Digitization in healthcare – how does data protection work?

In legal terms, data protection means, first and foremost, that personal data is protected from misuse and from being stored and processed without the owner’s permission. In a medical context, doctor-patient confidentiality also applies, which means that data protection must be particularly strictly implemented. In addition, it is essential for patients to be able to trust their doctors to keep their data confidential. 

In the healthcare system, huge volumes of personal and health-related data are collected and managed every day. As healthcare becomes increasingly digitalized and its structures become increasingly interconnected (= telematics infrastructure), this sensitive data must be protected by means of suitable personal and institutional data protection measures.

In Germany, the E-Health Act (2016) and the Digital Healthcare Act (DVG), which entered into force in 2019, regulate how digitization in healthcare is implemented. For example, the DVG states that specifically approved health apps can be prescribed by doctors and that the costs of these will be covered by health insurance schemes.

The telematics infrastructure (TI) allows pharmacists, clinics, family doctors, and specialist practices as well as care and rehabilitation institutions to be increasingly networked. As a result, they can exchange all data required for the medical care of patients via digital channels that are particularly short and fast. However, patients must first agree to this digital exchange of their data. Of course, the exchange of data must also comply with the provisions of the General Data Protection Regulation (GDPR).

Doctors can store emergency information and an electronic medication treatment plan on an electronic medical data card. In addition, health insurance providers can create an electronic health record for anyone with statutory health insurance.

With all these digital innovations, the most important thing is for patients to retain ownership and control of their data. When patients give their electronic medical data card to staff at their family doctor's practice, they actively agree to the use of their data. For any further sharing of this data, patients are required to enter a personal identification number (PIN), which is allocated to them by their health insurance provider. Access to personal medical data (such as a digital exchange of information between two medical practices) is not permitted without the consent of the patient.

If a doctor wants to access a patient’s medical data, e.g., on their medical data card or in their electronic health record, the electronic health professional card must be used together with the relevant PIN. In addition, the patient must also have granted the practice access to the electronic patient record in advance.

Data is encrypted when shared within the telematics infrastructure (TI) and is thus protected against unauthorized access. The encryption of e-mails and medical data ensures that the data can only be read by the person who is the intended recipient. The messages are also tamper-proof and ID-verified.

All data requests from the electronic medical data card or electronic health record are saved and can be traced by the patient.

All technical systems and programs used for this purpose must be approved by the Gesellschaft für Telematik (gematik), the German national agency for the digitalization of the healthcare system. This ensures that privacy meets all current requirements.

The digitization of healthcare is advancing at a fast pace. Innovations such as apps that can be prescribed, electronic medical data cards, or electronic health records provide patients with an overview of their medical data at all times and allow them to decide for themselves how this data can be used.

The secure, tamper-proof exchange of personal information is of critical importance in this context. This means that the digitization of healthcare must proceed hand in hand with extensive data protection measures. The foundation for this is provided by the telematics infrastructure (TI) as a platform for secure data exchange.