ePA (English Version)

Status: February 5, 2025

Below you will find a comprehensive overview of the Electronic Patient Record (ePA) in Germany, including the relevant legal background, potential benefits and risks, and the various perspectives of the institutions involved. The aim is to give you a contextual overview so that you can make a self-determined choice about whether and how you would like to use the ePA.


Quick Overview: Why an Electronic Patient Record at All?

The electronic patient record (ePA) is a key digitization project in the German healthcare system. Based on the German Social Code V (in particular §§ 341–356), all statutory health insurance members are to receive an ePA unless they actively opt out within a specific period—or at any time later—(opt-out procedure). The underlying idea: All health data – findings, lab results, vaccinations, medical correspondence, and potentially psychotherapeutic diagnoses – should be pooled and quickly retrievable.

Supporters—including the Federal Ministry of Health (BMG)—stress that this could close care gaps, for instance when certain pieces of information are missing in an emergency or after switching specialists. Statutory health insurance fundsalso see it as an opportunity to optimize processes and avoid unnecessary duplicate tests. At the same time, several professional associationsdata protection specialists, and among others, the Chaos Computer Club (CCC) have voiced concerns, pointing out security vulnerabilities, lacking patient sovereignty over data, and a possible undermining of medical confidentiality, especially regarding psychotherapeutic or psychiatric diagnoses.


Legal Framework and Rollout: Why “ePA for Everyone”?

Since 2021, a first version of the ePA (“ePA 1.0”) has existed, initially requiring active patient registration (opt-in). To boost usage, lawmakers decided to move to an opt-out model going forward.

  • Opt-out means: Your health insurance fund will automatically set up an ePA for you unless you explicitly object.

This way, the Federal Ministry of Health hopes to ensure that as many people as possible benefit from the advantages of a shared data repository.

Currently, test phases are running in certain model regions (e.g., Franconia, Hamburg, parts of North Rhine-Westphalia). If the system tests successfully, it will soon be rolled out nationwide.


Why Is It Controversial?

Data protection authorities and civil society organizations caution that with the opt-out model, many individuals may inadvertently receive an ePA without fully understanding which data will be stored and how they can manage it. Data protection experts demand much clearer, more accessible information for patients.


Benefits and Opportunities: What Does the ePA Offer?

  1. Fast Availability of Data
    In an emergency or if you switch to a new specialist, your records are no longer scattered in multiple, potentially hard-to-access paper files. Instead, an authorized physician or psychotherapist can access your essential health information quickly (once your insurance card is inserted and you consent).
  2. Reduced Bureaucracy, Fewer Redundant Tests
    Health insurers also expect cost savings: for example, lab values would not need to be re-ordered each time, saving money and time. For patients, it could mean shorter waiting periods and fewer repeated tests.
  3. Convenience for the Insured
    Insurance apps let you retrieve your records at any time, upload your own documents, or have older documents digitized (under certain conditions). This provides a clear overview of your medical history.
  4. Research and Innovation
    The government also aims to make pseudonymized ePA data available for research projects in the long run, potentially accelerating the development of new medications or therapies.

Criticisms, Risks, and Disputed Issues

Despite its potential benefits, the ePA is controversial in expert circles:

1. Data Security and Central Storage

One central point of criticism is the central storage of data. The servers operated or certified by the gematik (the government-commissioned organization for telematics infrastructure) are considered “security-tested,” yet many note that the larger the pool of aggregated data, the more attractive a target it becomes for hackers.

The Chaos Computer Club (CCC) has repeatedly pointed out technical weaknesses. For instance, criminals could, in theory, obtain unauthorized large-scale access via purchased or forged practice IDs (SMC-B cards). The CCC also argues that data is not systematically end-to-end encrypted and that gematik relies too heavily on interim solutions instead of fully secure architectures from the start. By contrast, the Federal Ministry of Health and gematik emphasize that they are continually improving security and that no massive breach has yet occurred.

2. Special Sensitivity of Psychotherapeutic Data

Especially for patients in psychotherapeutic or psychiatric treatment, the question of which information goes into the ePA is crucial. Diagnoses, expert assessments, or findings from in-depth psychotherapy may be highly personal and sometimes stigmatizing.

Professional associations of psychotherapists and physicians (e.g., Bundespsychotherapeutenkammer, BVVP) have repeatedly stressed that these data should only be uploaded with explicit patient consent. In theory, the law provides for this – if you do not want it, no sensitive documents should be uploaded. Nonetheless, a great deal is managed by automated processes (e.g., billing data with ICD codes). It might happen that diagnoses become visible without your awareness if you have not explicitly opted out.

3. Opt-Out Approach and Knowledge Gaps

The opt-out model presupposes that policyholders:

  • know that they are receiving an ePA,
  • understand the data being stored, and
  • act if they do not want it.

Here lies a major obstacle: many people feel overwhelmed, receiving official letters that may be too complex or simply assuming that everything must be correct. Data-protection advocates warn that millions may receive an ePA unwittingly, with no clarity on the implications.


What Does the ePA Actually Entail?

Core Concept

  • Central repository: The ePA is designed as an online location for storing your medical data – findings, letters, lab values, medication regimens, etc.
  • Quick accessibility: Physicians, psychotherapists, pharmacies, and hospitals (given your authorization) should be able to see your key data quickly and easily.
  • Patient-driven: According to law (§§ 341 ff. SGB V), the ePA is “controlled by the insured,” meaning you decide which documents are uploaded and who gains access.

Opt-Out vs. Opt-In

  • The original “ePA 1.0” (2021 introduction) followed an active sign-up principle (“opt-in”).
  • Since January 2025, legislation moves to opt-out: all statutory insurance members receive an ePA automatically if they do not actively object.

Research and Data Sharing

Starting around mid-2025, ePA data (in pseudonymized form) is to be passed on to a central research data center, aiming to speed up medical insights. Yet some experts caution that even pseudonymized data can sometimes be “re-identifiable.” If you do not wish your data to be used in research, you must also actively object to that.


Which “Decision and Objection Options” Exist?

Below are detailed decision trees explaining how you (as a patient) can handle the ePA. Step by step, you’ll see which objection forms the DGPT or other sources (e.g., widerspruch-epa.de) provide.

Essentially, once your health insurance notifies you that an ePA will be set up, you have 6 weeks to lodge a generalobjection (opt-out). If you do nothing, your ePA is created. You can still have it deleted or restrict access even after that.

According to the DGPT (my umbrella association), there are 6 main types of objection, depending on which aspect of the ePA you’d like to revoke:

  1. Objection against overall setup/use

2. Objection against automatic billing data transfer

3. Objection against a specific practice (e.g., psychotherapy) having access

4. Objection to digital medication management (electronic medication list)

5. Objection to storing any newly created documents in the current treatment context

6. Objection to data sharing with the central research data center starting mid-2025

    You can combine any number of these. That means you can either reject the ePA entirely or allow certain portions/features only.


    Decision Tree: Should I Have an ePA?

    Step 1: Basic Decision – ePA or No ePA?

    • If you absolutely do not want an ePA…
      → You do not want your data stored centrally, prefer not to use the system.
      Action: Objection against creation (Form 1) to your health insurance (mail, fax, or app). Your ePA then gets deleted or not created at all.
    • If you see no major concerns, you can have the ePA created.
      Result: If you object, it ends (no ePA). If you do not object, an ePA is set up automatically.

    (Form note: “Muster-Formular 1” for “objection to ePA creation.”)

    Step 2: Should the health insurer’s billing data go into my ePA?
    By default, insurers send all billing info (ICD codes, services used) to your ePA automatically.

    • If you do want these data, do nothing; the data flow is automatic.
    • If you do not want it, file an objection to your insurance (Form 2).

    Step 3: Should specific practices have access to the ePA?
    By law, your physicians or psychotherapists normally have 90-day access after reading your e-health card.

    • If you do not want a particular practice (e.g., your current psychotherapist) to access it at all, you can:
      • revoke permissions using your insurer’s ePA app,
      • or submit an objection to the insurer’s ombudsperson (Form 3).
      • special note for psychotherapy: Many patients prefer not to store therapy documents. That’s your prerogative. (See Form 3.)

    Step 4: Automatic e-medication list
    All e-prescriptions, dispensing data, etc., feed into your ePA automatically.

    • If you do not want this,
      → file an objection (Form 4) with the ombudsperson or directly in the ePA app.

    Step 5: Document Storage in Current Treatment
    By default, clinics/practices must upload newly generated e-documents (findings, letters) if you have an ePA – unless you explicitly refuse.

    • If you object to uploading a specific doc (e.g., your psychotherapy progress report),
      → you tell the practice directly (they record your refusal; see Text 5).
    • If you do nothing, documents are uploaded if they are in electronic form.

    Step 6: Research Data Transfer (from July 2025)
    From mid-2025, pseudonymized ePA data will be forwarded to the central health data research center. If you don’t wantthis:

    • You can file an objection (Form 6) with your insurer’s ombudsperson or in the ePA app.
    • If you don’t object, the data go to the research pool automatically once that’s set up.

    Example Scenarios

    Example A
    You do not want an ePA – fill out Form 1 and send it to your health insurance. Done.

    Example B
    You’d like an ePA in general, but no psychotherapy documents in it.
    → refuse in your therapy practice (Text 5).
    → possibly also bar the practice from seeing your ePA (Form 3) or hide documents in the app.

    Example C
    You use the ePA but don’t want your billing data in it.
    → Fill out Form 2 (“Objection to billing data”), send it to the insurer.


    Additional Notes

    • Change any time: You can object later, or hide/delete data even after initial setup.
    • Watch the timeline: For refusing the ePA entirely (Form 1), you have ~6 weeks after the insurer’s ePA announcement. But you can delete or disable it afterward, too.
    • Data privacy caution: Some data (especially mental health data) are particularly sensitive. Think carefully about which files to store in the ePA.
    • Seek advice: If you’re unsure, feel free to consult me (your therapist/doctor). Together, we can figure out what suits you best.
    • Important: The model forms are available on my website or from DGPT or other sources (e.g., widerspruch-epa.de). Exact procedures can differ slightly between insurers. Ask your insurer if needed.

    Conclusion: Balancing Pros and Cons

    The ePA certainly has benefits. It can simplify treatment, reduce duplicate tests, and give you a central overview of your health history. Many people consider this a real breakthrough, particularly for those juggling multiple specialists.

    However:

    • Data security: Not fully guaranteed, as large central repositories are inherently attractive to attackers.
    • Psychotherapy data and other highly sensitive info might be disclosed inadvertently if you don’t actively manage permissions.
    • Opt-out approach forces you to actively engage if you want to limit or reject certain data or the entire ePA.

    You remain in control: The Federal Ministry of Health and health insurers aim to deliver broad benefits, while data protection experts, the CCC, and various professional bodies call for more transparency and stronger security. Ultimately, you, as the patient, must choose whether you’ll embrace the ePA (and, if so, in what form) or not.

    If you have any questions, I’m happy to discuss them with you personally, so we can jointly determine what solution works best for you.

    Note: This text is not a substitute for legal advice but is meant solely as guidance. For specifics, please contact your health insurance, consumer advisory centers, independent patient counseling services, or your psychotherapeutic/medical practice.


    Cultural-Theoretical Afterword

    “There has never been a document of culture which is not simultaneously one of barbarism.”
    — Walter Benjamin, On the Concept of History (1940)

    Benjamin’s oft-quoted remark underscores the ambivalence inherent in every cultural achievement: every instance of progress may also rest on exploitation, oppression, or suffering. This is relevant in the context of ePA as well—each technological advance can have its shadows. Hence, careful attention to design, information, and consent is essential to ensure that alleged benefits do not end up eroding fundamental rights or medical confidentiality.