Skip to the content
DeutschBecome a member
Become a member

General Terms of Use of ZF BKK for the use of the electronic patient file (ePA)

1 Provider

ZF BKK, Otto-Lilienthal-Straße 10, 88046 Friedrichshafen, telephone number: 07541 3908-0, e-mail address: leistung@zfbkk.de, hereinafter referred to as the "health insurer", offers its insured persons, hereinafter referred to as "users", the use of an electronic patient file ("ePA") managed by insured persons and approved by the Gesellschaft für Telematik in accordance with Section 342 (1) sentence 2 SGB V as a core element of digital medical applications in several expansion stages from January 15, 2025.

The electronic patient file will only be made available after the insured persons have been informed about the "ePA for all" and have not objected to it. The ePA is intended to provide insured persons on request with accessible electronic information, in particular on findings (e.g. electronic doctor's letters), diagnoses (e.g. electronic emergency data), therapy measures carried out and planned (e.g. the electronic medication plan) and treatment reports, for use across institutions, disciplines and sectors for healthcare purposes, in particular for the targeted support of anamnesis and findings as well as own health data.

These General Terms of Use ("Terms of Use") constitute the legal framework for the registration and use of the ePA by the insured persons of the health insurance fund (hereinafter referred to as "Users"). They apply between the health insurance fund and the users.

Further detailed information

  • on how the ePA works,
  • the options for transferring documents to the ePA by the health insurance fund,
  • the options for transferring treatment data to the EPR by service providers (e.g. doctors and pharmacies),
  • the access of service providers to data in the ePA,
  • technical access authorization for data processing by service providers,
  • additional applications and how they work, including data processing, storage location and access rights,
  • the secure use of components that enable insured persons to access the ePA via a user interface on suitable end devices, and
  • the possibility and requirements for releasing pseudonymized data from the ePA

can be found in the information material from the National Association of Statutory Health Insurance Funds, which is integrated into the ePA privacy policy. We will be happy to send you the comprehensive document on request.

2 Subject of the terms of use

The subject of these terms of use is the provision of the ePA in the legally prescribed form by the respective responsible health insurance fund to its insured persons. The ePA enables users to securely store, transmit and manage their health data (e.g. findings, laboratory reports, doctor's letters, etc. and - if offered by ZF BKK - additional applications).

3 Provision, modification and discontinuation of the ePA

3.1 The ePA is made available to the user of the health insurance fund free of charge.

3.2 Access to the EPC is via the Internet. The user is responsible for providing Internet access and the hardware required to access the EPC.

The user must provide the necessary technical requirements for using the ePA. The user must ensure that their smartphone, desktop PC or laptop and the associated operating system have not been manipulated or maliciously modified (no rooting or jailbreaking) and that the user has been successfully identified before using the ePA.

3.3 The necessary technical requirements for using the ePA are contained in this linked document: www.zfbkk.de/service/epa. Beyond the legally prescribed functions, the user is not entitled to the provision of the ePA in a specific form, in a specific configuration or with specific functionalities. The health insurance fund reserves the right, at its reasonable discretion and taking into account the interests of the user, to change individual functionalities or services of the ePA that are not prescribed by law, in particular to extend or restrict functions or services or to terminate them in whole or in part. The user will be informed in good time before any termination of functions or services and will be given the opportunity to export the data stored by him/her from the ePA.

3.4 The ePA and/or individual applications may be temporarily unusable or only usable to a limited extent due to technical faults. The user has no claim against the health insurer that the ePA and/or the content and applications offered will be available at all times or at certain times. The health insurance fund is not obliged to guarantee uninterrupted and error-free access to the ePA or certain content and applications at all times.

4 Registration, activation and access to the ePA

4.1 The patient file for all (ePA for all) is created for each insured person, unless they have objected to this. It is not necessary for the insured person to actively apply for an ePA. This file can be used online (by using the ePA app) or offline (by inserting the electronic health card (eGK) at the treating service provider).

4.2 The registration process in the ePA app involves several steps. To successfully complete the registration process, a valid insurance relationship with the health insurance fund must exist and an electronic patient file must have been created.

4.3 Registration to use the ePA as an application (app) on an end device (e.g. smartphone or desktop PC) is carried out in German.
The user must register in order to set up and use the ePA app.
As part of the registration process, the user is asked to enter the correct and complete information about their identity.

At the beginning of the registration process, the user is given the opportunity to read these terms of use and the ePA privacy policy with further information on the ePA. The user can view or download and save the documents via the links provided. The user must accept the terms of use and confirm that they have read the ePA privacy policy.

4.4 Registration of the device is required to use the ePA app. This ensures that only the insured person themselves or their representative can access the sensitive data in the ePA. The end device is registered with the file system. The insured person then identifies themselves using their HealthID. Identification by HealthID is possible, for example, by using a combination of the electronic health card with PIN (eGK + PIN) or the ID card with online ID function with PIN (eID + PIN). If a smartphone is used, it must support NFC functionality so that identification is possible using an online procedure based on a smart card. A card reader of security class 2 or 3 is required to log in to the desktop app.

4.5 The activation of the ePA is displayed to the user electronically in the ePA. When the health insurance company confirms the activation of the ePA, the user contract between the user and the health insurance company is concluded on the basis of these terms of use. The user will be provided with confirmation of the content of the contract and the essential information (parties to the contract, contract date) relating to the contract of use, including a copy of the terms of use, so that the user can save these separately.

4.6 By completing the registration process, the user has completed all activities necessary to obtain authentication. The ePA can then be set up.

4.7 The user is entitled to cancel the registration process at any time, go back one step in the process, pause the process and resume it later.

4.8 The ePA app and the associated information and usage documents are designed in such a way that they meet the requirements for digital accessibility in accordance with the Barrier-free Information Technology Ordinance (BITV 2.0). The aim is to provide all insured persons - regardless of physical or cognitive limitations - with equal access to the electronic patient file. If insured persons have any questions or need support regarding barrier-free use, they can contact the health insurance fund's ombudsman's office.

5 Rights and obligations of the user

5.1 The ePA is an electronic file managed by the insured person. Use of the electronic health record is voluntary for all users. The user can object to some or all of the ePA functions at any time.

5.2 The user must provide the health insurance fund with complete information for the proper execution of the contractual relationship and keep the data up to date until the termination of this user contract. The user may only store and manage information in the ePA that is correct to the best of the user's knowledge.

5.3 The user may only use the ePA for the intended purpose and to the agreed extent. Any other use, in particular the misuse of the ePA functions, is prohibited. However, the user may allow third parties to access his/her data stored in the ePA via the functions of the ePA, insofar as this is expressly permitted in the ePA. The ePA may not be used to store and manage the health data of third parties.

5.4 The user must keep his access data, with which he gains access to the ePA, secret from third parties. The user is responsible for every access to the ePA with his/her access data. The user account may not be passed on to third parties for access to the ePA.

5.5 It is prohibited to use the ePA for unlawful, obscene, offensive or fraudulent activities, such as causing or facilitating damage, compromising the integrity or security of systems or networks, bypassing filters, sending unwanted, misleading or abusive messages, distributing harmful software, viruses or infringing the rights of third parties.

5.6 The user is responsible for the legality of the content stored in the ePA. With the ePA, the health insurance fund merely provides the technical and organizational platform for the user. The health insurance fund has no knowledge of the content that the user has stored in the ePA and does not assume any monitoring or control tasks with regard to the content. From the point of view of the health insurance fund, this is therefore third-party content. The user may not store or have stored in the ePA any content that

a) constitutes a breach of legal obligations or prohibitions or official orders, or is otherwise illegal or inadmissible;

b) denigrate, insult or discriminate against others;

c) glorify violence, are obscene or pornographic;

d) is in breach of copyright or infringes the rights of third parties; in particular, it must not infringe any industrial or intellectual property rights or personal rights;

e) contain malware, viruses or damaging data.

5.7 The health insurance fund is obliged to recognize access and access patterns that do not correspond to standard file usage and to implement appropriate measures to reduce and prevent damage.
This means that health insurance funds, as providers of the ePA, are entitled to influence the use of the ePA at their reasonable discretion and taking into account the interests of the user if the user exceeds the limits of permissible use of the ePA by violating these terms of use or applicable law and the health insurance fund has previously requested the user to remedy or cease the violation within a reasonable period of time. The health insurance fund may also delete the user's ePA if it has reasonable indications that the user is using the ePA in a manner that violates the law with regard to the data to be deleted.

5.8 Requirements in the event of the death of a user

The ePA should accompany its users as a lifelong file. In the event of death, however, the file must be deleted in accordance with the following provisions:

Pursuant to Section 344 (6) SGB V, the health insurance fund must delete an insured person's electronic patient file twelve months after becoming aware of their death, unless opposing legitimate interests are asserted and proven by third parties during this period.

The user can ensure during their lifetime that authorized representatives or heirs can gain access to the encrypted data after their death. The user can do this either by granting a power of attorney, e.g. through the "Representative regulation" in the ePA app, or by depositing the PIN for the eHC with the will.

5.9 Use of the ePA by young people and legal representatives

Insured persons over the age of 15 can decide independently on the use of their electronic patient file (ePA) in accordance with Section 341 Para. 2 SGB V. The prerequisite for this is that they have the necessary capacity to consent. The registration and use of the ePA by young people is subject to the same technical and legal conditions as for adult users.

For insured persons under the age of 15 or young people who do not have the capacity to consent, the ePA is managed by their legal representatives (e.g. parents or guardians). These can be entered as authorized persons in the ePA app as part of the so-called representative regulation and thus receive access to the ePA of the underage insured person.

The legal representatives are obliged to use the ePA in the best interests of the underage insured person and to protect their rights to data protection and informational self-determination. As soon as the insured person reaches the age of 15 and is capable of understanding, they can take over the administration of their ePA themselves and revoke or adjust the previously established representation.

6 Rights of use

6.1 The rights of use under copyright law belong exclusively to the health insurance fund. The health insurance fund grants the user a non-exclusive, non-transferable, non-sublicensable, revocable right, limited to the term of this user agreement, to use the ePA for private, non-commercial purposes for the storage, transmission and management of his/her own health data.

6.2 The user may only use the ePA to the extent to which he is authorized by the user agreement and for which the ePA is intended. Any use beyond this is prohibited.

6.3 It is prohibited to retranslate, disassemble, reproduce, modify, make publicly accessible or distribute the software of the EPA. An exception to this is partial decompilation for the purpose of creating interoperability of an independently created computer program with the software of the EPA or with other computer programs under the restrictions specified in Section 69e of the German Copyright Act. However, the user is obliged to ask the health insurance fund for the necessary information beforehand. Only if the health insurance fund does not provide the user with the necessary information within a reasonable period of time may the user proceed in accordance with sentence 2 above.

7 Data protection and data import into the ePA

7.1 The health insurance fund shall ensure that the user's data is protected and secure when the ePA is made available. During the entire period of use, the user remains the master of the personal data transported into the ePA by him or, for example, by his doctors. The user alone decides which data is stored in the ePA, who may access the data stored in the ePA and which data is deleted. Details on the processing of personal data by the health insurance fund, on the options for independently storing and deleting data in the ePA and on the rights of the user vis-à-vis the health insurance fund as the controller are set out in the privacy policy for the ePA.

7.2 Access to the contents of the ePA is only possible for authorized persons and institutions. These include the insured persons themselves or service providers (e.g. doctors) who are in a treatment context with the insured persons. In addition, users of the ePA can authorize up to five representatives (e.g. spouses or (grand)children) to access the insured person's content in the ePA.

7.3 The health insurance fund does not have access to the data stored by the user in the ePA at any time.

7.4 The insured person determines the data flows in their patient file ("patient sovereignty"). Providers contribute to secure use through data protection and legally compliant default settings. In addition to the intended initial default setting that all information is visible in the care context, insured persons are free to hide and delete information at document level.

In addition, settings can be made using the ePA app, for example to extend or restrict the duration of the default access within the treatment context. Users can also restrict or completely prevent access to documents by selected service providers. Insured persons have the option of restricting the use of their personal health data at their own discretion. For offline use, such settings can be set up by the representative.

7.5 Log entries created for the purpose of data protection monitoring for the insured persons are stored for a period of three years. After this period, they are automatically deleted. The log data can be viewed by the insured persons or their authorized representatives using the ePA app. Insured persons without an ePA app can apply to their competent ombudsman's office to be provided with the log data.

7.6 All access to the data in the patient file is logged so that the insured person can see who has accessed which of their data and when.

8 Warranty

8.1 The health insurance fund guarantees the basic operability of the ePA. It shall rectify any errors in the EPC within a reasonable period of time and ensure that the use of the EPC does not conflict with the rights of third parties. The current version available to the user is subject to the warranty.

8.2 Warranty claims do not exist for minor defects.

8.3 The health insurer also fulfills its obligation to rectify defects by making updates available for download in the respective app store and offering the user support to solve any installation problems that may arise.

8.4 A functional impairment of the ePA resulting from hardware defects, environmental conditions, incorrect operation or similar is not a defect.

8.5 The user is obliged to notify the health insurer immediately of any defects in the ePA. The user shall support the health insurer in diagnosing and rectifying faults, in particular by specifically describing any problems that occur, providing the health insurer with comprehensive information and granting it the time and opportunity required to rectify the fault.

8.6 No guarantee is given for the correctness and completeness of the content of databases in stored form.

8.7 If the search for errors and causes of errors reveals that these are not due to a defect in the ePA, the ePA has been modified, used outside the specified environment or operated incorrectly, there is no defect.

8.8 Further warranty claims are excluded.

9 Liability

9.1 The health insurance fund is liable without limitation for intent, gross negligence and the absence of warranted characteristics.

9.2 The health insurance fund is only liable for slight negligence if an obligation is breached, the fulfillment of which is essential for the proper execution of the contract and the breach of which jeopardizes the achievement of the purpose of the contract and on the observance of which the user regularly relies. However, the health insurance fund is not liable for unforeseeable damage that is not typical for the contract.

9.3 Strict liability of the health insurance fund for errors already existing at the time of conclusion of the contract is expressly excluded.

9.4 The health insurance fund is not responsible for delays in performance in the event of force majeure, labor disputes, official measures, unforeseeable failure of means of transport or energy and other unavoidable events, even if these circumstances occur at an upstream supplier of the health insurance fund. The obligation to provide services does not apply if one of these events leads to an impossibility for which the health insurance fund is not responsible.

9.5 If data, files and information originate from third parties and are merely processed by the health insurance fund, no liability is assumed for their accuracy and completeness.

9.6 The above provisions also apply to claims under § 284 BGB for reimbursement of futile expenses.

9.7 In the event of data loss, the health insurance fund is only liable if the user has complied with the obligations imposed in these terms of use when handling the data stored in the ePA.

Liability for the restoration of the user's data is also limited to the costs necessary to restore the data if it is regularly backed up in the manner specified by the health insurance fund or can otherwise be reconstructed from machine-readable data material with reasonable effort.

9.8 Liability under the Product Liability Act and for damages arising from injury to life, limb or health, for fraudulently concealed defects or the assumption of a guarantee shall remain unaffected by these liability provisions.

9.9 Section 44a TKG (Telecommunications Act) remains unaffected.

9.10 There is no further liability on the part of the health insurance fund.

9.11 The above clauses also apply to claims for damages against legal representatives, executives or other vicarious agents of the health insurance fund.

10 Support

The health insurance fund offers users of the ePA a support service that answers general questions about the functions of the ePA during normal office hours, Monday to Friday from 7 a.m. to 6 p.m. (except on national holidays and December 24 and 31). The authorization to access the support is checked by the health insurance company at the beginning of the respective support request. The user is not entitled to an answer to questions within a certain period of time.

11 Objection, data export and data deletion

11.1 Objection to the ePA

The use of the ePA is voluntary. The user can revoke their consent to the use of the ePA at any time with effect for the future. Revocation leads to the complete and irrevocable deletion of the ePA. The data processing carried out until the revocation remains lawful. The revocation can be made by the insured person using their mobile ePA app. Since gematik has also provided an option to object in writing, it is possible for the health insurance fund to cancel an EPC on behalf of the insured person.

11.2 Deletion of the ePA
The user can object to their EPC at any time without giving reasons. They can notify their health insurer of their objection or via their ePA app. Their EPC will then be completely and irrevocably deleted.

If the objection is made to the health insurance fund, the health insurance fund may set a period of 42 days until which the irrevocable deletion is suspended in order to give the insured person the opportunity to download and save their documents.

11.3 The health insurance fund may terminate the contract of use

a) if the insurance relationship with the health insurance fund ends or

b) the amended terms of use pursuant to paragraph 12.2 are not accepted.

The health insurer shall inform the user of the termination and grant the user a period of 28 days after receipt of the notice of termination during which the user can export his data. After this period has expired, the EPA will be irrevocably deleted.

11.4 The right to extraordinary termination without notice for good cause remains unaffected.

12 Amendments to these terms of use

12.1 The health insurance fund is entitled to amend these terms of use at any time during the term of this user contract. The health insurer will inform the user of any amendments to these terms of use within the ePA app. As soon as the user accepts the amended terms of use, the amendments will take effect. These terms of use apply both to online access via the ePA app and to offline access outside the app.

12.2 The user can retrieve the currently valid version of the Terms of Use via the mobile ePA app (Profile -> Consents & Objections). If the user does not accept an amendment to the terms of use, the old terms of use shall remain in force. In this case, the health insurer is entitled to terminate the contract of use within a reasonable period of time.

12.3 The health insurance fund is also entitled to amend these terms of use without obtaining the user's consent,

a) insofar as the amendment of the Terms of Use only offers advantages for the user;

b) insofar as the amendment only relates to new functions, services or parts of services and the amendment does not affect the valid service and contractual relationship;

c) insofar as the amendment is necessary in order to implement applicable legal requirements (e.g. in the event of a change in the applicable legal situation) and the amendment only has an insignificant adverse effect on the user; or

d)insofar as the health insurance fund thereby complies with a binding official decision or a binding court judgment and the amendment has only insignificant adverse effects on the user. The health insurance fund will inform the user of any amendments in the ePA app.

13 Applicable law

13.1 These Terms of Use shall be governed by German law to the exclusion of the UN Convention on Contracts for the International Sale of Goods.

13.2 If the user is a consumer and has his habitual residence in a country other than the Federal Republic of Germany while using the ePA, mandatory legal provisions of this other country remain unaffected by the choice of law made in Section 12.1. A consumer within the meaning of this Section 12 is any natural person who concludes the contract of use for private use (i.e. the use is for the most part neither part of their commercial nor their independent professional activity).

14 Severability clause

In the event that individual provisions of these Terms of Use are invalid, the remaining provisions shall remain valid, unless adherence to the Terms of Use would be an unreasonable hardship for one of the contracting parties.

15 Information and advice

15.1 ZF BKK has set up an ombudsman's office. The user can contact this ombudsman's office with questions and concerns in connection with the ePA for the entire duration of ePA use. The ombudsman's office advises the user on all questions and problems relating to the use of the ePA. The ombudsman's office can set access restrictions for the insured person in the ePA, enforce objections on behalf of the insured person and provide the insured person with the log data from their ePA.

15.2 The user can contact the ombudsman's office by telephone at +49754139083909.

 

Status:02.07.2025, Version 2.4

Document for download