The German Social Security Code (§ 291a SGB V) requests that "data on findings, diagnoses, therapeutic measures, treatment reports and vaccinations for cross-case and multi-patient documentation about the patient" be stored in electronic health records (EHR). The technical requirements for EHRs were specified by a company called gematik Gesellschaft für Telematikwendungen der Gesundheitskarte mbH (a company for telematics applications for the electronic health card) in December 2018. It defined various components such as the "EHR system" (the backend), the "EHR module connectors", the "EHR front end for policyholders" and the "primary systems" (for healthcare service providers). Product data sheets list binding requirements for individual components of EHRs and form the basis for approval by gematik.^1,2

The use of electronic health records is voluntary. The data can be copied into the patient’s record from a doctor’s practice management system at the patient’s request, and the patient can also enter his or her own data, such as self-measured blood pressure values, into the EHR. The patient can revoke access rights at any time. The TSVG also requires the previously planned "Patientenfach" (data exclusively used by patients) to be merged with the electronic health records, and will thus become obsolete.^1,3,4

The EHR guidelines published by gematik in late 2018 are also designed to ensure that EHRs are interoperable. The fact that this is not self-evident becomes obvious from reports from Israel, where electronic health records have been in use for all of the country’s residents for years and where the systems of the four Health Maintenance Organisations are partially incompatible.⁵ Gematik Managing Director Alexander Beyer once again emphasised in December 2018 that people insured by the statutory health system will be able to choose freely between providers and transfer all file contents, including metadata, protocols and access permissions to a new provider. The patient therefore has data sovereignty and the free choice of provider. On a practical level, patients can access their records with their doctors using the electronic health card and a PIN.¹

The advantages of electronic health records are enormous both for patients and healthcare providers. This is clear from results obtained in countries such as Israel and Denmark^5,6, which have long been integrating electronic health records into their healthcare system. They help, for example, to avoid duplicate examinations since a patient’s medical information is available in a well-documented and well-organised form. This improves the quality and cost-effectiveness of medical care as well as patient safety. However, there are potential disadvantages too. Valid security concerns have been raised following the discovery of certain vulnerable points in personal health records (PHRs) that are already on the market.

In Germany, patients can choose between different PHR systems (personal health record; German: elektronische Gesundheitsakte, eGA; Social Code §68 SGB V), such as "TK-Safe", "Vivy" or "AOK-Gesundheitsnetzwerk". The patient has data sovereignty for all personal health records, and decides who is allowed to see which information. Healthcare service providers provide patient data using existing practice management software; the patient can, for example, add data recorded by fitness trackers, and the health insurance company can upload billing data at the request of the patient.⁷ PHRs can vary, but one thing they all have in common is that they do not comply with §291a SGB V and are not approved by gematik.

According to the providers’ websites, all personal health records are end-to-end encrypted. The “AOK-Gesundheitsnetzwerk” PHR app even has a two-factor authentication system like the one used in online banking. Vivy was launched in September 2018; the TK-Safe and AOK-Gesundheitsnetzwerk apps are still in the test or development phase. Vivy was strongly criticised barely 24 hours after it had been launched. Martin Kutzek, a freelance IT security expert from Karlsruhe wrote a blog post advising against the use of the Vivy app. He had discovered that the app transmitted data to third parties, in this case to tracking companies abroad, before the user even had the opportunity to agree to the app’s privacy policy.

Kutzek pointed out that advertising and analytics modules have no place in apps that process highly sensitive information such as health data.^8,9 Other security experts including Martin Tschirsich and Torsten Schröder of Swiss modzero AG, agree with Kutzek and have substantiated his findings with an in-depth safety report and a lecture at the 35th Chaos Communication Congress.^10,11 In a press release published on 27th December 2018, Vivy pointed out that the attack scenarios presented by Tschirsich and Schröder were no longer valid at the time of their presentation and that no Vivy user had been affected.¹³

Alexander Beyer believes that the data protection problems experienced with personal health records justify gematik’s approach to its telematics infrastructure: Beyer says that EHRs that conform to §291a SGB V are much safer than PHRs. He sees an advantage in the use of connectors and the electronic health card (EHC) and in the certification and approval by gematik.⁴

Beyer also explains that health records will be migrated towards approved and certified electronic health records by the end of 2020. The extension specifications listed in the TSVG will also be available by April. This includes a possible mobile application for electronic health records (EHRs), which will feature an authentication method that is different from the current one by way of connectors and PHRs. Near field communication (NFC), as used by EC and credit cards, might be a possible solution. Health insurance companies will also be given the possibility to transfer data from their systems to EHR.^1,2

On 6thFebruary 2019, the European Commission issued recommendations that will facilitate access to health data across borders in full compliance with the General Data Protection Regulation. The recommendations propose that EU Member States extend this possibility to patient summaries, ePescriptions, laboratory tests, medical discharge reports and images and imaging reports, including the "Integrating the Healthcare Enterprise" profiles (IHE profiles), which were established in 2015 and whose specifications are also applied to the digital eHealth Service Infrastructure (eHDSI). As gematik also relies on these standards, Germany appears to be well positioned as far as the EU’s recommendations on a European personal health record exchange format are concerned.^{13, 14, 15} The fact that the IHE Deutschland association¹⁶ now rejects the suggested concepts, shows that there is still much to do until Germany and other EU Member states will be able to exchange health records.

References:

¹ gematik's press release of  19th December 2018 "Einheitliche elektronische Patientenakte für das deutsche Gesundheitssystem“
https://www.gematik.de/news/news/einheitliche-elektronische-patientenakte-fuer-das-deutsche-gesundheitssystem/

² Faktenblatt ePA - Elektronische Patientenakte, as of October 2018
https://www.gematik.de/fileadmin/user_upload/gematik/files/Faktenblaetter/Faktenblatt_ePA_web.pdf

³ First reading of the Appointment Service and Supply Act in the German Bundestag (13th December 2018)
https://www.bundesgesundheitsministerium.de/terminservice-und-versorgungsgesetz.html

⁴ "Telematikinfrastruktur kann genutzt werden“, EHealthcom 30th January 2019
https://e-health-com.de/thema-der-woche/telematikinfrastruktur-kann-genutzt-werden/ee309aef462ec6046a77e7c849855e25/

⁵ "#SmartHealthSystems Digitalisierungsstrategien im internationalen Vergleich Auszug Israel“, Bertelsmann Stiftung, November 2018
https://www.bertelsmann-stiftung.de/en/publications/publication/did/smarthealthsystems-auszug-israel/

⁶ "#SmartHealthSystemsDigitalisierungsstrategien im internationalen Vergleich Auszug Dänemark“, Bertelsmann Stiftung, November 2018
https://www.bertelsmann-stiftung.de/fileadmin/files/Projekte/Der_digitale_Patient/VV_SHS-Studie_Da__nemark.pdf

⁷ "Elektronische Gesundheitsakte: Erste Erfahrungen im Test und im Betrieb“, Deutsches Ärzteblatt, 24th October 2018
https://www.aerzteblatt.de/nachrichten/98723/Elektronische-Gesundheitsakte-Erste-Erfahrungen-im-Test-und-im-Betrieb

⁸ "Gesundheits-App Vivy: Datenschutz-Bruchlandung“, Kutzek IT-Security Blog, 18th September 2018
https://www.kuketz-blog.de/gesundheits-app-vivy-datenschutz-bruchlandung/

⁹ "Gesundheits-App Vivy: Erläuterung der Kritik“, Kutzek IT-Security Blog, 19th September 2018
https://www.kuketz-blog.de/gesundheits-app-vivy-erlaeuterung-der-kritik/

¹⁰ Speech of Martin Tschirsich at the 35th Chaos Communication Congress - All Your Gesundheitsakten Are Belong To Us (27th December 2018)
https://www.youtube.com/watch?v=82Hfh1AItiQ

¹¹ Report of modzero AG "Schwachstellen in Gesundheits-AppVivy“
https://www.modzero.ch/static/vivy-app-security-final.pdf

¹² Press release Vivy GmbH "Stellungnahme Vivy: Auf dem “35C3” präsentierte Angriffsszenarien waren seit längerem geschlossen“
https://www.vivy.com/presse/stellungnahme-35c3/

¹³ "Recommendation on a European Electronic Health Record exchange format“ 
https://ec.europa.eu/digital-single-market/en/news/recommendation-european-electronic-health-record-exchange-format

¹⁴ European Commission press release of 6th February 2019 "Commission makes it easier for citizens to access health data securely across borders"
http://europa.eu/rapid/press-release_IP-19-842_de.htm

¹⁵ "Europäische Empfehlung für Aktenstandards“ EHealthcom 13th February 2019
https://e-health-com.de/details-news/europaeische-empfehlung-fuer-aktenstandards/cee83fd88f5969b2f1cea0da2899d916/

¹⁶ "Sicherstellen der Interoperabilität im eigentlichen Sinn: IHE Deutschland e.V. bemängelt proprietäre Verwendung internationaler Standards in aktueller ePA-Spezifikation“, 7th March 2019 (http://www.ihe-d.de/wp-content/uploads/2019/03/IHE-D-Öffentliche-Stellungnahme-zur-IHE-Nutzung-in-den-Gematik-Spezifikationen-07-03-2019.pdf)