From electronic health records, through online video appointments, to health apps – personal data is always a concern. On the one hand, both patients and doctors benefit from the digitization of healthcare. On the other, many patients are concerned about the topic of data protection and wonder if their doctors are really able to keep their data safe.
At a glance
- Digitization affects all areas of medical care and data protection is a critical issue to consider in this context.
- Take electronic patient records (ePA in Germany), for example. In this case, the patient is the sole data owner and decides who can see which data and when.
- Health apps on prescription are approved medical devices: they are only approved if they can guarantee data protection.
- The telematics infrastructure (TI) enables a tamper-proof, ID-verified exchange of patient data.
- While 100% protection can never be guaranteed, patient data is protected to the best extent possible using targeted security measures.
Note: The information in this article cannot and should not replace a medical consultation and must not be used for self-diagnosis or treatment.
What is data protection?
In legal terms, data protection means, first and foremost, that personal data is protected from misuse and from being stored and processed without the owner’s permission. In a medical context, doctor-patient confidentiality also applies, which means that data protection must be particularly strictly implemented. In addition, it is essential for patients to be able to trust their doctors to keep their data confidential.
In the healthcare system, huge volumes of personal and health-related data are collected and managed every day. As healthcare becomes increasingly digitalized and its structures become increasingly interconnected (= telematics infrastructure), this sensitive data must be protected by means of suitable personal and institutional data protection measures.
Digitization in healthcare – underpinned by law
In Germany, the E-Health Act (2016) and the Digital Healthcare Act (DVG), which entered into force in 2019, regulate how digitization in healthcare is implemented. For example, the DVG states that specifically approved health apps can be prescribed by doctors and that the costs of these will be covered by health insurance schemes.
The telematics infrastructure (TI) allows pharmacists, clinics, family doctors, and specialist practices as well as care and rehabilitation institutions to be increasingly networked. As a result, they can exchange all data required for the medical care of patients via digital channels that are particularly short and fast. However, patients must first agree to this digital exchange of their data. Of course, the exchange of data must also comply with the provisions of the General Data Protection Regulation (GDPR).
Who can access my medical data?
Doctors can store emergency information and an electronic medication treatment plan on an electronic medical data card. In addition, health insurance providers can create an electronic health record for anyone with statutory health insurance.
What are electronic health records and the ePA app?
The video below explains the benefits that the electronic health record or ePA for short brings and how data is transferred.
This and other videos can also be found on YouTubeWatch now
With all these digital innovations, the most important thing is for patients to retain ownership and control of their data. When patients give their electronic medical data card to staff at their family doctor's practice, they actively agree to the use of their data. For any further sharing of this data, patients are required to enter a personal identification number (PIN), which is allocated to them by their health insurance provider. Access to personal medical data (such as a digital exchange of information between two medical practices) is not permitted without the consent of the patient.
If a doctor wants to access a patient’s medical data, e.g., on their medical data card or in their electronic health record, the electronic health professional card must be used together with the relevant PIN. In addition, the patient must also have granted the practice access to the electronic patient record in advance.
Is medical data really secure?
Data is encrypted when shared within the telematics infrastructure (TI) and is thus protected against unauthorized access. The encryption of e-mails and medical data ensures that the data can only be read by the person who is the intended recipient. The messages are also tamper-proof and ID-verified.
All data requests from the electronic medical data card or electronic health record are saved and can be traced by the patient.
All technical systems and programs used for this purpose must be approved by the Gesellschaft für Telematik (gematik), the German national agency for the digitalization of the healthcare system. This ensures that privacy meets all current requirements.
Data privacy as a basis for digitization
The digitization of healthcare is advancing at a fast pace. Innovations such as apps that can be prescribed, electronic medical data cards, or electronic health records provide patients with an overview of their medical data at all times and allow them to decide for themselves how this data can be used.
The secure, tamper-proof exchange of personal information is of critical importance in this context. This means that the digitization of healthcare must proceed hand in hand with extensive data protection measures. The foundation for this is provided by the telematics infrastructure (TI) as a platform for secure data exchange.
- Deutsche Gesellschaft für Medizinische Informatik, Biometrie und Epidemiologie e.V. (GMDS). Datenschutz und Datensicherheit in Informationssystemen des Gesundheitswesens. Aufgerufen am 26.11.2020.
- EUR-Lex – Der Zugang zum EU-Recht. Datenschutz-Grundverordnung. Aufgerufen am 26.11.2020.
- gematik. Kommunikation im Medizinwesen (KIM). Aufgerufen am 26.11.2020.
- gematik. Telematikinfrastruktur. Aufgerufen am 26.11.2020.
- gematik. Whitepaper Datenschutz und Informationssicherheit in der Telematikinfrastruktur. Aufgerufen am 26.11.2020.