The HealthID as a digital identity in healthcare

The HealthID is a digital identity. People can use it to uniquely identify themselves when using digital health services. It works in a similar way to a personal identity card, which stores unique personal characteristics, such as a passport photo or fingerprint.

In the digital world, the characteristics used to identify a person include, for example, passwords and chip cards. The HealthID can be used, for example, as identification in order to access the electronic patient record. 

The HealthID can be used in place of the electronic medical data card in some cases. Identification via the HealthID allows people to log in to the ePA app or the e-prescription app. 

The ePA app can be used to access and manage the electronic patient record (ePA). The purpose of the electronic patient record is to store all personal medical data about a person in one place. For example, it can be used to store information about previous illnesses and any medication a person is taking. Test results and the digital certificate of vaccination can also be stored in the ePA. Doctors and therapists can use the medical data stored in this one location when treating a patient. People decide for themselves who is to be granted access to their personal data.

In the future, additional offerings will also be accessible via the HealthID. For example, people will be able to log in to hospital patient portals to view their personal health information.

It will also be possible to use digital health applications (DiGa) with the HealthID in the future. Digital health applications are mobile apps or web applications that may be prescribed for medical purposes. The HealthID provides a means of identification for use of these offerings.

As of 2026, it will also be possible to use the HealthID as proof of insurance when attending medical practices. This means that it will no longer be necessary to present the electronic medical data card when visiting the doctor.

You apply to your health insurance provider for a HealthID. Applications can be submitted through the health insurance provider app or the ePA app. 

The specific steps involved in logging in to the app and applying for a HealthID may differ between one health insurance provider and the next. 

Proof of personal identity is required as part of the application process. Various methods of personal identification are available for this purpose. Each health insurance provider can decide which method is permitted.

Proof of identity can be based, for example, on:

• the electronic medical data card and corresponding PIN
• the PostIdent option used by the Deutsche Post (the German postal service)
• the online ID function of the personal identity card

Each individual app provides instructions on how to verify your identity. Once you have provided valid proof of identity, your application for a HealthID is complete. 

The HealthID and the medical data linked to it are specially protected by means of specific measures. These measures are legally required. It is particularly important to protect medical data, as it is very personal, sensitive data that should not be accessible to unauthorized persons.

2-factor authentication is used to ensure a high level of security. The second factor provides additional proof of identity in a way that differs from using a password or PIN. 

In the case of the HealthID, this means:

• The first factor is your six-digit HealthID PIN assigned to you at registration. 
• The second factor is your own smartphone or tablet. 

The HealthID also needs to be confirmed at regular intervals. This can be done, for example, using the online personal identity card function or the electronic medical data card and corresponding PIN. 

2-factor authentication is designed to prevent unauthorized access to the HealthID and thus to the electronic patient record.

Where is my data stored?

In the German healthcare system, the telematics infrastructure provides the basis for the exchange of digital data between medical practices, hospitals, pharmacies and other institutions.

The HealthID and the data linked to it are stored in a data center (in the cloud) rather than locally on a smartphone. The data centers used for the HealthID and all data stored in the ePA are located in Germany and are subject to European data protection regulations. Medical data is stored in the cloud in encrypted form for security purposes. 

The data is also transmitted and processed in encrypted form using the telematics infrastructure. This means that the data can never be viewed by unauthorized persons. 

Can I delete my HealthID and linked medical data?

The HealthID can be deleted in the corresponding app. If you delete your HealthID, you lose access to all applications linked to the ID, such as the electronic patient record. However, the medical data stored in the applications is retained. You will be able to access the applications again once a new HealthID has been issued to you.
 
It is also possible to delete the medical data in the relevant application. However, this must be done before deleting the HealthID, which is needed in order to access the application. You can also ask the health insurance provider to delete the data.

More information about the HealthID is available from health insurance providers. 

The National Agency for Digital Medicine (gematik) also offers information about the HealthID.

In the FAQ section of the website of the Federal Ministry of Health (Bundesministerium für Gesundheit, BMG), you will find information about the HealthID and other digital offerings in the healthcare sector. 

Information about the HealthID for people with private insurance is provided on the information page of the German Association of Private Health Insurers (Verband der privaten Krankenversicherung e.V.).