The electronic patient record (ePA)

At present, personal patient data is frequently available in a variety of places without any real clarity – often without the patients themselves being able to view it. Some data is held by family doctors, some by specialists and some may even have been lost. From January 2025, everyone in Germany with statutory health insurance will have an electronic patient record (“ePA for all”). The ePA for all allows people’s medical information to be stored in a clear format and in one place.

The ePA for all enables German citizens to manage their medical data independently and in a self-determined manner. They can allow documents relating to their health to be stored in the ePA and can store documents there themselves, e.g., information about pre-existing illnesses, details of the medication they are taking or the results of examinations. This gives them a transparent overview of their own health at any time.

The ePA gives doctors and therapists access to bundled information so that they can quickly obtain a holistic picture of the current health of their patients.

This enables the best possible patient care in all care settings. In addition to hospitals, medical practices and pharmacies, the electronic patient record is also used, for example, by rehab clinics, unless you decide not to grant them access.

You can access the electronic patient record (ePA) yourself, for example, from your smartphone or tablet. Your doctor will inform you about which documents they store in the ePA. 

Unless you object, doctors are obliged to make certain information available in the ePA. This information includes:

• details of medication
• doctors’ letters
• results of laboratory tests
• results of imaging diagnostics, e.g., X-rays
• hospital discharge letters
• reports on operations
• results of genetic testing, provided that the patient has provided consent in written or electronic form

Additional medical data can be stored in the ePA for all at the patient’s request. This could include, for example, treatment reports or electronic certificates of incapacity for work due to illness (sick leave notice, eAU).

Individuals can also add their own documents, such as old results that they already have in paper format. Medical data from digital health applications can also be stored in the ePA. 

Which information is governed by special rules?

If particularly sensitive medical data relating to a person is made known to others, this could potentially lead to discrimination. This applies in particular to information about sexually transmitted diseases, mental illness or terminations of pregnancy. In these cases, the individual to whom the data relates must be explicitly made aware that they have a right to object before the relevant data is stored and transmitted in the electronic patient record (ePA). In order for the results of genetic testing to be stored in the ePA, the patient must first provide consent in written or electronic form.

Which new functions will be added to the electronic patient record in the future?

Several new functions will be introduced for the electronic patient record in the future. For example, it will be possible to store structured laboratory data in the ePA or to search for specific content in the stored documents. It will also be possible to transfer data from fitness tracker wristbands and other healthcare apps to the ePA.

From July 2025, patients will have an option to make data from the patient record available in pseudonymized format for the purpose of research for the common good. Pseudonymized means that the data can no longer be connected with an individual person. It is hoped that healthcare can be improved by making this data available. The data is made available for individual research projects via the Health Data Lab (“Forschungsdatenzentrum Gesundheit”) in accordance with strict regulations. The ePA can continue to be used as normal for individual healthcare even if the patient has opted out of sharing data for research purposes.

The electronic patient record (ePA) is a central location for the life-long storage and collation of all personal health and treatment data that is otherwise scattered around. The ePA saves this information securely and makes it available at all times.

The electronic patient record enables all practices, hospitals and pharmacies involved in patient care to quickly and easily access all important medical data relating to their patients. This allows for better tracking of patients’ medical histories for all involved. For example, doctors will be able to choose a suitable treatment more quickly, repeat tests will be avoided and more time will be available for personal consultations. 

A medication list is also stored in the ePA for all. Medication that is prescribed using an e-prescription will be automatically added to this list. The medication list is intended to make it easier for both patients and healthcare professionals to keep track of prescribed drugs. In pharmacies, the medication list enables personalized consultations, for example in relation to interactions between medications.

The ePA makes it easier for patients to switch doctors because all relevant information about their medical history is automatically available to the new practice. If an individual changes their health insurance provider, all of the data is automatically transferred in the ePA. 

An electronic patient record for all (ePA for all) will be created automatically for everyone in Germany with statutory health insurance as of 15 January 2025. Use of the ePA for all is voluntary and free of charge. Anyone who already has an ePA can simply continue to use it.

If you don’t want your ePA to be used by any healthcare facility, you can opt out of having an ePA created for you. This can be done via your health insurance provider. If an ePA has already been created for you, you can prevent further use of it via the ePA app or by contacting your health insurance provider. Your ePA will then be deleted.

An electronic patient record is also created for children and adolescents. Their ePA is initially managed by their parents or guardians. Parents can also decide to opt out of the ePA on behalf of their children. Adolescents can manage their own electronic patient record from the age of 15.

Using the ePA with the ePA app

Health insurance funds provider their members with an ePA app. You can use the ePA app from your health insurance provider to access your ePA from your smartphone or tablet. You can then view your medical data and upload, hide or delete documents. Sensitive medical data is stored in the ePA app. For this reason, you will need to provide identification with your personal identification card or your electronic medical data card and the corresponding PIN the first time you log in to the app. 

Using the ePA without the ePA app

If you don’t have a smartphone or tablet, you can also use the ePA on a computer or ask another trusted person to manage the ePA for you with the ePA app. 

However, the ePA for all can also be used without an app or computer. In this case, the ePA can still be completed for you by doctors. If you require treatment, healthcare professionals can scan your medical data card, which allows them to access documents stored in your ePA and find out important information about your medical history. 

However, it must be noted that the options for using the ePA without an app or computer are limited. For example, you cannot view or upload documents independently in this case. You also cannot independently restrict access to your ePA for specific medical practices. To do so, you must contact the Ombudsman’s office of your health insurance provider. Ombudsman’s offices help individuals to manage their ePA. You can also contact the relevant Ombudsman’s office to find out which documents were stored, opened or deleted in your ePA, as well as when and by whom. 

Who has access to the electronic patient record? 

When you receive treatment at a medical practice or hospital, the healthcare professionals involved have access to the ePA for a limited period of time. This period is set as standard at 90 days from the point when the electronic medical data card is scanned. However, you can use the ePA app to restrict access for individual medical practices or other healthcare facilities. You can also limit the access period. In addition, you can choose to extend the access period for a specific medical practice, such as your family doctor’s practice.

Furthermore, you also have the option to deny access to individual documents stored in the ePA for all healthcare facilities or to enable access to selected documents only. In the future, it will also be possible to limit access to your medication treatment plan to specific medical practices or hospitals only. If you don’t use the ePA app, you can also manage access to your ePA via the Ombudsman’s office of your health insurance provider. Health insurance providers themselves cannot access the contents of the ePA.

Pharmacies have access to the ePA for a period of 3 days from when the electronic medical data card is scanned, unless the patient has denied them this access. You can also grant occupational health physicians, company doctors and the public health service access to your ePA for a period of 3 days by allowing them to scan your medical data card.

You don’t need your own smartphone or tablet to nominate representatives. Your representatives can upload documents to your ePA and also hide or delete documents for you. However, they cannot opt out of the ePA on your behalf or create other representatives for you.

Will people with private insurance also receive the ePA for all?

Private health insurance providers will also provide their insurance policyholders with the electronic patient record for all. If your health insurance provider is offering the ePA for all, it will be created for you if you have set up a Health ID.

People with private insurance can grant medical practices access to their electronic patient record via the ePA app. Practices can find ePAs for their patients via an online check-in using the personal HealthID. This online check-in only needs to be completed once for each medical practice. Ask your health insurance provider if they are already offering an online check-in.

More information about the electronic patient record for people with private health insurance is available from the Association of Private Health Insurers (Verband der Privaten Krankenversicherung).

The ePA file system is accessed via the telematics infrastructure, a secure, self-contained network. The servers for processing the data are located in Germany, are subject to German and European data protection regulations and are checked on a regular basis. All documents are transmitted in encrypted format end-to-end. Health insurance providers have no access to the contents of the electronic patient record.

The health insurance provider’s app for the electronic patient record must be approved by gematik. As part of the approval procedure, the security of the servers on which the ePA data is stored is also verified by independent experts. However, to ensure data privacy, individuals should also install security updates on their smartphone on a regular basis. 

All operations and access requests are logged in the ePA for 3 years. This allows you to keep track of who downloads, uploads or deletes documents in your ePA, for example.

More detailed information about the electronic patient record is provided on the website of the Federal Ministry of Health (Bundesministerium für Gesundheit).