Digitization in healthcare – how does data protection work?

From electronic health records, through online video appointments, to health apps – personal data is always a concern. On the one hand, both patients and doctors benefit from the digitization of healthcare. On the other, many patients are concerned about the topic of data protection and wonder if their doctors are really able to keep their data safe.

At a glance

  • Digitization affects all areas of medical care and data protection is a critical issue to consider in this context.
  • Take electronic patient records (ePA in Germany), for example. In this case, the patient is the sole data owner and decides who can see which data and when.
  • Health apps on prescription are approved medical devices: they are only approved if they can guarantee data protection.
  • The telematics infrastructure (TI) enables a tamper-proof, ID-verified exchange of patient data.
  • While 100% protection can never be guaranteed, patient data is protected to the best extent possible using targeted security measures.

Note: The information in this article cannot and should not replace a medical consultation and must not be used for self-diagnosis or treatment.

Datenschutz: Eine Ärztin zeigt einer Patientin etwas auf einem Tablet.

What is data protection?

In legal terms, data protection means, first and foremost, that personal data is protected from misuse and from being stored and processed without the owner’s permission. In a medical context, doctor-patient confidentiality also applies, which means that data protection must be particularly strictly implemented. In addition, it is essential for patients to be able to trust their doctors to keep their data confidential. 

In the healthcare system, huge volumes of personal and health-related data are collected and managed every day. As healthcare becomes increasingly digitalized and its structures become increasingly interconnected (= telematics infrastructure), this sensitive data must be protected by means of suitable personal and institutional data protection measures.

Data is encrypted when shared within the telematics infrastructure (TI) and is thus protected against unauthorized access.

Who can access my medical data?

Doctors can store emergency information and an electronic medication treatment plan on an electronic medical data card. In addition, health insurance providers can create an electronic health record for anyone with statutory health insurance.

Gesundheitsdaten sind geschützt durch: Schlüssel auf der eGk, Netz der TI, Verschlüsselte Übertragung

With all these digital innovations, the most important thing is for patients to retain ownership and control of their data. When patients give their electronic medical data card to staff at their family doctor's practice, they actively agree to the use of their data. For any further sharing of this data, patients are required to enter a personal identification number (PIN), which is allocated to them by their health insurance provider. Access to personal medical data (such as a digital exchange of information between two medical practices) is not permitted without the consent of the patient.

If a doctor wants to access a patient’s medical data, e.g., on their medical data card or in their electronic health record, the electronic health professional card must be used together with the relevant PIN. In addition, the patient must also have granted the practice access to the electronic patient record in advance.

What are electronic health records and the ePA app?

The video below explains the benefits that the electronic health record or ePA for short brings and how data is transferred.

This and other videos can also be found on YouTube

Watch now

The privacy policy indicated there applies.

Is medical data really secure?

Data privacy as a basis for digitization

The digitization of healthcare is advancing at a fast pace. Innovations such as apps that can be prescribed, electronic medical data cards, or electronic health records provide patients with an overview of their medical data at all times and allow them to decide for themselves how this data can be used.

The secure, tamper-proof exchange of personal information is of critical importance in this context. This means that the digitization of healthcare must proceed hand in hand with extensive data protection measures. The foundation for this is provided by the telematics infrastructure (TI) as a platform for secure data exchange.

As at:

Did you find this article helpful?