Data protection in the ePA: Experts call for improvements
🔒 The electronic patient record (ePA) is currently under heavy criticism. Security gaps that were highlighted at the annual congress of the Chaos Computer Club (CCC) raise serious questions about whether health data is adequately protected. Both the German Medical Association (BÄK) and the Professional Association of Paediatricians (BVKJ) see an urgent need for action.
⚠️ BÄK President Klaus Reinhardt warns: „As of now, I cannot recommend that patients use the ePA.“ According to him, the risks posed by potential security gaps are too great. What is particularly worrying is that, according to the CCC, it is theoretically possible to gain unauthorized access to other people’s health data due to weaknesses in the issuing of health professional and practice ID cards.
👶 Children and young people are particularly at risk: BVKJ President Michael Hubmann criticizes: „It is frustrating how security gaps are played down. The ePA must ensure that health data is reliably protected.“ The BVKJ believes that the rights of children and young people in particular are not sufficiently protected. For example, there is no solution as to how previously authorized persons can lose access to sensitive data.
👉 The demand is clear: the introduction of the ePA must not come at the expense of data security. „We need a system that is functional and secure. Otherwise, it is better to pull the ripcord and start from scratch,“ emphasizes Hubmann.
🎉 Criticism is (partially) having an effect: Federal Interior Minister Lauterbach announced that the ePA launch will have to wait until all defects have been resolved. But this does not seem to apply to the start of the test phase planned for January 15, 2025, which is to last four weeks. Critics have also long feared that not all technical defects can be resolved within this test phase.
💡 Digitization in healthcare is essential, but data protection must be the top priority.