Privacy policy

Content

A. General

Preliminary note
A.1 Name and address of the responsible person
A.2 Contact details of the data protection officer of the controller
A.3 Responsible data protection supervisory authority
A.4 Competent legal supervision
A.5 General information on data processing
A.6 Involvement of third parties
A.7 Data processing outside the European Union
A.8 Data subject rights
A.9 Deletion of data
A.10 Automated decision making
A.11 Right to complain to a supervisory authority
A.12 Right to revoke the declaration of consent under data protection law

B. Provision of the ePA by the health insurance company

B.1 Description and scope of data processing
B.2 Legal basis for data processing
B.3 Purpose of the data processing
B.4 Duration of storage
B.5 Revocation options for the use of the ePA

C. IAM registration process for the ePA

C.1 Description and scope of data processing
C.2 Acquisition of data for an error report
- C.2.1 Automatically transmitted data
- C.2.2 Manually transmitted data
C.3 Legal basis for data processing
C.4 Purpose of the data processing
C.5 Duration of storage
C.6 Revocation options for registration in the ePA

D. Use of the electronic patient record (ePA) / data storage via the app.

D.1 Description and scope of data processing for the insured person
- D.1.1 Start with login mask
- D.1.2 Use of the ePA
- D.1.3: Profile
D.2 Description and scope of data processing for represented persons
D.3 Legal basis for data processing
- D.3.1 Purpose of the data processing
- D.3.2 Duration of storage
D.3 Possibility of objection

E. Contact variants

E.1 Description and scope of data processing
E.2 Chatbot
E.3 Transaction processing system (ITSM)
E.4 Legal basis for data processing
E.5 Purpose of the data processing
E.6 Duration of storage
E.7 Storage locations of all ePA specific data

F. Information on the electronic patient file (ePA) according to § 343 SGB V

1. introduction
2. what is the electronic patient record?
3. how secure is the electronic patient record?
4 What do I basically need to know about the electronic patient file?
- 4.1 Is the ePA mandatory?
- 4.2 Who offers and operates the ePA?
- 4.3 Can I delete documents in the ePA or the whole file?
- 4.4 How do I keep track of who has changed something in my file?
  - 4.4.1 The management protocol
  - 4.4.2 The access log
- 4.5 What rights do I have vis-à-vis my health insurance company with regard to the data processing operations of the ePA?
- 4.6 What data does the health insurance company exchange with the ePA operator?
- 4.7 What do I have to consider when using the ePA application?
- 4.8 What measures must I take if I lose or suspect misuse of the eGK or the access data for the ePA application?
- 4.9 I want to change my health insurance company. Can I simply take my data stored in the ePA with me?
- 4.10 What do I have to do if I no longer want the ePA?
- 4.11 Will I be at a disadvantage in my health care if I do not use the ePA?

5. What can I store in my electronic medical record?

5.1 How do I register with the ePA?
5.2 What do I need to access my data?
5.3 To which categories can I save documents in the ePA?
5.4 Can I set confidentiality levels for documents?
5.5 How can I store data from a digital health application in the ePA?

6. who has access to the electronic patient record and how?

6.1 What are the legal requirements for service providers?
6.2 Which service provider may access which data in the ePA?
6.3 How does the granting of authorizations work in concrete terms?
6.4 How do I specifically authorize a health care provider facility involved in my treatment?
- 6.4.1 How do I grant permissions in the ePA application?
- 6.4.2 How do I grant authorizations without the ePA application if, for example, I am on site at the service provider or do not use the ePA application?

7. Who must post data in my electronic medical record if I request it?

8. I need assistance in using the electronic patient record. What can I do?

9. I want to keep an electronic patient record but do not want to use an ePA application. What does this mean for me?

10. what other options does the ePA and my health insurance company's ePA applications offer me?

10.1 Direct access to the national health portal from the ePA application
10.2 Release of data for research (expected from 01 July 2024).
10.3 Use of an instant messaging service via the ePA application (expected to be available from 01 August 2024).
10.4 Further functions of the ePA (expected from 01 October 2024)
10.5 Data on nursing care (expected to be available from 01 January 2024).
10.6 Submitting and accessing your organ and tissue donation declaration (expected during 2023 or 2024).

A. General

The information on the electronic patient record (ePA) in accordance with Section 343 of the German Social Code, Book V is described in detail in Section F of this document.

Preliminary note

For the sake of better readability and a simplified processing procedure, the gender-appropriate address was achieved by the uniform use of the formulations:

{ "insured".
"Representative"

replaced. The use of these terms always refers to all genders without restriction.

A.1 Name and address of the responsible person

The responsible person within the meaning of §§ 341 Para. 4 Sentence 1, 307 Para. 4 SGB V in conjunction with Art. 4 No. 7 of the General Data Protection Regulation is the:

BKK EWE
Staulinie 16-17
26122 Oldenburg

A.2 Contact details of the data protection officer of the controller

Data Protection Officer of BKK EWE

Arfan Ahmed
Staulinie 16-17
26122 Oldenburg
datenschutz@bkk-ewe.de

A.3 Responsible data protection supervisory authority

State Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5 30159 Hanover

A.4 Competent legal supervision

Ministry of Social Affairs, Labor, Health and Equality
Hannah-Arendt-Platz 2 30159 Hannover

A.5 General information on data processing

We process personal data of our insured persons insofar as this is necessary for the provision or use of a functioning ePA. Insofar as the processing of personal data of our insured persons is based on consent, this is done on the basis of a legal obligation to this effect under SGB V. Provision of the ePA to our insured persons without their consent is not permitted by law.

Use of the ePA is voluntary for our insured persons. They will not suffer any disadvantage if they decide not to use the ePA.

A.6 Involvement of third parties

As a matter of principle, we do not pass on data relating to our insured persons to third parties. We use various technical service providers to make the ePA available to our insured persons. These are exclusively companies of the BITMARCK group of companies. In this context, it may happen that such a technical service provider obtains knowledge of personal data. We select these service providers carefully and take all measures required under data protection law for permissible data processing. The commissioned service providers are also obligated to comply with all data protection measures and are bound by an agreement on commissioned processing (AV).

A.7 Data processing outside the European Union

The data of our insured persons is not processed outside the European Union.

A.8 Data subject rights

Our insured persons have the right to information about the personal data concerning them. In this regard, our insured persons can contact us at any time.

Our insured persons have the right to rectification or deletion, or to restriction of processing, insofar as they are entitled to this right by law.

Our insured persons have the right to object to the processing of personal data within the framework of the legal requirements.

Our insured persons have a right to data portability within the framework of the legal requirements.

A.9 Deletion of data

We generally delete the ePA of our insured person if there is no need for further storage. A requirement may exist in particular if the data is still needed in order to continue to provide the ePA for our insured persons. In the case of statutory retention obligations, deletion is only considered after the expiry of the respective retention obligation.

A.10 Automated decision making

We do not use any processing operations based on automated decision making including profiling according to Art. 22 DSGVO.

A.11 Right to complain to a supervisory authority

Our insured persons have the right to lodge a complaint about the processing of personal data with one of the supervisory authorities mentioned in sections A.3 and A.4.

A.12 Right to revoke the declaration of consent under data protection law

Our insured persons have the right to revoke their declarations of consent under data protection law at any time. The revocation can be declared as follows: To the health insurer at any time in writing or electronically via the ePA app without giving reasons.

The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

B. Provision of the ePA by the health insurance company

B.1 Description and scope of data processing

After our insured has given his or her express written or electronic (via the ePA app) consent, we create an individual electronic patient record (ePA) used exclusively by our insured, which our insured can manage and use independently and sovereignly. An insured person can add one or more representative persons to his ePA, see chapter D2.

When providing the ePA, the following personal data of our insured will be processed:

Type and number of an official identification document:
- Residence permit
- or identity card
- or passport
Number of active electronic health cards (eGK). The number of active electronic health cards assigned to the identified insured person in the electronic health card system. A card is considered active in the eGK system if it is neither blocked nor logically deleted. As a rule, only one eGK is active at a time.
Name, first name
Date of birth of the insured
Place of birth of the insured person
Type of insured person (e.g. member, family insured, pensioner)
Start and end of insurance relationship
IdentDataTime (timestamp for the completed identification of the insured person).
Protection class for identification (with or without eGK)
Identification procedure (e.g. in the branch or Postident)
Registration address: Country code, postal code, city; street, house number;
End of registration / Yes or No
Registration start date
Title
Name affix
Prefix (e.g.: "von", "de", "van")
Gender
depending on the authentication method used:
- a pseudonym when using the online ID function. The first time the provider used retrieves all the ID card data available to us for matching and generates a pseudonym. Each subsequent time, the comparison is carried out using the pseudonym generated by the provider.
- the eGK certificate when using the electronic health card
VIP - license plate
ICCSN (card identification number on the back of the eGK)
isNfcEgK (This value indicates whether the eHC designated in the call is equipped for "Near Field Communication" (NFC)).
istPinBriefVersandt (This value indicates whether a PIN letter was sent for the eGK designated in the call).
pinBriefVersandungsDatum (Time at which the PIN letter dispatch was reported to CAMS (card application management system)).

B.2 Legal basis for data processing

The legal basis for the creation of the ePA is the consent of our insured person pursuant to Art. 6 Para. 1 lit. a DSGVO in conjunction with. §§ 342 para. 1, 344 para. 1 sentence 1 SGB V.

B.3 Purpose of the data processing

The purpose of the data processing is to provide the ePA in accordance with the legal requirements of SGB V. In this context, it is necessary to assign a specific ePA to our insured person.

B.4 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no longer any retention obligations.

B.5 Revocation options for the use of the ePA

Our insured person may revoke his or her consent to the provision of the ePA at any time and request BKK EWE to delete the ePA. The insured person declares the revocation by removing the set confirmation checkmark, in writing or in person at one of our offices.

C. IAM registration process for the ePA

The data processing procedures described in the following sections are mandatory for providing the ePA.

C.1 Description and scope of data processing

In order to legally set up to provide an ePA- to our insured, it is necessary to perform a verification process to verify that the person registering for an ePA is in fact our insured. These process flows are described below:

Step: The insured person installs the ePA app and starts it.
Step: The insured person clicks on the "Go" function button.
Step: If a user account already exists, the insured person clicks on "Register with BKK EWE" or must first create a user account using the "Register" function button.
Step: To start the registration process, the customer clicks on "Get started now"
Step: The insured person enters the following data according to the fields provided
- E-mail address
- Insured person number
- Postcode
- Select an individual password
- Repeat password
- Enter the last 6 digits of the eHC identification number (ICCSN)
Step: The insured person confirms acceptance of the IAM terms of use and acceptance of the IAM consent in the checkbox to complete the registration.
Step: The insured person must confirm the e-mail address and click on the link in the e-mail sent in order to continue.
Step: The insured person sets an app code as an additional security feature
Step: The insured person can activate biometric enrollment.
Step: The identity is checked using one of the procedures provided.
Step: Set up patient file
- Without my health card
- With my health card
Step: Link device and app
- Device binding, i.e. linking the app to the device, is necessary in accordance with the security requirements.
Step: The insured person is then given authorization to use the

and the requirements for setting up the ePA are completed.
During the registration process, the above data is temporarily stored in a technical container.
After verification of the data entered by BKK EWE, the insured person is created as a user of the ePA and activated for use. The insured person will receive confirmation of this from BKK EWE.

C.2 Acquisition of data for an error report

We needed the information listed below when an insured reports an error and the cause needs to be analyzed.

C.2.1 Automatically transmitted data

For the ePA apps for IOS and Android as well as the desktop app, a report is generated in the event of an error and this is automatically sent to Business Service Management (BSM).

This transmitted data is analyzed exclusively for troubleshooting purposes.

Data	Value	Example
DEVICE related data	Family	Nokia
	Model	Nokia 4.2 (QKQ1.191008.001)
	Architecture	arm64-v8a
	Battery Level	100%
	Orientation	Portrait
	Memory	Total: 2.8 GB / Free: 1.4 GB
	Capacity	Total: 20.2 GB / Free: 17.0 GB
	Simulator	False
	Boot Time	2021-08-18T07:29:28.162Z
	Timezone	Europe/Amsterdam
	archs	[arm64-v8a, armeabi-v7a, armeabi]
	battery_temperature	3108
	brand	Nokia
	charging	True
	connection_type	Wifi
	language	en_en
	low_memory	False
	manufacturer	HMD Global
	online	True
	screen_density	1.875
	screen_dpi	300
	screen_height_pixels	1370
	screen_resolution	1370x720
	screen_width_pixels	720
APP related data	Start Time	2021-08-18T07:52:25.904Z
	Bundle ID	com.rise_world.epa.integration.debug
	Bundle name	ePA
	Version	1.2.0
	Build	123070
OPERATING SYSTEM	Name	Android
	Version	10 (00EEA_2_290)
	Kernel version	4.9.186-perf+
	Rooted	No

C.3 Legal basis for data processing

The legal basis for the IAM registration process of the ePA and the data processed in this process is the consent of our insured person pursuant to Art. 6 (1) lit. a DSGVO in conjunction with. §§ 342 para. 1, 344 para. 1 sentence 1 SGB V.

C.4 Purpose of the data processing

The purpose of data processing is the legally secure identification of the insured person and the prevention of data and identity misuse.

C.5 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no longer any retention obligations. This is the case when the ePA has been terminated and finally deleted.

C.6 Revocation options for registration in the ePA

The data processing described in this section is mandatory for the registration of the ePA. Our insured person can nevertheless revoke his or her consent to the registration of the ePA at any time and request that we delete the ePA. To do this, the insured person must revoke his or her consent in the ePA app or send the revocation to us in writing.

D. Use of the electronic patient record (ePA) / data storage via the app.

D.1 Description and scope of data processing for the insured person

D.1.1 Start with login mask

The insured person starts the app after registration and identification. First, the login screen appears, in which the insured person enters their access data (insurance number and password as well as a choice of app code, health card or ID card).

D.1.2 Use of the ePA

When starting the application for the first time, the insured person is given an initial overview of the possible uses of their ePA app.

In the patient file in the "Overview" view, the user can access his profile via the profile picture, and he can also see the following areas:

Documents area
Authorizations area
Activities area
"My facilities and practices" section

The insured may authorize the health insurance company to place the service data in the patient's file.

The data that the insured person enters in his or her digital patient file or that is uploaded there by third parties is stored. This may also be health data in accordance with Article 9 of the GDPR.

D.1.3: Profile

The insured person can access this view via the profile picture, where they can manage their settings and change their access data, for example.
They can also access the following menu items under Information
a. Set up and access representative patient files
b. Via the ePA
c. Interactive app demo
d. Contact
e. Help
f. Safety instructions
g. Notes on data collection
h. Additional functions
i. Send app report and under "Legal information" at
j. Third-party licenses
k. Imprint
l. Privacy policy
In addition, information on the app version currently in use is available.

D.2 Description and scope of data processing for represented persons

Insured persons can authorize one or more representatives for their patient file. The representative uses their health insurance fund's own ePA app to act as a representative. The name, e-mail address and insurance number (KVNr) are entered and saved during setup. If the representative acts as a proxy in the patient file, all technically possible actions can be carried out instead of the insured person.
Representing persons cannot set up any other representing persons for the represented patient file, nor can they delete the patient file for the insured person altogether.

During representation within the ePA, data processing takes place as described in chapter D1.

D.3 Legal basis for data processing

The legal basis for the storage of personal data in the ePA is the consent of the insured person in accordance with Art. 6 Para. 1 lit. a DSGVO and Art. 9 Para. 2 DSGVO in conjunction with. §§ 342 para. 1, 344 para. 1 sentence 1 SGB V.

D.3.1 Purpose of the data processing

The purpose of the data processing is the use of the ePA by the Insured for archiving and using their individual health information.

D.3.2 Duration of storage

The data is deleted by the insured person when he or she decides that the data stored in the ePA is no longer needed.

D.3 Possibility of objection

The data processing described in this section is mandatory for the use of the ePA by our insured person. The insured person can nevertheless revoke their consent to use the ePA at any time by removing the confirmation checkmark in the ePA app or by contacting us in writing or in person.

E. Contact variants

E.1 Description and scope of data processing

The ePA contains various contact channels that can be used by the insured person to contact us electronically.

E.2 Chatbot

Answering questions about the ePA can be done via an automated chatbot. A chatbot is a digital assistant with which you can communicate by text or voice input. Via the chatbot, insured persons can access standardized support processes and service content of the insured person helpdesk (VHD) within the framework of the ePA. The basic functionality here includes

a. answering questions about the ePA,
b. the dialog for accepting faults with reference to existing faults and the option to register for such a fault by creating a ticket,
c. the option to switch to a live chat dialog,
d. the option to place a callback request and
e. the information function that no advice on the insurance relationship takes place here.

The data processed here is the verification data already stored by the insured person, as well as the data voluntarily entered by the insured person in the chatbot. Requests are logged in the chatbot. Contact data is not recorded, nor is it documented as a ticket.

If a question about the ePA cannot be answered in the chat with the chatbot or if the insured person needs other direct support - for example, when reporting a malfunction - it is possible to request this ad hoc via a live chat or to specify a callback request.

E.3 Transaction processing system (ITSM)

All requests that cannot be resolved via the chatbot are recorded and documented for further processing with the help of a so-called transaction processing system. These requests are processed personally by our support staff.

Should the insured person wish to be called back in this regard, a telephone number must still be specified as an option.

If necessary, a transaction processing number must also be specified upon request by the insured person; this is automatically generated by the transaction processing system and transferred to the insured person.

If the reported issues cannot be answered by this variant, an event-related internal processing ticket is also created automatically. Depending on the need, this request is forwarded to a responsible employee and - if this option was selected by the insured person - a callback is initiated.

If an insured person takes advantage of the option to call back, the data entered in the input mask will be transmitted to us and stored.

The following data must be entered by the insured person:
a. Name,
b. Fund affiliation,
c. E-mail address and
d. Telephone number.

E.4 Legal basis for data processing

The legal basis for the processing of the data is Art. 6 (1) lit. b DSGVO, as the data processing operations carried out in the course of contacting the insured person are necessary for the proper processing of the contract of use with the insured person via the ePA.

E.5 Purpose of the data processing

The processing of personal data described in this section is carried out in order to be able to process contact requests from our insured persons and, as a result, to be able to execute the ePA usage agreement with the insured person.

E.6 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no longer any retention obligations. This is the case if the health insurance fund decides that this data should be deleted no later than three years after the transaction ticket is closed.

E.7 Storage locations of all ePA specific data

Operator	Application	Data type
BITMARCK Service GmbH RZ Essen	IAM module (access and authorization management)	Digital identity and the associated master data
	SigD (signature service)	Al.vi (Alternative insured identity)
BITMARCK Technik GmbH RZ Hamburg	PKI and OCSP responder	Certificates for eGK and al.vi, certificate status
	EGS (Electronic Health System)	Verification of the insured person as an IAM user and the associated master data
	KVS (account management system)	Metadata of the electronic record
	File system (incl. key generation service 1	Encryption data User-related documents and their metadata, encryption information

F. Information on the electronic patient file (ePA) in accordance with Section 343 SGB V

1. introduction

2 What is the electronic patient record?

3. how secure is the electronic patient record?

4 What do I need to know about electronic patient records?

4.1 Is the ePA mandatory?

4.2 Who offers and operates the ePA?

4.3 Can I delete documents in the ePA or the entire file?

4.4 How do I keep track of who has changed something in my file?

4.4.1 The management protocol

4.4.2 The access log

4.5 What rights do I have vis-à-vis my health insurance fund with regard to the data processing procedures of the EPO?

4.6 What data does the health insurance fund exchange with the ePA operator?

4.7 What do I need to consider when using the ePA application?

4.8 What measures must I take in the event of loss or suspected misuse of the eHC or the access data for the ePA application?

4.9 I want to change my health insurance company. Can I simply take my data stored in the ePA with me?

4.10 What do I have to do if I no longer want the EPC?

4.11 Will I have disadvantages with my healthcare if I do not use the ePA?

5 What can I save in my electronic patient record?

5.1 How do I register with the EPO?

5.2 What do I need to access my data?

5.3 For which categories can I save documents in the ePA?

5.4 Can I set confidentiality levels for documents?

5.5 How can I save data from a digital health application in the ePA?

6. who has access to the electronic patient file and how?

6.1 What are the legal requirements for service providers?

6.2 Which service provider may access which data in the EPC?

6.3 How does the granting of authorizations actually work?

6.4 How do I specifically authorize a service provider involved in my treatment?

6.4.1 How do I grant authorizations in the ePA application?

6.4.2 How do I grant authorizations without the ePA application, e.g. if I am at the service provider's premises or do not use the ePA application?

7 Who must enter data in my electronic patient record if I wish to do so?

8. i need support in using the electronic patient record. What can I do?

9. i would like to keep an electronic patient record but not use an ePA application. What does this mean for me?

10. what other options do the ePA and the ePA applications of my health insurance company offer me?

10.1 Direct access to the national health portal from the ePA application

10.2 Release of data for research (expected from July 1, 2024)

10.3 Use of an instant messaging service via the ePA application (expected from August 1, 2024)

10.4 Further functions of the ePA (expected from October 1, 2024)

10.5 Data on nursing care (expected from January 1, 2024)

10.6 Submitting and accessing your organ and tissue donation declaration (expected in the course of 2023 or 2024)

1. introduction

This document informs you about the electronic patient record (ePA). The ePA has been available to you since 2021 as an offer from your health insurer. Whether you want to use it or not is entirely your voluntary decision. In the following, we would like to show you which options the ePA currently offers you. Some of the functions presented will only be available in the future. The planned date of availability is listed with each of the functions concerned. Your health insurer will continuously update this information text and inform you in good time about new ePA functions and their safe use.

2 What is the electronic patient record?

The electronic patient record (ePA) is an electronic record maintained by you. In the ePA, you and the healthcare providers involved in your treatment can securely digitally upload, store, read there, read out, use, and of course delete personal health and disease data. Your health insurer will provide you with an ePA application in the form of a standalone app, as a special application within an existing app of your health insurer, or else as a desktop application. If you use the ePA application provided by your health insurer, you can view your health data entered in the ePA at any time.

The ePA application establishes a connection via the Internet to the telematics infrastructure in which the ePA resides. The various service providers in the German healthcare system are or will be connected to this network.

Service providers are all groups of persons and facilities that provide services within the framework of the statutory health insurance (SHI). These include, for example, physicians, dentists, hospitals and pharmacies. Facilities in which service providers are active are referred to below as service provider facilities. These can be doctors' practices, pharmacies, hospitals, medical care centers and other health care facilities. However, individual organizational units, such as the department of a hospital or a specific specialty of a medical care center, can also constitute a separate service provider facility.

The ePA application provided by your health insurance company is security-tested and approved by the Gesellschaft für Telematik (gematik). The ePA application can be installed on smartphones and tablets with Android or iOS operating systems, as well as on desktop computers and laptops with secure and suitable operating systems, such as Windows, macOS, and Linux, if applicable. As the user, you are responsible for the security of your application environment - that is, the smartphone, PC hardware, or operating system on which the application is installed (see 4.7).

If you do not have a mobile device or a PC/laptop, or if you do not want to use your health insurer's ePA application for other reasons, you can still use the ePA. However, in this case, some functions are only available to you to a limited extent or not at all. For example, you cannot personally post documents to the ePA without an ePA application. We will inform you about the possibilities and limitations of using the ePA without an associated application in Chapter 9.

You can upload documents to your ePA yourself using the ePA application. Or, for example, you can ask your attending physicians in the practice or hospital to transfer copies of the relevant documents to your file. For legal reasons, however, the original documentation of your treatment always remains with the healthcare provider treating you. In addition, you can authorize your health insurer to enter information about services you have received into the ePA. Only you and those authorized by you can view the ePA. You can revoke your authorization and thus your consent to the provision of data at any time. Under no circumstances can the health insurance company view information in your file. If you use digital health applications, you can allow them to store your data from their use in the ePA - provided the manufacturer of the digital health application you use supports this option.

3. how secure is the electronic patient record?

The documents in your file are always stored in encrypted form and can only be decrypted on the end devices of the persons authorized by you and your own end devices. The (electronic) security key required for this is stored securely. It consists of two parts, which are stored in separate locations: with the provider of the electronic patient file (ePA) and with a central key service provider appointed by the German Telematics Society (gematik). Both key parts are required to access the ePA. Only you and those authorized by you have the complete key - neither the ePA provider nor the key service provider, who only keep part of the key, can access the ePA. The key is deliberately not stored on your electronic health card (eHC) so that you still have access to your file even if the eHC is replaced (planned or unplanned).
So that you and your authorized persons can search for specific documents in your file, additional information about the characteristics of your documents is stored - the so-called metadata. The metadata includes, for example, the author of the document, their institution, the specialty, the document type (such as electronic doctor's letter, electronic medication plan or electronic vaccination record), technical information about the document (including the confidentiality level used as part of the authorization assignment, the document size and the document ID). The file system processes this data in a highly secure and trustworthy technical environment to which neither the file operator nor the health insurance company have access.

4 What do I need to know about electronic patient records?

Since the beginning of 2021, health insurers have been offering electronic patient records (ePA) to their insured. What basic rights and opportunities does this entail for you?

4.1 Is the ePA mandatory?

The use of the ePA is voluntary for you. If you decide to use it, your consent to data processing vis-à-vis the health insurance fund is required. Your consent will be requested as part of the application to set up your ePA - even before the file is technically set up and opened.

4.2 Who offers and operates the ePA?

The ePA is provided by the health insurers and offered to you as an insured person. In doing so, the health insurance companies work with industry partners who develop and operate the corresponding files according to the technical and non-technical requirements defined by the Gesellschaft für Telematik (gematik GmbH). All ePA providers must go through an approval procedure with gematik with their file system and the associated insured person apps, in which compliance with all requirements for functionality, operation, security and data protection must be demonstrated.

Your health insurance company works with the BITMARCK group of companies, Kruppstraße 64, 45145 Essen, Germany, to provide you with the ePA.

4.3 Can I delete documents in the ePA or the entire file?

The principle of voluntariness also means, of course, that you have the right at any time to delete the documents placed in the file yourself or to have them deleted by service provider institutions authorized by you. A deletion process could be carried out at your express request, for example, by a doctor who is treating you. For more information, see Chapter 6.

4.4 How do I keep track of who has changed something in my file?

The ePA records operations performed by institutions authorized by you in a log. The ePA distinguishes between the logging of administrative processes - the so-called administrative log - and processes that are directly related to your medical data - the so-called access log.

If you use your health insurance company's ePA application, it will present the contents of both protocols to you conveniently and uniformly, so that you basically do not have to distinguish between the two protocols.

4.4.1 The management protocol

In the administration log, the ePA stores all processes that are of a purely administrative nature, i.e. that do not directly affect a document or its metadata. These include, for example, the logon or logoff of authorized users. The administrative log also includes the technical time when the ePA was set up and entries when the record is closed.

In principle, the provider can access the entries in the administration log - in contrast to the data stored in the ePA. In this way, the provider can support you, for example, in the event of technical problems. However, access to the administration log is only permitted with your consent.

All entries in the administrative log that are older than three years are automatically deleted by the file system. This deletion period also applies when you close the file. Consequently, these log entries are still available for up to three years even if you have already closed the ePA.

4.4.2 The access log

In the access log, your ePA stores all accesses that are directly related to your documents, e.g. calling up, setting or deleting a document. The granting or revocation of authorizations is also stored here. Entries in the access log are protected in the same way as the metadata for your documents (for more information, see Chapter 4.4). The data is automatically deleted on a daily basis three years after the log entry is created. This also applies if you have deleted all or part of the ePA.

If you use your health insurer's ePA application, it will present the contents of both logs to you in a uniform manner, giving you an overview of who has accessed your record and who has made which changes to your record. When using the ePA application, you also have the option of saving the log data on your own terminal device. The ePA application offers you a corresponding function for this purpose.

4.5 What rights do I have vis-à-vis my health insurance fund with regard to the data processing procedures of the EPO?

Your rights vis-à-vis the health insurance company result from the legal provisions of the General Data Protection Regulation (DSGVO). Within the meaning of this regulation, the health insurance company is the "responsible party". As an insured person or insured person, you can assert the "rights of the data subject" under the GDPR against your health insurance company. This includes in particular that the health insurance companies are obliged to inform the insured persons about the collection of personal data (Art. 13, Art. 14 DSGVO). Furthermore, the insured persons have the following rights under the GDPR:

- the right to information as to whether and, if so, for what purpose certain personal data is processed by the health insurance fund or its contractors (Art. 15 GDPR)
- the right to rectification of inaccurate personal data (Art. 16 GDPR)
- the right to erasure of personal data (Art. 17 GDPR)
- the right to restriction of processing (Art. 18 GDPR)
- the right to data portability (Art. 20 GDPR)
- the right to object (Art. 21 GDPR)

It should be noted that the legislator has excluded these rights if their exercise cannot be guaranteed by the health insurer as the data protection controller or can only be guaranteed by circumventing protective mechanisms, such as encryption or anonymization in particular. This restriction exists insofar as the health insurance fund as the responsible body has no technical access to the data stored in the ePA due to the existing encryption mechanisms. For data that is not encrypted end-to-end, such as the administrative log, these rights are not excluded. Accordingly, the health insurer cannot even comply with requests for information or corrections from insured persons regarding data stored in the ePA (e.g., regarding doctors' letters). One exception is diagnoses relating to services used by the health insurer. Since this data is imported into your ePA at your request and with your consent from your health insurer's billing data, you have the option of having this data corrected by the health insurer. To do this, you will need confirmation of the correct diagnosis from the relevant service provider. Your health insurer will inform you about the details of the procedure.

The health insurer provides you with an ePA application to independently exercise your rights under the GDPR. However, you cannot use the ePA application to correct the data provided by your healthcare provider. If corrections to this data are necessary, please contact the care provider treating you. (In this context, please refer to the notes in chapters 4.4. and 9).

4.6 What data does the health insurance fund exchange with the ePA operator?

To set up your ePA, the health insurer and the respective industry partner exchange administrative personal information. In addition, your health insurer or the ePA provider uses your health insurance number to check whether a patient record already exists for you. No exchange of personal health data takes place at this point.

4.7 What do I need to consider when using the ePA application?

The ePA application enables you to access your health data independently via your own end devices such as smartphones, laptops or PCs. The health insurance companies have created their respective ePA application in accordance with the specifications of gematik and the Federal Office for Information Security (BSI). In addition, each ePA application undergoes a security check. This can only be carried out by test centers that are accredited by gematik and the BSI. To ensure the security of your ePA data, it is essential that you only use an ePA application approved by gematik that you have downloaded from a trustworthy source. Trusted sources are the Apple App Store for the iOS operating system and Google Play for Android. For the operating systems of other end devices (laptops or PCs), the stores of the operating system manufacturers (e.g. Microsoft or Apple) or the website of your health insurance company are the trusted sources. In this respect, health insurance companies are obliged to comply with data protection regulations, also with regard to transmission to third countries.

After installation, your ePA application must be activated as part of the first use. There are basically two ways to do this: The most secure way is to activate it via your electronic health card (eGK) with NFC transmission standard, i.e., with a contactless interface such as can already be found on many EC and credit cards today, and the corresponding PIN that you receive from your health insurer. To use your eGK on a stationary terminal, you generally need a suitable card reader that is supported by your computer's operating system. You can purchase this at retail stores (e.g., electronics stores) at your own expense. Reimbursement of the costs by your health insurance is not possible. Because your medical data in the ePA is particularly worthy of protection, the BSI recommends using a card reader with security class 2 or higher (devices with their own keyboard, without their own display).

Another option is to activate your ePA via an alternative access provided by your health insurer without the eGK. This activation remains valid even if you change your terminal device, i.e. even if you want to use your ePA on your smartphone or on your PC. The transmission of the alternative access without the eGK is cash register-specific. If you have any questions about this, please contact your health insurer.

In addition, you should always run your ePA application on end devices that are under your control. Accessing the ePA via a public PC, e.g. in an Internet café, should therefore be avoided at all costs! To use the ePA securely from your own end device, you must also ensure that your respective end devices are protected. Corresponding instructions that you need to carry out for this can be found in the documentation of the ePA application. You should also follow the BSI's recommendations on endpoint security. The BSI provides a range of information on the Internet for this purpose: https: //www.bsi-fuer-buerger.de.

4.8 What measures must I take in the event of loss or suspected misuse of the eHC or the access data for the ePA application?

Particular importance is attached to protecting these access channels. In the event of loss or suspected misuse of the eGK or access for the ePA and the ePA application, these must be blocked immediately with the health insurer to ensure the security of the ePA. The health insurers offer various blocking options for this purpose (e.g., by telephone or online).

4.9 I want to change my health insurance company. Can I simply take my data stored in the ePA with me?

The ePA is offered to you by your health insurance company. If you change your health insurance company and want to use an ePA with your new health insurance company as well, you can transfer the data from the ePA in encrypted form.

The first step is to declare to the new health insurer that you want to continue using your ePA. Then you have to put the existing ePA into the so-called transport state. The application itself offers a corresponding function for this. Now the file operator of your previous health insurance company encrypts the file in such a way that your medical data as well as the metadata can be transmitted confidentially from the file operator of your old health insurance company to the operator of the new one. In this state, neither read nor write access to the record is possible. In the ePA application of the new health insurer, you can then start the data transfer from the old ePA application. The procedure ensures that the data from your old ePA is not deleted until the data has been received in full by the operator of your new health insurer. The authorizations granted and the substitutions (for more information on substitution rules, see Chapter 8) are also transferred, if you wish.

Please note that information from health insurance-specific applications of the ePA may not be transferred automatically. If necessary, you should save the relevant data yourself so that it is still available after you change health insurers. Your health insurer will provide you with further information on data transfer when changing health insurer.

4.10 What do I have to do if I no longer want the EPC?

In principle and at any time, you have the option of closing your ePA completely, i.e. having it deleted. To do this, you must revoke the consent you have given to use the ePA vis-à-vis your health insurer. This termination of the ePA or revocation of use must be expressed to your health insurance company in a suitable form. This can be done, for example, via the ePA application provided by your health insurer. For the exact procedure, please contact your health insurer.

All contents of your file - all documents, granted authorizations and log entries - are affected by the deletion, with the exception of the entries of the administrative log (for more details, see chapter 4.4). In this case, the responsibility for securing the documents stored in your file lies with you as an ePA user. If you want to keep certain documents even after closing your ePA, you must store them elsewhere.

If you use the ePA application provided by your health insurer to access the ePA, you also have the option of saving the log data on your own terminal device. The application offers you a corresponding function for this purpose. In addition to backing up the documents, it also makes sense to back up the log data from a data protection perspective so that you can later trace who had access to your file.

4.11 Will I have disadvantages with my healthcare if I do not use the ePA?

If you decide not to use the ePA, you will not suffer any disadvantages for your healthcare. This will continue to be guaranteed by the established procedures.

As an additional service, however, the ePA ensures increased transparency of your medical data. When using an ePA, you have the advantage of being able to view the documents, findings or information relating to your treatment digitally and pass them on to selected service providers such as doctors or hospitals or allow them to access your data. This digital data exchange initiated and controlled by you can help to improve your medical care. By accessing relevant health data in your ePA, you help the doctors and other service providers treating you to make the best possible therapeutic decisions, avert adverse effects and avoid unnecessary treatment or duplicate examinations.

5 What can I save in my electronic patient record?

In the electronic patient record (ePA), you can store your own health data using the ePA application provided by the health insurance company. This can be, for example, independently kept diabetes diaries or digitized findings from previous treatments that your doctors have provided you with on paper, or your own records of your state of health. Service providers involved in your treatment can store the following data, among others, in the ePA, provided you give them the appropriate authorization:

- medical data relating to your treatment, e.g. findings, diagnoses and treatment measures,
- doctor's letters that were created in the course of (dental) medical treatment
- prescriptions and dispensing information for your medication
- electronic certificates of incapacity for work
- electronic medication plan or emergency data record, if you already use these on your electronic health card (eGK).

If you use a Digital Health Application and the manufacturer of your application supports this option, you can authorize the Health Application to store your data collected by the Health Application in the ePA. The manufacturer of your health application will provide you with information about the data storage options.

5.1 How do I register with the EPO?

To log in to the ePA, use the ePA application provided by your health insurance provider and either the eHC with PIN or, at your request, an alternative access procedure without an eHC that is specific to your health insurance provider and complies with the requirements of the German Telematics Society (gematik). Your health insurance provider will inform you about the respective requirements for logging in without an eHC in the ePA application on your smartphone and for logging in without an eHC on your desktop PC or laptop.

The level of security for logging in with and without an eGK varies. It is higher for registration with the eGK, in which case it meets a security standard certified by the German Federal Office for Information Security (BSI). However, the alternative procedure without an eGK is also accepted by the BSI for a transitional period. However, there is no corresponding certification for authentication without an eGK. Your cash register will provide you with comprehensive information about the available options, the potential risks and ways to avoid them. If you decide to use the alternative access option without an eGK, you must explicitly communicate this wish to your health insurer.

5.2 What do I need to access my data?

Regardless of how you authenticate with the ePA, you use an ePA application provided by your health insurer on your smartphone or a suitable laptop/PC to access the ePA. The ePA application has been created and security-tested according to the specifications of the BSI and gematik. It allows you to use all the functions of the ePA independently, including the following:

- Set, view, download and delete documents
- Grant and revoke authorizations
- Create and revoke substitutions
- Check access to the ePA using the log data
- Close the ePA completely
- Transfer the ePA to a new health insurance fund (when changing health insurance funds)
- Work with the ePA of a represented person as an authorized representative (authorized representative and represented person do not have to be insured with the same health insurance fund)

Insured persons without suitable terminal devices can apply for an ePA from their health insurer and have it created. In this case, authorization for access is granted directly during the visit to the doctor's office, hospital or other service provider (for more information, see Section 6.3). In principle, you can also use this type of authorization assignment on site when you access your ePA via the ePA application, for example, to spontaneously authorize a service provider facility.

5.3 For which categories can I save documents in the ePA?

The ePA offers the possibility to store documents of different categories. The categories are assigned automatically by the file system directly when documents are saved. The following distinctions are possible:

Data on findings, diagnoses, therapy measures carried out and planned, early detection examinations, treatment reports and other examination and treatment-related medical information, separated according to the following areas:
- General practitioner
- Hospital
- Laboratory and human genetics
- Physiotherapy
- Psychotherapy
- Dermatology
- Urology/Gynecology
- Dentistry and oral and maxillofacial surgery
- Other specialist areas
- Other non-medical professions
Data of the electronic medication plan
Data of the electronic emergency data set
electronic doctor's letters
electronic dental bonus booklet ("eZahnbonusheft")
Data for the early detection of diseases in children (electronic examination booklet for children, "eUntersuchungsheft")
Data on medical care during pregnancy and after delivery (electronic maternity passport, "eMutterpass").
electronic vaccination documentation ("eImpfdokumentation")
Your data transferred to the ePA from an electronic health record financed by the health insurance funds in accordance with § 68 SGB V (German Social Code)
Health data provided by yourself
electronic prescriptions and information on their redemption
Other documents

5.4 Can I set confidentiality levels for documents?

You can define a confidentiality level for each document entered in the ePA. The documents entered into the ePA by you, your service providers or your health insurer are initially assigned to the confidentiality level "normal" by default (for more information, see Chapter 6.3). You can assign the "confidential" or "strictly confidential" levels to the documents yourself via your ePA application. If you wish to have a higher confidentiality level when the service provider enters the documents in the ePA, the service provider can also take this into account directly when storing the documents in the ePA. Please mention this to your service provider.

Both the document category and the confidentiality level play an important role in granting permissions (for more information on granting a permission, see Chapter 6.4).

5.5 How can I save data from a digital health application in the ePA?

Some digital health applications offer the option of transferring data to the ePA. In order for a digital health application to be able to store data in your ePA, you must make the appropriate approvals in both applications. In your health insurer's ePA application, you must authorize the desired health application to store data. In the health application itself, you must consent to it sharing data with the ePA. For more information about the relevant consents and setting in the digital health application, contact the manufacturer of the digital health application.

Please note that a health app can only transfer data towards your ePA. However, the manufacturer of your digital health app does not have access to the data in your ePA. This is not allowed by law.

6. who has access to the electronic patient file and how?

You can access the electronic patient record (ePA) yourself if you use the ePA application, as well as employees of the service provider institutions you have authorized, e.g. your family doctor and their medical assistants. The chapters 6.2, 6.3 and 6.4 explain how authorized service providers can access the system.

You always grant authorization to access your ePA to the service provider units and not just to individual persons, such as the attending physician. In the case of larger service provider units, such as a medical care center or a hospital, this may mean that, in addition to your attending physician, a large number of other persons from the medical staff of the same service provider unit may have purely technical access to the data. However, access may only take place to the extent that this is actually necessary for treatment purposes. In addition, every healthcare provider unit is legally obligated to log who has accessed which data of your ePA and when.

By authorizing access to the ePA, you automatically consent to the processing of your personal data by the respective service provider institution. To do this, you use the ePA application provided by your health insurer. However, you can also grant access directly on site, in the practice or hospital, using your electronic health card (eGK) and the associated PIN on the devices available on site. Such devices, such as the card terminal, have been tested and approved by the Gesellschaft für Telematik (gematik).

In addition, your health insurer may - after you have requested and authorized it to do so - store data on services you have used in the ePA. This data includes, for example, diagnoses, prescriptions filled, etc. As with a service provider institution, you can also revoke your health insurer's access authorization at any time once it has been granted. You can initiate the assignment and authorization of the health insurance fund for the transmission of the benefit information as well as the termination directly via the ePA application. This does not involve access to the data in the ePA for the health insurer. In addition to service providers, you can also authorize persons whom you particularly trust to access the ePA. These are the so-called representatives. In principle, your representative has the same access options as you yourself, can grant or withdraw access to service providers and request health insurers to provide data. However, your proxy can neither delete your ePA nor appoint further proxies or revoke proxies (for more information on proxy regulations, see Chapter 8).

Legal representatives can also access the file of the person they represent. For example, parents can maintain an ePA of their co-insured child.

If you consent, manufacturers of digital health applications may also transfer your health data collected in the respective application to your ePA. The manufacturer of the health application, in turn, does not have access to the data in your ePA. This is not permitted by law. You perform the additionally required granting of the corresponding authorization for a digital health application via the ePA application of your health insurer. You can obtain further information on this from your health insurer.

6.1 What are the legal requirements for service providers?

Even if you have granted authorization, a healthcare provider (or the healthcare provider's medical staff) may only access data in your personal ePA if this healthcare provider is involved in your treatment and if the data from your ePA are necessary for your care. This is because there is a legal distinction between the technical granting of access authorization and the "permission" to process data, known as consent. Even if you have granted technical authorization to a healthcare provider who is not involved in your care, he or she may not access your ePA data without further ado. This is because access requires legally valid consent. This must be given voluntarily, for a specific case, after the person concerned has been adequately informed and in an unambiguous manner.

You can revoke your consent to the processing of your data stored in the ePA at any time vis-à-vis a service provider institution. You can do this in the ePA application provided by your health insurer. If you do not use the ePA application, you can withdraw these rights from the service provider facility concerned, for example, during your next visit to the practice by granting a new authorization with a duration of one day. When the set day expires, the ePA can no longer be accessed.

For some healthcare providers, the law has stipulated that they are generally only allowed to view certain information in your ePA. You cannot grant permission for access beyond these legally defined access rights. For example, a pharmacist may not view data from your electronic dental record. Therefore, you also cannot allow the pharmacist to access your electronic dental bonus booklet.

6.2 Which service provider may access which data in the EPC?

Section 352 of the German Social Code, Book V (SGB V) sets out in detail which service providers may access which data. We have summarized these regulations for you in the table in this chapter.

Of course, access to the data in your ePA is only ever possible on condition that you have authorized the respective service provider facility to do so and that it is connected to the TI. It is important to note that when assigning authorizations to your treating care providers, you can further restrict the authorizations compared to the table. However, in accordance with legal requirements, you are not permitted to assign authorizations that go beyond those shown in the table.

Using the options described in Chapters 6.3 and 6.4, you can, if you wish, precisely control which of the service provider institutions involved in your treatment may access which data stored in your ePA. For example, you can share findings that you classify as particularly confidential only with the family doctor's office and hide them from access by other care providers involved in your treatment.

Read-out access (i.e. a cross in the "Read out" column) always means that the data can be downloaded from the EPR and transferred to the treatment documentation of the respective service provider. Even if the authorization is withdrawn, data that service providers have transferred to their treatment documentation remains available to the previously authorized service provider facility. The reason for this is that they have downloaded the data from the EPR through the transfer and created their own copy of the data. This is necessary from a legal perspective, as service providers must document their treatment in full from a medical perspective.

Tip: The table below can be scrolled horizontally ( ↔ ).

Document type

Data from service providers

Your data

Data from other providers

Data on findings, diagnoses, therapy measures carried out and planned, as well as treatment reports and other medical information related to examinations and treatment

Electronic medication plan

Electronic emergency data

Electronic doctor's letters

Electronic dental bonus booklet

Electronic examination booklet for children

Electronic maternity passport

Electronic vaccination documentation

Prescription data and dispensing information of electronic prescriptions

Data provided by the insured persons

Data from a health insurance company health record

Data about services used

Access type

Writing

Readout

Delete

Writing

Readout

Delete

Writing

Readout

Delete

Writing

Readout

Delete

Writing

Readout

Delete

Writing

Readout

Delete

Writing

Readout

Delete

Writing

Readout

Delete

Writing

Readout

Delete

Writing

Readout

Delete

Writing

Readout

Delete

Writing

Readout

Delete

Accessing group of people

Physicians incl. medical staff

×

Dentists incl. medical staff

×

Pharmacists incl. medical staff

×

Psychotherapists incl. medical staff

×

Health care & nursing staff, health care & pediatric nurses incl. medical staff

×

Nurses for the elderly incl. medical staff

×

Nursing specialists incl. medical staff

×

Midwives

×

Health care providers (e.g. physiotherapists) incl. medical staff

(×)

×

(×)

×

Physicians and other persons in the public health service

×

Specialists in occupational medicine and occupational medicine

×

Insured persons (and their representatives)

×

Legend:
x Right completely available
(x) Right only applies to subsets of documents, such as documents of a certain specialist group (e.g. physiotherapy documents).

Writing includes uploading, importing and updating documents in the ePA
Readout includes reading, downloading, exporting, and transferring to the provider's documentation (i.e., storing and using)
Deletion includes the removal of documents from the ePA

Example 1: The table below shows you that doctors and staff in medical service provider facilities, for example, can write, read and delete all service provider data - without any further restrictions in your authorization assignment. Doctors involved in your treatment can only access data provided by you or other providers for reading and deleting.

Example 2: Pharmacists (and pharmacy staff) have write access to the electronic medication plan, electronic vaccination documentation, prescription data and dispensing information for prescriptions, i.e. they can create and update this data in your ePA, without any further restrictions in your authorization assignment. Authorized pharmacists and pharmacy staff have read-only access to all other documents.

Example 3: Healthcare providers including staff, such as physiotherapists, can read out all data in the EPR, with the exception of vaccination documentation, if the appropriate authorizations are granted. Data on findings, diagnoses, therapy measures carried out and planned, treatment reports and other medical information relating to examinations and treatment can be written by physiotherapists. Deletion is also possible. However, physiotherapists can only write and delete data that they themselves or other physiotherapists have entered in their file.

6.3 How does the granting of authorizations actually work?

You can use the ePA application provided by your health insurer to conveniently manage your ePA. There you set who can view which data in your ePA. You also determine how long you want to allow access. The default setting is seven days. You can choose a duration from one day to "unlimited". After the time you have selected has elapsed, the authorization for the respective service provider institution ends automatically. It can then no longer view the documents in the ePA. However, copies downloaded locally for practice documentation are still available to the service provider. In principle, you can revoke authorizations once they have been granted at any time. If you need help using the ePA application, your health insurer will be happy to assist you.

If you do not use an ePA application or if you do not have your terminal device at hand, e.g. when visiting a doctor, you can still allow access to your ePA. To do this, you need your eGK and the corresponding PIN (personal identification number). The process is similar to paying with a bank card and PIN at the supermarket. The eGK is read in a reader at the service provider. You then enter your PIN to confirm which data the service provider facility is allowed to view. The assignment of authorizations on a category basis (medium granular) at the service provider facility overwrites fine granular authorization assignments from the front end of the insured person, if such have already been made. If you want to use the PIN but have not yet received one, please contact your health insurer.

6.4 How do I specifically authorize a service provider involved in my treatment?

The employees of a service provider facility can only access the data stored in your personal ePA if you have given the facility authorization to do so. Granting authorization via the ePA application or the card terminal in the doctor's surgery or hospital is equivalent to consenting to data processing. All authorizations that you grant are stored in your ePA. You can use the ePA application provided by the health insurance fund to view these at any time and adjust them if necessary.
Who you may authorize is regulated by law in Section 352 SGB V (see Chapter 6.2). The facilities and groups of people are listed there. The groups of people listed below are already connected to the telematics infrastructure (TI):

- Doctors, dentists, psychotherapists and employees of these professional groups
- Pharmacists and persons employed by them
- Hospitals

The following groups will be connected to the TI step by step so that you can then also grant them access authorization:
- Healthcare and nursing staff, healthcare and pediatric nurses, geriatric nurses, nurses and their assistants who are involved in the medical or nursing care of insured persons
- Midwives, midwives, maternity nurses and physiotherapists as well as their employed assistants and trainees
- doctors and other persons working for an authority responsible for the public health service, insofar as this is necessary to fulfill their duties under the Infection Protection Act
- specialists in occupational medicine and company doctors

6.4.1 How do I grant authorizations in the ePA application?

You have the option of controlling access to the ePA using various authorizations. The following options are available to you for this purpose.
Roughly granular granting of authorizations
You can control which service provider institution can access which documents by granting authorizations in the EPR application. One option is to use the categories already mentioned. In this case, you authorize service provider institutions to access one or more categories (see chapter 5.3 for more details). The employees of a service provider organization then have access to the documents in the "normal" confidentiality level, unless you specify otherwise (see section 5.4).

Medium-granular granting of authorizations

Further possibilities of access control via the ePA application result from the selection of a category in combination with a confidentiality level. These can be the confidentiality levels "normal" or "confidential". In the course of authorizing a service provider facility, you specify which document category with which confidentiality level access is to be granted. This means that it is not possible to grant access to documents with the confidentiality level "strictly confidential".

Fine-grained granting of authorizations

You get the finest gradation in terms of access rights in the application by determining at the level of individual documents who is allowed to access them. This allows you, for example, to grant access to documents with the confidentiality level "strictly confidential".

In summary

Coarse-granular authorization assignment refers to the granting of authorizations based on the categories. In the case of medium-granular authorization assignment, you assign authorizations to one of the categories and areas mentioned in Chapter 5.3 in combination with the confidentiality levels "normal" or "confidential". With fine-granular authorization assignment, you authorize on the basis of a single document. Documents that you have assigned the confidentiality level "strictly confidential" can only be made accessible to your service providers using fine-granular authorization assignment.

The options for assigning coarse and medium granular authorizations are available both in the ePA application and at the service provider. Fine-granular authorizations can only be assigned in the ePA application.

In addition, you can also define in the ePA application which confidentiality level set documents should receive by default. This then applies to all documents set by your service providers or by yourself. Of course, you can also overwrite this default setting individually when setting a document by selecting a different confidentiality level. You can also change the confidentiality level of a document at any time in your ePA application.

When you grant an authorization, you also specify in the ePA application how long it should be valid. You can choose between an authorization duration of at least one day and unlimited.

6.4.2 How do I grant authorizations without the ePA application, e.g. if I am at the service provider's premises or do not use the ePA application?

Without the ePA application, you can issue authorizations directly on site at the service provider facility. To do this, speak to the staff at the facility and let them know for which category (see section 5.3) and for which period you would like to issue authorizations.
To check the granting of authorizations, the service provider's card terminal will show you the authorizations requested step by step. To grant the authorization, confirm it on the card terminal. This process also gives you control in the service provider environment over who

authorize you to which access. Please remember that you will need your eHC and the corresponding PIN to grant authorizations at the doctor's surgery.
Please note that you can only grant authorizations for the confidentiality levels "normal" and "confidential" if you grant access authorization directly on site at the service provider facility. It is not possible to grant authorizations for documents with the confidentiality level "strictly confidential" on site at the service provider. This serves to protect your data marked as "strictly confidential".

7 Who must enter data in my electronic patient record if I wish to do so?

The electronic patient record (ePA) depends on as much of your health data as possible being stored in it - only then does it develop its full added value for you and your attending physicians. In addition to the data that you enter yourself, the data that is collected by doctors or hospitals in the course of your treatment is also crucial.

You have a right vis-à-vis your attending physicians and other service providers to have the data generated in the course of treatment transmitted to and stored in your ePA. However, you must first be authorized to access your ePA (see Section 6.4).

In addition, you are entitled to have your treating physicians, dentists and psychotherapists support you during the initial filling of the ePA. The support service includes the transmission of medical data to the ePA and is limited to medical data from the specific current treatment.

In addition, you can ask your doctors, dentists or pharmacists to save the data from the emergency data record and the electronic medication plan. If anything changes in your medication plan or emergency record, you have the right to have your doctor update this data in both the ePA and the electronic health card (eHC). Talk to your doctor about this if you have any questions.

You have the right to have healthcare providers involved in your treatment store additional medical information in structured form in the ePA. These are in particular the following:

- the eZahnbonusheft
- the eUntersuchungheft for children
- the eMutterpass
- the vaccination documentation
- prescription data and redemption information for your e-prescriptions
- data on your incapacity for work in the form of the electronic incapacity for work report ("eAU")
- other data provided by the service providers for the insured person, in particular data resulting from the insured person's participation in structured treatment programs for chronic diseases

You also have the right to request that physicians and other health care providers delete documents and data they have uploaded to your ePA.

In addition to the claim against service providers, you can also request that your health insurer enter data on services you have used into the ePA. This includes information on diagnoses and medications that your health insurer receives as part of the billing process for the service providers involved in your treatment. Please note that this information is only available to your health insurer with a considerable time delay. In order to enable your health insurer to provide the data, you must consent to the provision of data to the health insurer and grant the corresponding authorization to access the ePA. Only then can your health insurer access your ePA solely for the purpose of storing this information.

8. i need support in using the electronic patient record. What can I do?

The law provides that you can authorize representatives to handle your electronic patient record (ePA) via the ePA application provided by your health insurer. They then have almost the same rights as you do. However, your representatives cannot appoint other proxies and do not have the authority to close the record. Your representative can, for example, grant access rights to health care providers (doctors, dentists, hospitals, pharmacies, etc.) and view the documents stored in your file. It is therefore important that you only assign this responsible task to persons whom you trust completely and to whom you would also grant a power of attorney for health care, for example. Representations - unlike authorizations for health care providers - cannot be granted for a limited period of time and therefore do not expire. You must therefore actively release your proxy from the proxy via your health insurer's ePA application. Your health insurer will explain the possibility and the procedure for assigning substitution authorizations to you again in more detail.

9. i would like to keep an electronic patient record but not use an ePA application. What does this mean for me?

It is also possible to use the electronic patient record (ePA) without the ePA application provided by the health insurer and without a representative. However, there are then some changes that also affect the exercise of your rights as a person affected by data protection law.

If you do not use the ePA application, you will not be able to view your data stored in the ePA. In addition to the documents, this also includes the authorizations granted and the access logs in which the ePA records who has had which interactions with your file or the data stored in it and when. The health insurers have neither the legal authority nor the possibilities to read out the data of the ePA.

In addition, you do not have the option of saving data in the ePA yourself. Documents can only be entered into the ePA by the service provider institutions authorized by you. The same applies to deletion: only authorized service providers can delete documents from the ePA on your behalf. Thus, you also have no possibility to create a backup copy on your own terminal device. This applies to both the documents and the logs (see Chapter 4.4).

Without the ePA application, you can only authorize service providers directly at the service provider's premises using your electronic health card (eGK) and your PIN in dialog with the practice staff.

The following options are available to revoke access to an authorized provider facility even without an ePA application:

- As consent can legally be revoked independently of the technical authorization assignment, you can revoke it independently of the access rights vis-à-vis the respective service provider. As you cannot revoke the authorization yourself, it may be helpful to assign the authorization for a limited period in the doctor's practice or hospital.
- To technically ensure that the service provider concerned can no longer access your data, you can, for example, reassign the authorization during your next visit to the service provider from whom you wish to revoke the authorization and select the minimum validity period for authorizations of one day. At the end of the day, the service provider can no longer access the data stored in the ePA. However, as with authorization management using the EPR application, the service provider retains all data downloaded from the EPR in their IT system.

Data can only be transferred in the ePA via the ePA application when the health insurance fund is changed. If you do not use an ePA application or a substitution, you will not be able to transfer data when you change health insurers. In addition, you cannot use the options for data release for research purposes (see 10.2) and data provision from digital health applications into the ePA.

10. what other options do the ePA and the ePA applications of my health insurance company offer me?

In addition to the options presented here for storing data in the ePA, the ePA application offers you further access options to health-related services and information. Your health insurance company is gradually introducing these.

10.1 Direct access to the national health portal from the ePA application

To provide you with additional health information, direct access from the ePA application to the National Health Portal is provided. For more information on the National Health Portal, visit https://gesund.bund.de.

10.2 Release of data for research (expected from July 1, 2024)

In the future, you will also be able to make the health data stored in your ePA available for research purposes. In accordance with legal requirements, the provision of data is voluntary and only possible in pseudonymized form. The legislator still has to regulate the legal details of data release for research projects in a suitable form. Your health insurance company will provide you with the current information separately before this function is introduced.

10.3 Use of an instant messaging service via the ePA application (expected from August 1, 2024)

In addition to its use for ePA, your health plan's ePA application will in the future include a feature to securely send instant messages to your health plan and, if requested by the providers involved in your care, can also be used to communicate with your providers.

10.4 Further functions of the ePA (expected from October 1, 2024)

Legislation stipulates that you can have an electronic medication plan stored online and an electronic patient summary file containing your most important medical information. However, you can access this via your health insurer's ePA application. You can view the data and delete it if necessary, manage access permissions, and look up log data about access and changes to the data.
The functions also include the possibility of viewing log data on accesses and changes to the data.

10.5 Data on nursing care (expected from January 1, 2024)

Legislation provides for the storage of nursing information, such as nursing reports or nursing transition sheets. This means that care services or care facilities involved in your care can provide and use the corresponding documents in your ePA with your authorization. The prerequisite for this is that the care service or care facility is connected to the telematics infrastructure.

10.6 Submitting and accessing your organ and tissue donation declaration (expected in the course of 2023 or 2024)

In the future, you will have the option of submitting your declaration of organ donation in the organ donation registry via your ePA application. The declaration as such will not be saved in the ePA, but will be stored in the register provided for this purpose. For more information on organ and tissue donation, visit the website of the Federal Ministry of Health:

www.bundesgesundheitsministerium.de/themen/praevention/organspende.html

Preliminary note

A.1 Name and address of the responsible person

A.2 Contact details of the data protection officer of the controller

A.3 Responsible data protection supervisory authority

A.4 Competent legal supervision

A.5 General information on data processing

A.6 Involvement of third parties

A.7 Data processing outside the European Union

A.8 Data subject rights

A.9 Deletion of data

A.10 Automated decision making

A.11 Right to complain to a supervisory authority

A.12 Right to revoke the declaration of consent under data protection law

B.1 Description and scope of data processing

B.2 Legal basis for data processing

B.3 Purpose of the data processing

The purpose of the data processing is to provide the ePA in accordance with the legal requirements of SGB V. In this context, it is necessary to assign a specific ePA to our insured person. B.4 Duration of storage

B.5 Revocation options for the use of the ePA

C. IAM registration process for the ePA

C.1 Description and scope of data processing

C.2 Acquisition of data for an error report

C.2.1 Automatically transmitted data

C.3 Legal basis for data processing

C.4 Purpose of the data processing

C.5 Duration of storage

C.6 Revocation options for registration in the ePA

D.1 Description and scope of data processing for the insured person

D.1.1 Start with login mask

D.1.2 Use of the ePA

D.1.3: Profile

D.2 Description and scope of data processing for represented persons

D.3 Legal basis for data processing

D.3.1 Purpose of the data processing

D.3.2 Duration of storage

D.3 Possibility of objection

E.1 Description and scope of data processing

E.2 Chatbot

E.3 Transaction processing system (ITSM)

E.4 Legal basis for data processing

E.5 Purpose of the data processing

E.6 Duration of storage

E.7 Storage locations of all ePA specific data

1. introduction

2 What is the electronic patient record?

3. how secure is the electronic patient record?

4 What do I need to know about electronic patient records?

4.1 Is the ePA mandatory?

4.2 Who offers and operates the ePA?

4.3 Can I delete documents in the ePA or the entire file?

4.4 How do I keep track of who has changed something in my file?

4.4.1 The management protocol

4.4.2 The access log

4.5 What rights do I have vis-à-vis my health insurance fund with regard to the data processing procedures of the EPO?

4.6 What data does the health insurance fund exchange with the ePA operator?

4.7 What do I need to consider when using the ePA application?

4.8 What measures must I take in the event of loss or suspected misuse of the eHC or the access data for the ePA application?

4.9 I want to change my health insurance company. Can I simply take my data stored in the ePA with me?

4.10 What do I have to do if I no longer want the EPC?

4.11 Will I have disadvantages with my healthcare if I do not use the ePA?

5 What can I save in my electronic patient record?

5.1 How do I register with the EPO?

5.2 What do I need to access my data?

5.3 For which categories can I save documents in the ePA?

5.4 Can I set confidentiality levels for documents?

5.5 How can I save data from a digital health application in the ePA?

6. who has access to the electronic patient file and how?

6.1 What are the legal requirements for service providers?

6.2 Which service provider may access which data in the EPC?

6.3 How does the granting of authorizations actually work?

6.4 How do I specifically authorize a service provider involved in my treatment?

6.4.1 How do I grant authorizations in the ePA application?

6.4.2 How do I grant authorizations without the ePA application, e.g. if I am at the service provider's premises or do not use the ePA application?

7 Who must enter data in my electronic patient record if I wish to do so?

10. what other options do the ePA and the ePA applications of my health insurance company offer me?

10.1 Direct access to the national health portal from the ePA application

10.2 Release of data for research (expected from July 1, 2024)

10.3 Use of an instant messaging service via the ePA application (expected from August 1, 2024)

10.4 Further functions of the ePA (expected from October 1, 2024)

10.5 Data on nursing care (expected from January 1, 2024)

10.6 Submitting and accessing your organ and tissue donation declaration (expected in the course of 2023 or 2024)

The purpose of the data processing is to provide the ePA in accordance with the legal requirements of SGB V. In this context, it is necessary to assign a specific ePA to our insured person.

B.4 Duration of storage