured person, unless conflicting legitimate interests of third parties are asserted and proven.

11 Data Protection and Data Security

11.1 How secure is the ePA?

All ePA operators must undergo the gematik approval process with the ePA they have developed. gematik verifies the functionality and interoperability of the ePA based on the testing criteria it has published. Security is demonstrated in accordance with guidelines developed with the participation of the Federal Office for Information Security (BSI).

The data in your file is always stored in encrypted form. When you or a healthcare provider involved in your treatment accesses the ePA with authorization, the ePA transmits the data in encrypted form to the relevant computer systems, such as your doctor’s office. Data processing in the ePA takes place in a technical environment that has been security-tested to the highest standards and is trustworthy. Neither the operator nor the health insurance provider has access to your data.

11.2 How secure is my health insurance provider’s ePA app?

In addition to the ePA itself, all ePA apps must also undergo gematik’s approval process. gematik also tests the functionality and interoperability of the ePA app based on the testing criteria it has published. Security is verified according to specifications developed with the participation of the BSI.

The ePA app provided by your health insurance provider has therefore been security-tested to the highest standards. It can be installed on smartphones running Android or iOS operating systems and used on desktop computers and laptops with current, compatible operating systems such as Windows, macOS, and, where applicable, Linux.

You are personally responsible for the security of your application environment (smartphone, PC hardware, operating system) in which the application is installed. For more information, see Section 5.5 How do I handle my health data securely in the ePA?

11.3 What data does the health insurance provider exchange with the ePA operator?

To set up your ePA, the health insurance provider and the respective industry partner exchange administrative personal information. In addition, your health insurance provider or the ePA operator uses your health insurance ID number to check whether an ePA already exists for you. No exchange of personal health data takes place at this stage.

If you switch health insurance providers, the ePA operator of your previous provider will transfer your ePA in encrypted form to the ePA operator of your new provider. If you have objected to the use of an ePA, the two health insurance providers will also exchange information about the objection via the ePA operators when you switch providers.

11.4 What rights do I have vis-à-vis my health insurance provider regarding the data processing operations of the ePA and the ePA apps?

Your rights vis-à-vis the health insurance provider arise from the legal provisions of the General Data Protection Regulation (GDPR) as well as the social data protection regulations of the Social Code. Under this regulation, the health insurance provider is the “controller.” As an insured person, you may assert the “rights of the data subject” under the GDPR against your health insurance provider. This includes, in particular, the obligation of health insurance providers to inform insured persons about the collection of personal data (Art. 13 GDPR in conjunction with § 82 SGB X and Art. 14 GDPR in conjunction with § 82a SGB X). Furthermore, insured persons have the following rights:

• the right to obtain information as to whether, and if so, for what purpose, certain personal data is being processed by the health insurance provider or its contractors (Art. 15 GDPR in conjunction with § 83 SGB X)
• the right to rectification of inaccurate personal data (Art. 16 GDPR in conjunction with § 84 SGB X)
• the right to erasure of personal data (Art. 17 GDPR in conjunction with § 84 SGB X)
• the right to restriction of processing (Art. 18 GDPR in conjunction with § 84 SGB X)
• the right to data portability (Art. 20 GDPR)
• the right to object (Art. 21 GDPR in conjunction with § 84 SGB X)

It should be noted that the legislature has excluded these rights if their exercise cannot be guaranteed by the health insurance provider—as the data controller—or can only be guaranteed by circumventing protective mechanisms, such as encryption or anonymization in particular. This restriction applies to data stored in encrypted form in the ePA, as the health insurance provider, as the data controller, has no technical access to this data. Accordingly, the health insurance provider cannot comply with requests for information or correction from insured individuals regarding data stored in the ePA (e.g., regarding doctor’s notes). An exception is data on services utilized, which your health insurance provider makes available to you in the ePA. Since this data is imported into your ePA from your health insurance provider’s billing records, you have the option to have this data corrected by the health insurance provider. To do so, you need confirmation of the correct diagnosis from the respective service providers. Your health insurance provider will inform you about the specific procedure.

For data that is not encrypted, such as log data, however, the rights mentioned above are not excluded.

11.5 What rights do I have if ePA data needs to be corrected?

The health insurance provider provides you with an ePA app to independently exercise your rights under the GDPR. However, you cannot use the ePA app to correct data provided by your healthcare providers. If corrections to this data are necessary, please contact the respective healthcare providers treating you.

You are entitled to retrieve data from the ePA, store it in the ePA, and delete it. You have the right to restrict access to data in the ePA or to lift such restrictions, as well as to grant or revoke permissions. In addition, you may object to access to data in the ePA or must give your consent for the storage of particularly sensitive data (such as genomic data). Furthermore, you may, for example, process the following data independently, i.e., modify and save it in your ePA:

• Health data that you have uploaded to the ePA yourself
• In the future: Data regarding insured persons’ declarations regarding the existence and location of:
• Declarations regarding organ and tissue donation
• Powers of attorney for healthcare or advance healthcare directives

11.6 Are all registration procedures for using the ePA secure?

There are generally the following registration procedures for the ePA:

• Registration with the Health ID
• Registration with the electronic health card (eGK)
• Login using the eID function of the ID card, residence permit, or eID card for EU citizens

Using the Health ID allows for different levels of security during authentication. With the eGK and PIN, you achieve the highest possible level of security—just as you would, for example, with an ID card, residence permit, or eID card for EU citizens. Alternatively, you can also log in without a card and PIN. While the security level of this login is lower than that achievable with a card and PIN, it still ensures an appropriately high level of protection.

The law also provides for the option, in individual cases and after receiving comprehensive information from your health insurance provider regarding the specifics of the process, to express your preference to use a more convenient login procedure with a potentially lower security level. If you are considering this, please take note of the following information now. The health data stored in the ePA generally requires a high level of protection, as the damage resulting from loss or misuse cannot be quantified in material terms. The Federal Commissioner for Data Protection and Freedom of Information (BfDI) recommends avoiding a reduction in the security level whenever possible.

Your health insurance provider will provide you with comprehensive information about the available options, the potential risks, and ways to avoid them.

12 Use of Electronic Patient Record (ePA) Data for Public Interest Purposes

12.1 How is the use regulated by law?

The further use of ePA data, particularly for research purposes, is expected to be possible as of the date specified in Section 13, “Next Steps in the Further Development of the Electronic Patient Record (ePA) and Future Possibilities.” The legal and technical framework is currently being developed by the Federal Ministry of Health and gematik. The following information is therefore based exclusively on the legal provisions pursuant to Section 363 of the Social Code, Book V (SGB V).

12.2 What does “use of ePA data for public interest purposes” mean?

The ePA data of as many people in Germany as possible can provide important insights for the future design of health and long-term care services. The provision of data from your ePA for public interest purposes is voluntary. By doing so, you can, for example, support health services research and contribute to improving the safety and quality of care, prevention, and long-term care. The law defines which purposes are considered to be in the public interest and who is permitted to use the data. On this basis, the Research Data Center at the Federal Institute for Drugs and Medical Devices (BfArM) monitors the further use of the data.

12.3 How is my personal data protected?

Data from the ePA is always made available in pseudonymized form for use for public interest purposes. This means that the data does not allow any identification of you as an individual. All personally identifiable data, such as name, address, and health insurance number, are removed and replaced with a pseudonym. This pseudonym is used in subsequent data transfers in place of your personally identifiable data. Pseudonymization is performed automatically. The transfer of data to the Research Data Center at the BfArM is documented in your ePA.

7.4 What do I need to do to make my ePA data available for public interest purposes?

The legislature has stipulated that ePA data is expected to be automatically used for public interest purposes starting from the date specified in Section 13, “Next Steps in the Further Development of the Electronic Patient Record (ePA) and Future Possibilities,” provided you have not objected to such use. If you wish for your ePA data to be used for public interest purposes, you do not need to take any action.

To learn how you can object, in whole or in part, to the sharing of your ePA data for public interest purposes, see Section 12.7 How can I object to the use of my data for public interest purposes?

12.5 How is data provided and used?

To make the data stored in your ePA available for public interest purposes, the ePA automatically determines which data is suitable. Currently, in accordance with gematik’s specifications, this includes data from the medical use case “digital medication process.”

In the next step, all personal information is replaced with a pseudonym. For more information, see section 12.3: How is my personal data protected?

The ePA transmits the delivery pseudonym and a work number to the trust center at the Robert Koch Institute (RKI). For more information, see section 12.6: Which entities are involved in the use of ePA data for public interest purposes?

In addition, the ePA encrypts the pseudonymized data and the work number for the Research Data Center and transmits them there. For documentation purposes, the ePA records that data were transmitted for public interest purposes.

The Trusted Party generates a so-called cross-period pseudonym from the work number and the delivery pseudonym and sends both to the Research Data Center. Using these two identifiers, the Research Data Center can consolidate everything into a single dataset without it being directly traceable to you personally. In the event of an objection to the use of the data for research purposes, your data can also be deleted by the Research Data Center in this manner.

Authorized users submit an application to the Research Data Center for data use within the scope of a research project. The Research Data Center decides whether the data use is permissible based on the criteria prescribed by law. A project must, for example, serve specific purposes (see Section 12.7: How can I object to the use of data for public interest purposes?). If the Research Data Center approves the application, it grants the relevant project access to the data. Sensitive health data is not disclosed in this process but can only be used within the secure processing environment of the Research Data Center. Only aggregated and anonymized data are released (i.e., data from which a specific individual can no longer be identified, or can only be identified with a disproportionately large expenditure of time, cost, and labor).

12.6 Which entities are involved in the use of ePA data for public interest purposes?

Your health insurance provider, as the ePA provider, is the data controller under data protection law in connection with the ePA.

The Robert Koch Institute (RKI) operates the trust center pursuant to Section 303c of the German Social Code, Book V (SGB V) and is the responsible body with regard to the compatibility of pseudonyms.

The Federal Institute for Drugs and Medical Devices (BfArM) operates the research data center pursuant to Section 303d of the German Social Code, Book V (SGB V) and receives the data provided by the ePA. The research data center makes the data available to those legally authorized to use it upon request. It must delete your pseudonymized data after 100 years or in the event of your objection.

12.7 How can I object to the use of my data for public interest purposes?

If you do not wish to make your data stored in the ePA available for public interest purposes, you may object to its use. The objection may apply to continued use in general or only to the use of your data for specific purposes. You may exercise your right to object via your health insurance provider’s ePA app or through the Ombudsman’s Office.

The option to object via the Ombudsman’s Office is already available to you today. The option to object directly via the ePA app is expected to be available starting on the date specified in Section 13, “Next Steps in the Further Development of the Electronic Patient Record (ePA) and Future Possibilities.”

If you wish to make your ePA data available exclusively for projects with specific purposes, you have the option to exercise your right to object accordingly. The legislature distinguishes between the following purposes (pursuant to Section 303e(2) of the German Social Code, Book V (SGB V)):

• Performance of management tasks by the collective bargaining partners
• Improvement of the quality of care as well as improvement of safety standards in prevention, treatment, and nursing
• Planning of service resources, e.g., hospital planning or recommendations for nursing care structure planning pursuant to Section 8a(4) of Book XI of the Social Code
• Scientific research on issues in the fields of health and care, analyses of healthcare provision, and basic research in the life sciences
• Support for political decision-making processes regarding the further development of statutory health and long-term care insurance
• Analyses of the effectiveness of cross-sectoral care models and of individual contracts between health and long-term care insurance funds
• Performance of health reporting tasks, other federal reporting obligations under SGB V or SGB XI, and official statistics, as well as reporting obligations of the federal states
• Performance of statutory tasks in the areas of public health and epidemiology
• Development, further development, and monitoring of the safety of pharmaceuticals, medical devices, diagnostic and treatment methods, aids and remedies, digital health and long-term care applications, and artificial intelligence systems in the healthcare sector, including the training, validation, and testing of these systems
• Benefit assessment of drugs, medical devices, diagnostic and treatment methods, aids and remedies, as well as digital health and care applications; negotiation of reimbursement amounts or determination of maximum amounts and thresholds pursuant to Section 134 of SGB V; and agreement or determination of reimbursement amounts for drugs pursuant to Section 130b of SGB V

Any objection raised is documented in the ePA with the date and time.

Important to know: If you object to the use of your ePA data for public interest purposes with your health insurance provider before the planned implementation date and subsequently switch health insurance providers, you must submit a new objection to your new health insurance provider. Health insurance providers cannot yet share your objection with one another during the specified period.

12.8 What happens to my data stored at the Research Data Center if I object?

In the event of an objection on your part, the data that has already been transmitted to the Research Data Center will be deleted there. The deletion process follows the same procedure as data transmission and linking, as described in Section 12.5 How is data provided and used?

If you object to the use of your data for specific purposes, that data may no longer be used for those purposes. However, the data will remain stored at the Research Data Center for use in other purposes to which you have not objected.

Data transmitted prior to the objection and already used for specific research projects may continue to be processed for these research projects. Your rights as a data subject under Articles 17, 18, and 21 of the EU General Data Protection Regulation (Regulation (EU) 2016/679) are excluded in this respect for these research projects. Once the specific projects have been completed, the data will be deleted from the Research Data Center.

12.9 When will the use of ePA data for public interest purposes be introduced?

At the earliest six weeks after the option to object to the use of ePA data for public interest purposes has been made available via the ePA app, your health insurance providers may provide the Research Data Center with such data for the first time.

13 Next Steps in the Further Development of the Electronic Patient Record (ePA) and Future Possibilities

13.1 What are the next steps in the further development of the ePA?

This section outlines the measures currently scheduled for the further development of the ePA in healthcare, along with the planned implementation dates.

13.2 What else is legally required for the ePA?

The ePA capabilities listed below are provided for by law. However, unlike the functions described in the previous section, no implementation date has yet been set for these.

The legislature also plans to include additional medical use cases in the ePA, such as

• the inclusion of emergency-related information in a patient summary file within the ePA, or
• the storage of laboratory findings and laboratory data in a structured format.

In the future, your ePA will also be able to transfer data to the digital health applications (DiGA) you use, with your consent. This will allow you to use certain data from the ePA directly in the DiGA.

In addition, there are plans for healthcare providers in other EU countries to use the ePA, for example, if you are staying there during a vacation. In such cases, the electronic summary patient record is used, which provides a quick overview of your important emergency data.

Another key aspect of the ePA’s evolution into a digital health platform is the gradual conversion of document-based data into electronically processable data records. This will be carried out in accordance with the guidelines of the Federal Ministry of Health. In this context, the legislature also plans further refinements regarding the control of access rights to the ePA through appropriate opt-out options at the level of individual data records.

As of November 20, 2025, Version 2.0