The Electronic Patient File (ePA)

The electronic patient file (ePA) is a digital file created by health insurance companies for their clients. Insured persons' medical data is stored in the ePA and exchanged between different healthcare facilities - such as doctors' surgeries, hospitals and pharmacies - as required. Statutory health insurance funds are obliged to make the ePA available– and have already created an electronic patient file for their clients, provided they have not objected. However, as someone with statutory health insurance, you are not obliged to use the ePA. You can find more information on how to opt-out in the section 'Is the EPR voluntary? (opting-out)'. Private health insurance companies can introduce the EPR voluntarily and, unlike statutory health insurance companies, are not obliged to do so.

The electronic patient file is intended to allow gathering all important health information in one place, enabling doctors to gain an overview of, for instance, medication their patients are taking and findings other doctors have made. Patients should also be able to view and enter their health data. 

Good to know: Your health insurance company will provide you with an app for the ePA. Please check with your health insurance company for more information on the app and registration.

The nationwide launch of the ePA has not yet been announced (as of March 2025). Originally, the nationwide launch of the ePA was planned for February, but it will be delayed until well beyond April. The ePA is currently being tested in some regions, such as Hamburg and Franconia and in the "KV" areas of North Rhine and Westphalia. "KV" areas are the regions that belong to an association of statutory health insurance physicians ("Kassenärztliche Vereinigungen"), which organises the medical care provided by registered doctors and psychotherapists in Germany.

The test phase is carried out to ensure the ePA works well. In addition, the Federal Ministry of Health (BMG) must implement and finalise technical solutions in coordination with the Federal Office for Information Security to increase the ePA's security. Only when these two conditions have been met will the Federal Ministry of Health decide on the nationwide launch of the electronic patient file. So, the ePA already exists, but it will only be introduced throughout Germany after a successful test phase has been carried out and security gaps have been rectified.

Not only do your (selected) doctors have access to your electronic patient file (ePA), but you can also see what information, records and documents are stored there. You also have the option of uploading your previous results into the ePA yourself. To do so, you need to have the app provided by your health insurance company. You can also set up access rights in the app– in other words, you decide who can view and edit your data.

Important: The standard access period for doctors to the electronic patient file (ePA) is 90 days from the insertion of the insurance card so that they can also have access during longer treatments. Pharmacies, on the other hand, have a standard access period of 3 days. Insured persons can use the ePA app to customise, shorten or extend this period.

Good to know: Your health insurance company cannot view your health data.

With the ePA, you have the following:

• Your medical data, such as medication list, findings, diagnoses, vaccinations or X-rays, are in one place.
• Control over which data is stored in the ePA.
• The right to decide which doctors, pharmacies or hospitals can access your data.
• The option to change or withdraw access rights at any time.

• All data in one place: patients can store their medical data centrally and access it anytime. Exchanges with and between doctors could also be faster and less complicated.
• Better networking of healthcare facilities: With the ePA, all doctors, hospitals and pharmacies can access the relevant medical data. This means treatment can be better coordinated, and potential errors, such as undesired drug interactions, can be avoided.
• More efficient treatment: Doctors and healthcare providers no longer have to refer to paper files or collect patient information, which saves time and increases the quality of treatment. Duplicate examinations can also be avoided.
• More transparency: Patients can view and manage their health data digitally, which allows more transparency about medical care. You decide for yourself what information is stored and who is authorised to access it, giving you more control over your treatment. 

In addition to its advantages, the electronic patient record (ePA) faces certain criticisms.

• Data protection: Experts are concerned about the security of sensitive user data. They have pointed out security gaps in the ePA system in its past 10 years of development. Most recently, (ethical) hackers of the Chaos Computer Club announced at the end of December 2024 that they had discovered security gaps when accessing the ePA. They criticise the Ministry of Health for continuing to introduce the ePA despite ongoing security concerns around it.  Currently, the Ministry of Health is developing security measures to be implemented before the nationwide rollout.
• Implementation: All doctors' surgeries in Germany must introduce the ePA– but that has not yet happened. 
• Usage issues: Another point of criticism is the high hurdles of using the ePA for people who are not very technology-savvy. This is because you need to use a health insurance company app to access your own ePA and, among other things, set the access rights. Plus, the apps are not available in different languages.

Using ePA is voluntary. If you do not wish to have an ePA, you could object (opt out) before 15 January 2025. Anyone who has not yet opted out will automatically get an ePA. However, you can opt-out anytime after the file has been created. To do so, you must apply to your health insurance to have the ePA and all data within it deleted. You can also object to specific functions of the ePA without rejecting it in its entirety. For example, you can decide whether your data may be used for research purposes. You can object to such usage of your data at any time directly by reaching out to your health insurance company or the 'ombudsman's office' of your health insurance company. The ombudsman's office offers you advice and assistance on using the ePA. You also have the option of objecting digitally within the ePA app. On the Federal Ministry of Health website, you can see how you can submit an objection against which functions and where. If you decide to have an ePA later, you can instruct your health insurance company to create a new file. However, documents and settings from the old ePA will no longer be included in the new one. 

Further information can be obtained from your health insurance company or the Federal Ministry of Health website. You can also find templates and opt-out texts on wiederspruch-epa.de. Simply add your details and send them to your health insurance company.

Good to know: The ePA only stores data from the time the ePA is set up, not retrospectively.

Only those you authorise can access your electronic patient file (ePA). These are usually doctors, dentists, psychotherapists, pharmacies or hospitals. You can decide who can see your data and what information is stored. 

Access to ePA works via your electronic health card (eGK) and a personal PIN. You can change or withdraw access rights at any time. Your data will not be passed on to other bodies, such as health insurance companies or research organisations, without your consent.

The standard access period for doctors to the electronic patient file (ePA) is 90 days from inserting the insurance card in the electronic card reader at your doctor's office so that your doctor can maintain access to the data during longer treatments. Pharmacies, on the other hand, have a standard access period of 3 days. Insured persons can use the ePA app to customise, shorten or extend this period.

If you want to know more, you can ask your health insurance company or read the information on the Federal Ministry of Health website.

Good to know: Your health insurance company cannot access the data and documents in your ePA.

Panel doctors and psychotherapists may only upload data such as findings, diagnoses, doctor's letters or X-rays to the electronic patient file (ePA) if you, as the patient, have given your prior consent. You decide for yourself what information should be stored. Your doctor's practice must inform you of this verbally or via a practice notice. To use the ePA, the practice must be connected to the telematics infrastructure. However, not all practices are technically equipped or trained accordingly.

If you do not want certain sensitive data such as mental illnesses, sexually transmitted infections or abortions to be stored in your ePA, you can object to them being stored. Your doctor's surgery must document your objection. However, what exactly 'document' means is not clearly regulated as of yet. It remains unclear whether the practice only makes a note of the objection or sticks to it in the long term. It may, therefore, make sense to reconfirm your objection at each new appointment.

Furthermore, your express written or electronic consent is required before genetic tests can be stored in the ePA.

Please contact your doctor or health insurance provider if you require further information.

Yes, children and teens also get an ePA if they are covered by statutory health insurance. Up to age 15, the ePA is administered by the parents or legal guardians. They decide for the child whether an ePA should be used, what data is stored there and who can view it. 

From the age of 16, teens can use the ePA themselves or object to the use of the ePA if so they wish.

You can contact your health insurance company if you have any questions or are unsure. Your health insurance company's ombudsman's office can offer you advice and help concerning the ePA. They will provide you with all the important information you need, including how to opt-out. The National Association of Statutory Health Insurance Physicians also provides detailed information on the ePA. 

The consumer advice centre (which is responsible for consumer rights) also offers information on the ePA.

For further details, visit the Federal Ministry of Health's website: Federal Ministry of Health—Electronic Patient File.

You can also ask us your questions by scrolling down and entering our multilingual forum.