The electronic patient record (ePA) has become mandatory for everyone covered by Germany’s statutory health insurance as of Wednesday, unless they explicitly opt out of its use during doctor visits. Physicians and medical facilities must store all health data of their patients in the ePA so that it is available for future treatments. Yet, in the view of Deutsche Aidshilfe, this change does not come without drawbacks. The organization is calling for improvements.
“The ePA is designed in a way that increases the risk for people with HIV and AIDS to become victims of discrimination in the healthcare system,” the DAH said in connection with the nationwide rollout of the patient record. It pointed to its study “positive stimmen 2.0” from 2021 (TheColu.mn reported). More than half of the respondents living with HIV (56 percent) reported discriminatory experiences within the German healthcare system in the last twelve months due to their HIV infection. These issues included problems such as denial of appointment bookings, refusal of treatments, or an insensitive handling of the patients’ right to protection from disclosure of their HIV status. “Given these incidents, reliable data protection frameworks for health data processing are indispensable for people living with HIV,” the DAH stated.
“Especially vulnerable groups, who already face structural disadvantages, could be pushed further to the margins by the ePA,” health expert Marie-Claire Koch explained. She recommends that those affected thoroughly inform themselves about the ePA’s functions before deciding to use it.
The AIDS-Hilfe Hessen is pressing policymakers to ensure that patients’ rights are comprehensively protected in relation to the ePA. It must be guaranteed that using the ePA remains voluntary and that patients retain full control over the processing of their health data. Of particular importance to the association is that the technical and organizational frameworks are designed so that the use of the ePA is not discriminatory and does not pressure patients to disclose sensitive information.
DAH board member Sven Warminsky emphasized: “A strong ePA could benefit many people. But this requires handling and security that work, and tangible advantages that are felt. That only happens with further development that includes patients from the start, involves them, and informs them. Most importantly, we urgently need broad and clear information for everyone — immediately!”
How does the ePA work in clinics?
Here’s how it functions: When you insert your insured card at the clinic’s front desk, doctors gain access rights to read and update the ePA for a standard period of 90 days. This window can be shortened or extended via a accompanying app. If you don’t want to operate the smartphone app yourself, you can authorize a relative to handle it.
From the outset, the ePA includes a list of medications that is automatically generated from the now-standard electronic prescriptions. More contents will be added gradually, with the next step being a medication plan that includes dosage information. In general, doctors should upload key treatment data into the e-record. The benefit: by bundling all health data, access to a complete medical history is easier, collaboration among medical professionals is improved, and repetitive tests are avoided. All of this should lead to safer and more individualized treatment.
The ePA is voluntary
Important: The ePA is voluntary for patients. If you do not want something included, you must actively opt out. In the consultation, you can decide that a finding should not be entered. In the app, you can set preferences. Consumer protection agencies argue that the app does not allow detailed control over who sees what. “It is not necessary for the dentist’s office to know about psychotherapy,” said expert Lucas Auer. Also, billing data that insurers can enter retroactively for up to ten years could inadvertently reveal sensitive diagnoses.
So far, relatively few people use the app: With 45 million ePAs created at Techniker Krankenkasse, Allgemeine Ortskrankenkassen (AOK), and Barmer, only 1.37 million are active.
Officials say the data in the ePA are secure, according to the Ministry of Health. During the test phase, additional safeguards were put in place against potential mass access after the Chaos Computer Club pointed out gaps. The data are stored on servers within the country. Each access is logged with date and time. For the first login to the app, you need an electronic ID card with a PIN or the eHealth card with PIN, which the insurer issues upon request.
