Everything went according to plan: On January 15th, the "electronic health record for all" (elektronische Patientenakte; "ePA für alle ") officially launched in selected model regions throughout Germany. During this initial pilot phase, the systems are meticulously assessed in terms of their performance and reliability. Most Germans think the ePA is a valuable implementation to improve the overall health care infrastructure. It also significantly contributes to the digitization of the industry. However, doctors and medical personnel are not as ready as they are supposed to be. A wide gap between many technical requirements and the current state of the adoption is still dividing the industry. At the same time, a more straightforward solution is right in front of them.
One Source of Truth
The more accessible health data is, the smoother the communication between patients, doctors, hospitals, therapists, pharmacies, and insurance companies becomes, and the more effective the health care and treatment will be. Thus, the core idea of the ePA is simple: Every time a patient undergoes medical care, relevant documents like medication lists, diagnostics, lab results, doctor's letters, treatment measures, and emergency data are automatically transferred to the patient's electronic record. Vaccination and maternity information, dental records, children's examination booklets (U-Heft), sleep, migraine, and blood pressure diaries can also be stored.
Thanks to this detailed digital overview, unnecessary duplicate examinations and potential drug interactions can be avoided. Patients retain absolute data sovereignty, as they can upload and manage their documents via the ePA app and determine who can access the information and for how long, enter objections, and appoint a representative. Using the ePA is voluntary; everybody can opt out whenever they want.
Trust and Optimism Prevail
The national rollout is scheduled for April, thus only a few months after the initial testing phase. This certainly is very ambitious—especially if you consider the Chaos Computer Club (CCC), which expressed significant concerns regarding data security. The CCC's security researchers claimed they could "effortlessly acquire valid electronic healthcare profession and practice IDs […] and access health data with these cards yet again."
Nevertheless, both the gematik GmbH, which has responded to the accusations in a statement and assured it will increase security, and the public are optimistic. According to a survey conducted by dpa and YouGov shortly before the launch, 79 percent of the participants consider such a digital record helpful; 70 percent assume that it will improve health care. Bitkom also came to a positive conclusion: 71 percent want to use the ePA in the future.
Too Soon?
The ePA has a lot of promises to keep. However, three significant challenges might block its path to glory – at least for now:
- Too few people feel properly informed: As part of a survey conducted one month after the ePA launch, Pharma Deutschland estimates that about 15 million Germans still do not know what the ePA is and what it entails.
- The ePA is a pain to request: German residents must apply for their ePA with their insurer and download the respective application if they want to view and manage their data. To get the necessary PIN, users must identify themselves in person at one of their insurer's offices or by Post-Ident, which is inconvenient and not very user-friendly. All this might be a significant barrier deterring people from actively acquiring the ePA.
- Doctors still lack the technical groundworks: About half of the 300 medical institutions that signed up for the pilot phase do not have the required software. Many practice and pharmacy management systems are not web-based but run locally, limiting interoperability. That's why some experts expect the rollout to be delayed. Additionally, according to the latest PraxisBarometer, the electronic signature process still takes too much time in many practices and hospitals. This critical technological gap became apparent in November last year when 41 percent of the surveyed hospitals admitted they had not yet implemented the necessary technical infrastructure at all or only partially (German Hospital Federation).
The ePA Ought to Straighten Out Health Care, Not Overcomplicate It
The lack of a technological basis could grow into a massive problem since the ePA requires a particular environment consisting of several components and services. For instance, medical institutions must connect to the telematics infrastructure (TI). They need a connector that sets up a secure VPN to establish this connection. The connector is also linked to the practice management system and one or several e-health card terminals. The terminals serve as a means to sign the practice on the TI.
In addition, two kinds of cards are needed – both the electronic practice ID (elektronischer Praxisausweis – Security Module Card Type B (SMC-B)) and the electronic healthcare profession ID (elektronischer Heilberufsausweis (eHBA)). The SMC-B authenticates the practice via card terminal and connects it to the TI. With the eHBA, doctors verify themselves as approved healthcare professionals and hold the signature certificates. These allow doctors to digitally sign specific documents like electronic prescriptions or electronic certificates of incapacity with a qualified electronic signature (QES) since they are legally obliged to.
Imagine how medical personnel deal with it daily if you think this was a complicated read. Instead, the industry needs a simplified way to sign on the TI, verify medical personnel, and sign electronic documents.
Two Smartcards Are Two Too Many: It's Time for Alternatives
Using terminals and multiple cards is inconvenient and risky, as important ID certificates are stored on the cards. The CCC has already shown what consequences this can have. In contrast to hardware-supported procedures, remote signatures could genuinely speed up medical processes.
Therefore, this method works without cards and aligns more with modern, digital everyday life. For example, medical personnel need a cell phone or an alternative authenticator, which takes over the declaration of intent when creating an e-prescription. In this case, the certificates are no longer stored on the cards themselves but in the highly secure environment of a trust service provider. The signature gets validated via two-factor authentication. Our recommendation: Germany should say goodbye to bulky old mechanics and switch to software-based signature and authentication procedures instead.
While we are at it, citizens should also be able to request and use the ePA more easily. The forced trip to an insurance company's office or post office and printing out forms should be a thing of the past. This means more straightforward identification and authentication are needed, such as a central identification platform and video- and AI-supported auto-ident procedures.
.svg)
.svg)
