Data protection authority and health insurers argue over electronic patient records |

Bonn (dpa) – Federal data protection commissioner Ulrich Kelber has asked four large statutory health funds to expand the new electronic patient record (ePA) with additional data protection functions.

Without these extensions, the digital patient record would violate the European General Data Protection Regulation (GDPR), Kelber said Thursday. Further instructions to other cash registers should follow. Kelber is responsible for a total of 63 statutory health funds with 44.5 million insured.

The instructions focus on two topics. On the one hand, Kelber demands that the insured can determine who sees what. “The insured must have the right to choose which document he wishes to give to which third party (doctor, therapist, etc.) namely”, specifies the letter to the sickness funds that the German press agency has received. An “all or nothing principle” is not state of the art and violates the GDPR.

Members of compulsory health insurance have been able to use the electronic patient record since the start of 2021. Medical results, for example, can be recorded and shared there. On July 1 of this year, all doctors, physiotherapists and dentists were also forced to log into the ePA and support the technology. According to Gematik GmbH, around 250,000 insured persons in Germany have used the ePA to date. The majority of Gematik is owned by the federal government and is responsible for setting up a secure health data network.

Kelber said that if precise control is possible from 2022, he will also use the EPR for himself personally. “I would set it up so that the doctors I trust can see every health document on this file. I would use it very sparingly to block something out there, but I would, for example, when I get a second diagnosis. “

However, Kelber is also embarrassed that the ePA can only be viewed and managed by the insured with a suitable smartphone. “From 2022, 90% of insureds with mobile devices will be able to view and control access to content. The remaining ten percent should not be allowed to do so. “You can of course implement this organically for those ten percent as well. It is true that there is the possibility of giving a power of attorney to third parties for inspection and processing and thus “to mitigate the limited sovereignty of the data, but this cannot fully restore the limited sovereignty”.

According to Kelber, the proxy solution does not address concerns about the processing of health data on private devices. It is conceivable that the health insurance funds of their agencies, for example, have a computer tablet in a secure network on which the insured can connect and manage his personal patient file.

The dispute over release in the EPI is likely to lead to a legal dispute. Experts assume that virtually all health insurance companies will sue the federal commissioner’s instructions. Barmer CEO Christoph Straub spoke out in favor of legal action against an instruction. An action can be brought against Kelber’s instruction before the Cologne Social Court.

Kelber said he “would have no understanding if health insurance, with a lot of money from policyholders, defended itself in court against giving all policyholders the same rights. By law, the objective of the electronic patient record has always been to be managed by the insured and not a centralized collection of all patient information. “

Related Articles

Back to top button