The electronic patient record (ePA)

At present, personal patient data is often available in a variety of places without any real clarity – often without the insured people being able to see it. Some data is held by a family doctor, some by specialists and some may even have already been lost.

The electronic patient record (ePA) enables you to manage your health data independently and in a self-determined manner: by allowing data about your health to be stored in the electronic patient record or storing it there yourself, for example information about previous health conditions, medication and test results, you can obtain a transparent overview of your health and treatments.

If you provide doctors and therapists with bundled information via the electronic patient record, these can quickly obtain a holistic picture of your current health.

This enables optimum care in all locations – in addition to hospitals, medical practices and pharmacies, the electronic patient record can also be used by rehab clinics, for example, provided that you grant them access to it.

You manage the electronic patient record (ePA) yourself, for example with your smartphone or tablet. You can speak to your doctor about the data you want to upload to your electronic patient record.

The following list shows examples of information that can be saved in your electronic patient record:

• test results
• diagnoses
• treatment plans
• treatment reports/doctor’s letters
• the emergency data record
• the electronic medication treatment plan
• the certificate of vaccination
• the dental bonus booklet
• the maternity record
• the child examination booklet
• the electronic sick leave notice (eAU)
• … other information

You can also add your own information, such as a pain diary or old results that you already have in paper format. It is also possible to store information about the location of advance healthcare directives, lasting powers of attorney or organ donor cards in the electronic patient record. Contact details can also be stored for doctors as well as for the people who are to be notified in the event of an emergency. 

What other functions are planned for the electronic patient record?

Several new functions will be introduced for the electronic patient record in the future. For example, it will be possible for data from digital health and care applications (“apps on prescription”) to be automatically transferred to the electronic patient record.

There will also be an option to voluntarily make data from the electronic patient record available for research in a pseudonymized format. Pseudonymized means that the data can no longer be connected with an individual person. It is hoped that healthcare can be improved by making this data available.

The electronic patient record (ePA) is a central location for the life-long storage and collation of all personal health and treatment data that is otherwise scattered around. The ePA saves this information securely and makes it available at all times.

By creating an electronic patient record as a patient and granting selected medical practices, hospitals and pharmacies access to it, your treatment history will be more comprehensible for all of those involved. For example, doctors will be able to choose a suitable treatment more quickly, repeat tests will be avoided and more time will be available for personal consultations.

In pharmacies, the electronic patient record enables personalized consultations, for example with regard to interactions between medications, incompatibilities or allergies.

The electronic patient record (ePA) is available free of charge to everyone with statutory health insurance and to those with private health insurance from certain providers. If you want to use the electronic patient record, you can request this from your health insurance provider. Health insurance providers will provide detailed information about how to register in the ePA app provided and how it works.

You can access your electronic patient record in two ways:

• ePA app: the ePA app on your smartphone or tablet allows you to read the documents saved in your ePA as well as to upload, approve or even delete new data.
• Your health insurance provider’s desktop app: this offers the same range of functions on a PC or laptop as the app for mobile devices.

But even if you do not want to use the ePA app yourself, you can still have an electronic patient record and authorize your doctor to complete it.

If you have statutory health insurance, you require your electronic medical data (eGK) and the associated PIN provided by your health insurance fund. You can then authorize medical practices to access your electronic patient record, populate it with data via the practice information system and view the data in it.

People with private insurance can grant medical practices access to their electronic patient record by means of an online check-in to an app. You require your health ID for the online check-in. Ask your health insurance provider if they already offer an online check-in option.

More information about online check-in is provided on the gematik website.

On changing health insurance provider, ePA data can be taken with you in just a few clicks.

The electronic patient record for children is initially managed by the parents or a guardian. People can manage their own electronic patient record from the age of 16.

Who has access to the electronic patient record?

As the patient, you have complete control over your electronic patient record. You decide who has access to it, which data is stored and for how long access is granted.

For example, you may want to grant permanent access to your general practitioner but limit access to just one day for a specialist. You can assign different levels of confidentiality to your documents and only grant access to specific document categories or select documents.

You grant access via the ePA app or on site at the medical practice by using your electronic medical data card and personal PIN in the card terminal.

The ePA file system is accessed via the telematics infrastructure, a secure, self-contained network. The servers for processing data are located in Germany, are subject to European data protection regulations and are checked on a regular basis. All documents are end-to-end encrypted. This means that only insured persons themselves or those they grant access to can decrypt messages. Health insurance providers have no access to the contents of the electronic patient record.

The health insurance provider’s app for the electronic patient record must be approved by the system’s administrative organization Gesellschaft für Telematik (gematik). During this process, the app’s security and functionality are both checked.

Part of the approval process involves submittal of a security report, which must be created by an independent third party.

All operations and access requests are logged in the ePA for one year – the last 50 entries can be viewed regardless of this period. This allows you to keep track of who downloads, uploads or deletes documents in your ePA, for example. 

For more detailed information about the electronic patient record, see the gematik website.