Understanding the Electronic Patient Record (EPA) System

Thu 10th Apr, 2025
The Federal Commissioner for Data Protection and Freedom of Information recently presented the 33rd activity report in Berlin, which includes a significant focus on health issues. Approximately 15 pages of the 160-page report are dedicated to discussing the Electronic Patient Record (EPA). The Commissioner emphasized the importance of informed decision-making regarding the use of the EPA, underlining that individuals should feel empowered to choose whether or not to utilize the system based on adequate information. This year marks the gradual implementation of the EPA, and the Commissioner has ensured that patients can express their objections through multiple communication channels. It was also noted that individuals retain the right to oppose the EPA at any time, as well as the option to reinstate it whenever they wish. While the Commissioner acknowledged having fewer intervention possibilities, she confirmed that there is ongoing communication with Gematik, the organization responsible for the electronic health systems. The Commissioner expressed gratitude to the Chaos Computer Club (CCC) for identifying security vulnerabilities within the EPA, stating that such discoveries are crucial for addressing potential issues and ensuring the system operates correctly. At present, the data protection authority has not identified any violations of data protection laws related to the EPA, although the CCC has raised concerns that Gematik may be overlooking these security gaps. The Commissioner stated that data protection regulations do not hinder research and development in the healthcare sector but instead establish necessary rules and frameworks. She advocates for a data protection approach that is accepted by citizens, promoting understanding and compliance. Furthermore, plans were announced to engage in dialogue with companies aiming to align with data protection standards. Insights gained from specific cases may be published in a documentation process, allowing others to benefit from adherence to data protection laws. According to the coalition agreement, there are proposals to rename the office of the Federal Data Protection Commissioner to the Federal Commissioner for Data Usage, Data Protection, and Freedom of Information.

More Quick Read Articles »