A fact check on the electronic patient file (EPR): risks, rights and objections

December 1, 2025November 10, 2025 by Markus Schall

The electronic patient file, or ePA for short, is one of the most ambitious digitization projects in the German healthcare system. It is intended to bundle medical information centrally - from findings and laboratory values to medication plans, vaccinations and hospital reports. The aim is to better connect doctors, therapists, pharmacies and patients, avoid duplicate examinations and improve the quality of treatment.

What sounds modern and efficient on paper raises numerous questions in practice: Who has access? How secure is the data? And above all: do I even want all my health information to be stored and accessible centrally - even if I haven't asked for it?

I personally decided against the automatic creation of an EPO, so I exercised my right to object. I explain why in this article. But before we get to the criticism, it's worth taking a look back: How did the electronic patient record come about in the first place? Who planned it? Who is driving it forward? And how has the legal framework changed in recent years?

Latest news on the electronic patient file

03.11.2025: According to WELT, more and more patients are discovering the benefits of the electronic patient file (ePA) incorrect or fictitious diagnoses in their medical records - sometimes with serious consequences, for example when switching to private health insurance. These questionable entries particularly often concern mental illnesses or non-existent conditions such as fainting spells or gastritis. The background to this is apparently a financial incentive system that rewards excessive diagnoses. Once entered, such diagnoses are difficult to correct or remove. Experts are calling for regular checks of the EPR, as incorrect information can cause serious long-term disadvantages.

Current health topics

CMD occlusal splints

TMD and occlusal splints: A personal experience report with a clear overview

Hemorrhoids and poor posture

Understanding hemorrhoids: Why posture and statics are often the real causes

Understanding CMD is the first step to healing

Understanding TMD: Why knowledge is the first step to healing

History & legal framework

The idea of a central digital record is not new. As early as the end of the 1990s, there were ideas about how health data could be recorded in a more structured way and made available across institutional boundaries. Initial projects such as the electronic health card (eGK) were intended to lay the technical foundations - but the project stalled time and again. Concerns about data protection, a lack of infrastructure and political disagreement prevented rapid implementation.

The topic gained momentum in the 2010s - not least due to increasing cost pressure in the healthcare sector and the growing importance of digital technologies. The electronic patient file was propagated as a building block of a more efficient, networked healthcare system.

The Patient Data Protection Act (PDSG) and the introduction of the ePA

A decisive step was marked by the Patient Data Protection Act (PDSG)which came into force in October 2020. It obliged the statutory health insurance funds to offer all insured persons an electronic patient record from January 1, 2021 - initially on a voluntary basis. Use remained optional, and those who registered could decide for themselves what data was recorded and who was allowed to access it.

Technical support for the implementation was provided by gematik GmbHa company under the supervision of the Federal Ministry of Health, in which health insurance companies, doctors' associations, pharmacies and hospitals are represented. The ePA should not only bundle medical documents, but also be linked to digital identities, e-prescriptions and the electronic medication plan in the long term.

From opt-in to opt-out: introduction of the "ePA for all"

The Digital Act, which was passed in January 2024, brought about a paradigm shift: in future, electronic patient records were to be set up automatically for all people with statutory health insurance - unless they actively objected.

This new version, often referred to as "ePA for all" will be implemented gradually from January 1, 2025.

In concrete terms, this means that anyone who does not lodge an objectionA digital file is automatically created in which doctors' surgeries, hospitals and other parties can feed data. This procedure is known as the "opt-out" model - and is highly problematic from the point of view of many data protection experts. This is because not every insured person will be sufficiently informed or have the technical means to object in good time.

The deadline for lodging an objection is not regulated nationwide, but depends on the respective health insurance company. Many offer the objection via the customer portal or in writing - sometimes only after login or authentication. I have chosen this method myself in order to retain control over my health data.

Opt-out - a questionable standard

The transition to the automatic creation of electronic patient records reminds me of another experience in its basic structure: the Unsolicited migration of my e-mail accounts to the Microsoft cloud through HostEurope. A central conversion was also carried out there in the background - without my actively agreeing to it. It simply said: "If you don't object, we'll carry out the changeover." For me, this was a clear encroachment on my digital sovereignty.

The situation is similar with the ePA "for all": it is not those who participate who have to become active - but those who do not want to participate who are forced to act. This principle may be convenient for many, but it is problematic from the perspective of a critical citizen. This is because it shifts responsibility from the provider to the user - and presupposes tacit consent where a conscious decision would actually be necessary.

Introduction & milestones of the ePA

The first version of the ePA was made available from January 1, 2021 - but only at the express request of the insured person. Those who actively opted for it could have an ePA created via their health insurance provider and store initial documents such as doctor's letters or X-rays in it. Access by doctors was also only possible with consent at that time - in each case at document level. However, the first weaknesses were already apparent in this early phase:

Many practices were not yet technically connected,
the user interfaces were inconsistent
and even dedicated users complained about incomprehensible processes.

In addition, the first versions of the ePA could not be used without a compatible smartphone or a new ID card with an online function. This was a major hurdle, especially for older people or less tech-savvy patients. The promised benefits - such as the seamless availability of findings when changing doctors - could hardly be realized in reality.

Rollout of version 3.0 - "ePA for all"

As part of the digitalization of healthcare in 2023, the development of the so-called ePA 3.0 for everyone is being driven forward. This version is to be used across the board from January 1, 2025 - and will be set up automatically for all insured persons unless an objection is raised. The key features of this new generation:

Fully automatic data transferMedical practices and hospitals store medical data directly in the ePA - without the patient having to confirm this individually in each case.
InteroperabilityDocuments and data should also be easier to exchange between different institutions in the future.
Central storage solutions: The ePA is stored in certified data centers - on servers operated by gematik or its partners.
Planned use of AIIn the future, data within the ePA could also be used for evaluations, research or automated treatment support - supposedly only anonymized, but this does not end the discussion about real anonymity.

For most users, however, it is impossible to know exactly where their data is located, who has access to it and which processes are running in the background.

Obligations for service providers

The introduction of the ePA 3.0 will not only change the system for patients - but also for doctors, pharmacies and hospitals. In future, they will be obliged to actively feed relevant medical data into the ePA. This includes, for example

Diagnoses
Medication plans
Findings and doctor's letters
Vaccinations
Information on hospital stays

This obligation is regulated by law and will also apply from January 1, 2025. Service providers who refuse to comply must expect reductions in remuneration or other consequences. gematik provides technical standards and interfaces for this - but not all facilities are prepared for this.

This is also causing uncertainty on the part of practices: not only because the effort involved is increasing, but also because many doctors are barely able to inform their patients about the system as they first have to get to know it themselves. In reality, this creates a coercive system on both sides - with unclear control and limited transparency.

Rights of insured persons: inspection, control and deletion

According to the law, the electronic patient file should belong to the insured - not to the health insurance companies, not to the doctors and not to gematik. In fact, every insured person has the right,

view all data stored in the EPR,
control access by third parties,
delete individual entries
and even deactivate or permanently close the entire file.

However, practice shows a different picture: Anyone who logs in often does not see the expected overview, but encounters technical hurdles, different app interfaces depending on the health insurance provider and often poor usability. The promised document control at individual level - i.e. the ability to specify exactly which doctor can see what - is also complex and not intuitive for many.

Another point: even if certain data is deleted, it is unclear whether and to what extent it has already been downloaded by doctors, clinics or other bodies. Although the law stipulates that the data may only be used for the purpose of treatment, there is no real traceability. Rights exist in theory, but are sometimes difficult to enforce in practice.

Survey on the announced digital ID

Objection or opt-out: Who, how and for how long?

Since the introduction of the so-called "opt-out procedure" for ePA 3.0:

Everyone with statutory health insurance automatically receives a digital file - unless they actively object.

The objection should be made before the start of automated filling, i.e. before January 1, 2025. Important here:

Anyone who objects at a later date can stop using the ePA, but data that has already been stored may be retained unless it is actively deleted. A "retroactive revocation" is provided for by law, but the implementation in the health insurance companies' systems is often imprecise or non-transparent.

The objection itself is not regulated centrally. Each health insurance company offers its own procedures:

Usually online via the respective Customer portal - but often only with login and two-factor authentication,
or in writing by Post or form.

In my case, I had to explicitly log into the customer portal, search for the function and then confirm it with a TAN or password. This requires not only technical understanding, but also time and attention - things that older or less digitally savvy people in particular are often no longer able to muster.

Transparent information in advance? Not at all. Many insured persons only find out by chance, through media reports or conversations with acquaintances that they have to object if they do not want a file. There is no obligation on the part of the health insurance companies to provide sufficient information.

In practice: registration, use, problems

If you want to actively use the ePA, you usually have to download an app from your health insurance provider - e.g. "Meine DAK", "TK-App" or "ePA-App der AOK". These apps contain the access areas for the electronic patient file and offer the following basic functions:

Display saved documents (PDFs, entries, medication plans, etc.)
Sharing documents with treating physicians
Management of access rights

Registration takes place via the personal online account - usually with:

Insurance number,
Password,
and in some cases the new ID card with activated online ID function (eID).

Two-factor authentication is also often required, for example via SMS-TAN or app confirmation. Many users find this process technically overloaded, especially as there is often no central platform but many different apps of varying quality.

Integration is also not uniformly regulated on the part of service providers - i.e. doctors, clinics and pharmacies. Although there is an obligation to enter relevant medical data in the ePA from 2025, the technical equipment in many practices is still patchy. There is a lack of training, interfaces, data protection concepts - and often also a lack of time. In short: the idea is great, the ambition is high - but everyday life shows:

Many patients do not understand how to use the ePA.
Many doctors don't have time to fill them in correctly.
And many health insurance companies operate in a technically and communicatively uncoordinated manner.

<span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span>
The most important information on electronic patient files: Interview with ePA hackers | heise & c't

Potential: what the ePA could achieve

It would not be honest to only point out the weaknesses of the electronic patient record without also naming the opportunities that could be associated with a well thought-out implementation of the electronic patient record:

Better information in emergenciesIf an emergency doctor has access to current diagnoses, medication or previous illnesses, this can save lives.
Reduction of duplicate examinationsIf X-ray images or laboratory values are available centrally, they do not have to be collected multiple times - this saves time, money and resources.
Improved chronology for chronically ill patientsePA could help to recognize correlations more quickly, especially in the case of complex disease progressions.
Future technologiesA standardized data structure is the prerequisite for the meaningful use of AI-supported analyses or personalized therapies in the future.

Properly conceived and consistently implemented, the ePA could be a long-term medical memory - not only for doctors, but also for patients who want to better understand and control their own history.

Risks: Data protection, misuse, transparency deficits

But the reality is more complicated. This is because the digitalization of medical data also creates new risks:

Centralization of sensitive information always creates potential attack surfaces. The more data there is in one place, the greater the appeal - not only for hackers, but also for players with commercial interests.
Supposed anonymization of health data, for example for research purposes, cannot be traced with certainty in many cases. The Reconstructability of personal profiles based on combinations (age, place of residence, rare diseases, etc.) remains a real problem.
Non-transparent opt-out procedure shift responsibility from the system to the citizen. Anyone who does not actively object is considered to be in agreement - even if they may never have been properly informed.
Technical dependenciesThe ePA is in the cloud, operated by gematik's partners - often privately organized. What happens if a provider fails or is taken over? Who is liable in the event of a data leak?

It is also likely that third-party providers or corporations will develop desires in the future, for example in pharmaceutical research or the insurance industry. Even if current access is restricted by law, history shows that data protection requirements can shift over time - often quietly.

Who can benefit from the electronic patient record?

For people with complex or chronic illnesses, the electronic patient record (EPR) can actually offer real added value. Consider, for example, patients who are regularly treated by several specialists, in clinics or rehabilitation facilities: If findings, medication plans, hospital reports and doctor's letters are stored centrally and can be accessed by treating doctors or therapists in a controlled manner, this noticeably improves the continuity of treatment. Studies show that the scenarios in which documents are collected, data is exchanged between facilities and emergency situations occur with quick access to information are precisely the scenarios in which an ePA offers the greatest benefit.

Especially when repetitions are to be avoided, when unexpected events occur or when certain medications need to be carefully coordinated, the ePA - if used correctly - can be a real relief. The central file also provides a reliable overview for people who travel a lot or frequently move between doctors' surgeries.

People who benefit from the ePA

Person / Situation	Description	Possible advantage of the ePA
Chronically ill patients with several specialists	A patient with diabetes, high blood pressure and heart problems is cared for by a GP, cardiologist and diabetologist.	Centralized documentation avoids duplicate examinations, facilitates medication reconciliation and emergency information.
Cancer patient undergoing treatment	A patient receives chemotherapy and aftercare in different clinics.	All findings and laboratory values are quickly available, which improves coordination and progress monitoring.
Travelers or mobile professionals	A person who often travels for work and has to see doctors in different cities.	Doctors can access previous findings directly - even outside their home town.

Why the ePA is of limited benefit to others

For insured persons, on the other hand, who are currently in stable health, require little care from several specialists and whose treatment remains largely manageable, the introduction of the ePA does not necessarily offer clear advantages - and could even have disadvantages. If hardly any data or document exchange is necessary, there are hardly any multiple stakeholders involved and the patient's own medical history is clearly laid out, then central files are more like an infrastructure that involves more effort than benefit: Registration, assignment of rights, login processes, data maintenance.

There is also an increased risk that sensitive data will be stored centrally without actually being used in everyday life - the risk of access gaps, misunderstandings or unintentional data disclosure increases in relation to the actual benefit. Data protection experts point out that a central file system should be viewed more critically, especially if there is little practical benefit.

Examples of people with little benefit from the ePA

Person / Situation	Description	Low benefit or risk
Healthy average insured person	A 35-year-old person without a chronic illness who rarely goes to the doctor.	Hardly any medical data, no added value through central storage - but increased data protection risk.
Senior without digital experience	An older insured person who does not use a smartphone and cannot register online.	Technical hurdles, lack of control over data, dependence on third parties.
Data-sensitive or self-managed patients	People who prefer to store their documents themselves and want to keep an overview.	Loss of data sovereignty, mistrust of cloud structures and unclear access.

Outlook: Where is the system heading?

The coming years will be decisive in determining whether the ePA becomes a helpful tool or a bureaucratic security risk. The political signals are clear: they want digitization - and they want it fast. But speed is no substitute for diligence. Questions remain unanswered:

Will there be a central overview of who has accessed which data and when?
Will the opt-out become the norm - for other projects too?
Will health data eventually be linked to other government data sources (tax, labor, social services)?
How long will the contradiction remain possible at all? Will it be quietly abolished?

What is still voluntary today may become a prerequisite for bonus programs, insurance policies or the reimbursement of therapy costs tomorrow. Medical care could thus be tacitly linked to conditions of participation that many still consider unthinkable today.

Conclusion & recommendation

Anyone who deals with electronic patient records quickly realizes that it's not just about technology - it's about trust. It's about transparency, about self-determination, about the balance between public interest and personal sovereignty. As with the Introduction of the digital euro you should not simply accept everything lightly or go along with it.

I have decided not to blindly trust this system - not out of a technophobic attitude, but out of respect for my own history, my privacy and the knowledge that control over data is a valuable asset.

If you are also thinking about objecting to the system, your health insurance company will provide you with appropriate options - but you often have to actively seek them out.

More articles on EU laws

EU censorship laws

The new EU censorship laws: What Chatcontrol, DSA, EMFA and the AI Act mean

Overview of the obligation to issue electronic invoices

Electronic invoices for SMEs: XRechnung, ZUGFeRD and ERP at a glance

Digital ID of the EU

The EU's digital ID: linking, control and risks in everyday life

The digital euro is coming

The digital euro is coming - what it means, what it must not do and what it could do

What the Swiss cloud resolution means for Europe

CLOUD Act, data sovereignty and Switzerland: a turning point for European IT strategies?

28th EU regime

The EU's 28th regime: The silent restructuring of the European Economic Area?

Frequently asked questions about electronic patient records

What is the electronic patient record anyway?
The electronic patient file (ePA) is a digital collection of medical documents that is stored centrally. The aim is to bundle information such as findings, diagnoses, vaccinations or doctor's letters in one place so that treating doctors can access them at any time - and so that patients have a better overview of their own medical history.
Is the ePA mandatory for all insured persons?
Since the introduction of the "ePA for all", which will apply from January 1, 2025, everyone with statutory health insurance will automatically receive an ePA - unless they actively object. This is therefore an opt-out model. Anyone who does not actively object will have a file set up.
How can I object to the EPO?
The objection must be lodged with your own health insurance company - usually via the online portal or in writing. Some insurers require two-factor authentication or the use of a special form. It is important to note that the objection must be made in good time before January 1, 2025 to prevent automated data filling.
What happens if I object later?
An objection after January 1, 2025 is still possible, but medical data may already have been stored by then. This data must be deleted manually, which is not always transparent or easy. A retroactive objection is provided for - but not implemented reliably everywhere from a technical perspective.
What data is stored in the ePA?
These include: Diagnoses, doctor's letters, laboratory values, findings, medication plans, vaccinations, X-rays and hospital reports. From 2025, doctors and other service providers will be obliged to automatically store this information in the ePA - unless the patient has objected.
Can I decide for myself which doctors can see what?
Yes, in theory it is possible to assign rights at a fine granular level - in other words, you can grant or withdraw access to certain documents for individual doctors. In practice, however, this control is often complicated, technically demanding and inconsistent.
Is the use of the ePA mandatory for me as a patient?
No - anyone who objects will not receive a file. Anyone who wants to actively use the ePA must activate it via the app or the health insurance company's online portal. Use is voluntary, but the opt-out model increases the pressure on patients to make an active decision - and many are unaware of this.
What are the advantages of the ePA in theory?
Centralized storage can improve medical treatment by giving doctors quick access to previous diagnoses or lab results. This saves time, prevents duplicate examinations and could be life-saving, especially in emergencies.
What are the risks of the ePA?
The central storage of highly sensitive health data opens up risks, such as hacker attacks, data breaches, subsequent changes to the law or unclear third-party use. Even if the data is officially protected, there is still a risk that it will be used for other purposes as a result of political, economic or technical changes.
Who operates the ePA technically?
The technical implementation is carried out by gematik GmbH, which works on behalf of the federal government, but also includes participation from health insurance funds, medical associations and IT companies. Storage takes place in data centers of certified providers - mostly private service providers who have contracts with gematik.
What is the difference between opt-in and opt-out?
With opt-in, you must actively agree to participate. With opt-out, you are automatically included unless you object. The ePA was originally an opt-in model - it was switched to opt-out with the Digital Act 2024. This reversal is a fundamental system change.
Why is opting out problematic?
Because many people don't even know that they have to object - and thus become part of a system that they may not even want without being asked. Anyone who does not regularly read mail from the health insurance company, rarely logs in or has technical hurdles loses their choice - without realizing it.
Can I set up an EPO again later if I object today?
Yes, this is possible at any time. If you change your mind later, you can have an ePA created via your health insurance company. So there is no permanent withdrawal, but an option to join at a later date - if desired.
What happens if my data is hacked?
In the event of a data leak, the damage is considerable: health data is considered particularly sensitive. It can be misused for blackmail, discrimination or targeted advertising, for example. Who is liable for protection and how compensation for damages is regulated has not yet been clearly clarified in legal terms.
What do data protection experts say about the ePA?
Many data protection officers sharply criticize the opt-out procedure and call for more transparency, greater information for policyholders and technical improvements. Some even speak of a "digital dam breach", as a precedent is being set here: Health data centralized, mandatory and without active consent.

1 thought on “Die elektronische Patientenakte (ePA) im Faktencheck: Risiken, Rechte und Widerspruch”

Marcus

13. November 2025 at 14:01

An excellent article! You have done an excellent job of presenting the complex issues of data protection and data sovereignty surrounding the central electronic patient record system (ePA) in Germany. The opt-out model you describe is indeed problematic, as it shifts responsibility onto citizens.

This makes me think about the security of such centralized systems from a different perspective. Given that healthcare data is an extremely valuable target, what concrete technical and administrative safeguards are in place to prevent large-scale data leaks or manipulation of records within the ePA? I recently read an article that discussed the most commonly counterfeited medicines abroad (apologies for the link, but it illustrates the point about valuable targets in a different sector). It got me thinking: if criminals are targeting drugs, wouldn't a centralized treasure trove of German healthcare data be an even more attractive target? Are the risks of a single point of failure sufficiently taken into account by the gematik infrastructure?
Reply

Leave a Comment Cancel reply

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Others

↑