If you live in Germany, you’ve probably already heard: the electronic patient record (in German, elektronische Patientenakte or ePA) is coming – and it’s for all individuals with statutory health insurance. The system is being introduced using an opt-out process. This means: you will automatically receive an ePA – unless you actively object.
What exactly is the ePA?
The ePA is a digital service that allows you and your doctors to centrally store medical findings and health information. The goal: more transparency for you and more efficient diagnoses and treatments, since medical professionals can access your previous findings – of course, only with your permission.
At least, that’s the idea.
Handling Your Health Data with Care
Health data is among the most sensitive information you can share. Maybe you don’t want every doctor’s office to know that you’ve received psychotherapy, been treated for a sexually transmitted disease, or had an abortion. And that is absolutely valid – because you alone decide which information gets shared and which does not.
Objecting to the ePA: How It Works
Even though the ePA is set up automatically, you have the right to object to its use. It’s not super easy, but possible:
- In person at a branch office of your health insurance provider
- Through your insurance’s ombudsperson or ombuds office
- By mail
- Online via apps or forms on your health insurance’s website
A helpful overview of how to file an objection with your insurer can be found, for example, at heise.de.
By the way: Even if you don’t live in Germany, many other countries have similar systems. You may still find something useful in this guide.
The First Step: Set Up Access to Your ePA
If you’re going to use the ePA – or because you’ll receive one automatically via opt-out – you should make sure to set up your access early. Until you do, standard rules apply: any doctor’s office where you insert your health card will automatically have access to your ePA data for 90 days.
How to Set Up Your Access:
- Identify yourself via your insurer’s app or website (usually using your electronic health card or Postident verification).
- Request the activation code by post.
- Once you receive it, you can activate and manage your ePA.
- You’ll also receive a backup key in case you lose access – store it safely, for example in a password manager
Which Data Should Be Visible – and to Whom?
Once you have access, you can control exactly what each doctor’s office can see:
- You can hide specific documents.
- You can block certain practices entirely – but that also means they won’t be able to upload new data to your record.
So, ideally, think about what information you want to share before your next doctor’s appointment. Anything that’s truly important for a diagnosis can still be shared verbally – that way, you stay in control.
Conclusion: Taking Action Pays Off
Whether or not you want to use the ePA is entirely up to you. A good decision-making guide can be found, for example, at netzpolitik.org.
But if you do use it – and for many, that will soon be the case – make sure you have access and decide for yourself who can see which data. It’s about your health – and your privacy.
Checklist
- If you do not want an electronic patient record (ePA), you must actively object with your health insurance provider.
- Without your own access setup, all doctor’s offices where you insert your health card will automatically be granted access to your data for 90 days.
- To access your ePA, you must request an activation code from your insurer and authenticate yourself via their app or website.
- After activation, securely store your backup key so you can regain access in an emergency.
- Think carefully about which sensitive health data you want to share digitally – everything else can be discussed in person with your doctor.
- If you don’t want to manage your ePA, you should opt out – because that is your right.