How does data protection work in healthcare?
The digitization of healthcare – including the electronic patient record, online video appointments and electronic doctor’s letters – opens up many possibilities. Digital identities, secure encryption methods and the telematics infrastructure network guarantee data protection and data privacy in this context.
At a glance
- Data protection and data privacy play an important role in the digitization of the healthcare sector.
- The telematics infrastructure (TI) is a closed network used to exchange data within the German healthcare sector.
- The services in the telematics infrastructure enable secure storage of sensitive patient data, such as the electronic patient record.
- Systematic measures ensure that this data is protected at all times against tampering, forgery and unauthorized access.
Note: The information in this article cannot and should not replace a medical consultation and must not be used for self-diagnosis or treatment.
What is data protection?
Data protection means that personal data is protected from misuse and from being stored and processed without the owner’s permission. The term also comprises the right to informational self-determination, meaning that every person can determine the details of how their own personal data is disclosed and used.
Huge volumes of personal data are collected and managed every day in the healthcare system. In a medical context, other relevant data includes health-related data, i.e., details of health conditions and treatments, which is subject to doctor-patient confidentiality. It is essential for patients to be able to trust their doctors in relation to this data.
Due to the increasing connectivity between institutions and the digital transfer and storage of personal and medical data, it is essential for data protection regulations to be implemented in a way that ensures that data protection is guaranteed at all times.
In the development of digital networks, special standards of protection were observed and the telematics infrastructure (TI) was created. This is a secure network for exclusive use by the healthcare system that can only be accessed by registered individuals and institutions. The TI enables secure communication and transfer of data stored on servers in Germany.
To find out how the secure data network of the German healthcare system is structured, see the article about the telematics infrastructure.
Who can access my medical data?
Personal data, known as “master data”, of people with health insurance is stored on their electronic medical data card. This data includes, for example, their name, insurance number, date of birth and details of their insurance cover. By giving their electronic medical data card to staff at their family doctor’s practice, patients agree to the use of their personal data.
When the card is read, the insured person’s master data is compared with the data held by the insurance provider. If, for example, the address has changed, this is updated on the medical data card.
This connection is protected by a digital key stored on the medical data card, which is known only to the health insurance provider or the patient. Each electronic medical data card has a unique key.
The master data of every insured patient is also protected by the secure connection of the TI and end-to-end encryption during data transmission.
Patients also have the option of using additional digital services such as the electronic patient record (ePA) if they so wish. It gives them ownership and control of their medical data – for example, by allowing them to keep track at all times of any treatment costs that have been settled.
In order for a medical practice to access the medical information stored in an electronic patient record, the patient must first grant it access to the documents in the ePA. Different practices can also be granted different access and editing rights.
What are electronic health records and the ePA app?
The video below explains the benefits that the electronic health record or ePA for short brings and how data is transferred.
This and other videos can also be found on YouTube
Watch nowThe privacy policy indicated there applies.
How are users authorized?
In the real world, a person’s identity can be verified by their physical features (for example, using a photograph of their face or a fingerprint) as well as by their personal details in conjunction with a document such as their personal identification card.
In the virtual world, identifiers such as user names, passwords, chip cards, token or biometric data are used for digital authentication.
All users of the telematics infrastructure (TI) are required to authenticate their identities in order to exchange medical data. The following authentication methods are used:
- Insured patients use their electronic medical data card as authentication
- Health professionals use their health professional card
For certain applications, the card can only be used with a PIN.
Keys are stored on the cards, which serve as a digital identity when used in conjunction with a certificate and enable the exchange of data.
Various permissions are linked to these keys in the TI. For example, a doctor performs different healthcare-related functions to a pharmacist and therefore has different rights in terms of accessing medical data. Health insurance providers, on the other hand, have no access to medical data.
How is data encrypted in the ePA?
Only insured patients can access their own electronic patient record (ePA) and no-one else can do so – unless granted access by the patient to the entire record, individual sub-folders or specific documents.
This is guaranteed by means of a unique electronic “record key” belonging to each ePA and a “document key” assigned to each individual document in the record.
If a patient grants permission for a medical practice to access documents in their electronic patient record (ePA), the practice is given the corresponding key. This is the only way for the practice to view or store data and documents in the ePA.
Is medical data really secure?
The following measures provide effective protection against unauthorized access to medical data:
- the closed network of the telematics infrastructure (TI)
- authentication of all users involved
- secure encryption methods
Multiple encryption of medical data and doctor’s letters that are exchanged by e-mail within the TI ensures that data can be read by the intended recipients only. Electronic signatures also protect certain documents from being falsified.
Requests for data from the electronic medical data card can be traced by patients, as they are logged on the card. A similar process is used for the electronic patient record.
All technical components and services must be approved by the German Society for Telematics (gematik GmbH) and checked in advance in accordance with the requirements of the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI). Potential vulnerabilities, threats and risks are monitored on a continuous basis. This ensures that data protection and data privacy always keep pace with the latest requirements.
Further information
For information about the technical specifications of the telematics infrastructure and data protection, see the specialist portal of the Society for Telematics (Gesellschaft für Telematik, gematik GmbH).
- EUR-Lex – Der Zugang zum EU-Recht. Datenschutz-Grundverordnung. Stand: 27. April 2016.
- gematik GmbH. Whitepaper Datenschutz und Informationssicherheit in der Telematikinfrastruktur. Stand: Juni 2021
