Doctors warn: is the electronic patient record in trouble?

Doctors warn: is the electronic patient record in trouble?

From October 1, 2025, doctors, hospitals and pharmacies will have to use the electronic patient record (ePA) throughout Germany. This innovation not only brings digital progress in healthcare, but also raises a number of questions. Dr. Ralf Wiese, the district chairman of the Association of Statutory Health Insurance Physicians, sees the new regulation as potential problems for medical professionals that must be taken into account. Loud shz.de There is still a lot of clarification that needs to be made here.

The ePA has been available to those with statutory health insurance since 2021 and can be applied for from health insurance companies. The ePA is thus preparing to become the central location for the digital storage and exchange of health data - from medical reports to diagnoses and prescriptions. As part of this change, the German Bundestag passed two digital laws in spring 2025 to accelerate the introduction of the ePA datenschutzticker.de reported.

The challenges of the ePA

A central point that comes up again and again is the security aspects of the ePA. The Fraunhofer Institute for Secure Information Technology discovered 21 vulnerabilities in a report, four of which are even classified as serious. These are potential attacks by hackers or unauthorized third parties, while a threat from government organizations has not been identified. Long response times of up to 72 hours in the event of security gaps were considered problematic and make protecting sensitive health data a challenge datenschutz-praxis.de determines.

The storage of health data follows very strict guidelines in accordance with the General Data Protection Regulation (GDPR). This is how the data is storedArt. 9 Paragraph 1 GDPRspecially protected and stored exclusively in encrypted form. Access is only possible for authorized persons and devices belonging to the insured. Although this is an essential step towards data protection, many experts still ask critical questions about the central storage of health data in the cloud. Chaos Computer Club has uncovered security flaws that could allow unauthorized access.

The way forward

Gematik, which is responsible for implementing the ePA, has already taken initial measures to optimize and ensure IT security. The aim is to create a comprehensive and secure system that complies with the requirements of the GDPR. Patients should decide for themselves what information can be viewed by third parties, and regular training courses are offered for medical staff to raise awareness of data protection.

Further improvements are being sought with a planned “interim release ePA 3.0.5” in July 2025. In the long term, work is underway on a European Health Data Space (EHDS), which is intended to facilitate the exchange of health data at EU level. The whole thing sounds promising, but as practice will show, it remains to be seen whether the ePA can win the trust of users and whether all challenges can be overcome.