December 10, 2025, 7:19 pm | Read time: 11 minutes

FITBOOK: Ms. Dimde, the ePA officially launched in January. What is the current status—are people already using it actively?
Dimde: “The rollout began on January 15, 2025. This means that health insurance companies started automatically creating an ePA account for all insured individuals who did not object. This process was completed by mid-February. Thus, every person with statutory insurance who did not actively object has an ePA. In parallel, or slightly later, we technically connected the so-called ‘service providers,’ such as doctors, pharmacies, or hospitals, to the ePA. Since October 1, 2025, they are required to use the ePA—for example, to upload lab results, medications, doctor’s letters, or surgery reports. And it works: Since the start of the ePA, approximately 50 million documents have been uploaded to date.”

“The ePA Works Without Any Action on Your Part”

And what about on the patient side?
“On the insured side, there is no direct need for active use. Those who wish can download their health insurance’s ePA app, which an estimated four million people do. In the future, there will also be the option for insured individuals to set up the Health ID via the VideoIdent process (online identification via video call, editor’s note), which is needed for app use. The prerequisite is that the health insurance companies offer this option. What we see is that the ePA has been used more by the insured since its introduction in January. But I also think it’s important to emphasize that this is not at all necessary. The ePA works without any action on your part: When I, as a patient, insert my health card at the doctor’s office, access starts automatically. This means I don’t have to actively take care of it, but I still benefit from my data being securely and centrally stored.”

Why would you encourage insured individuals to actively use the ePA?
“I would recommend it to everyone because it allows you to engage with your health in a completely different way. We also hear from doctors that it is beneficial when patients become familiar with their health data. Certain questions often become unnecessary, and you can focus on the essential things during the appointment.”

Also interesting: Step-by-Step Setting Up the Electronic Patient Record

“I Could Manage the Record for My Grandmother”

And with ePA use, can you also determine who has access on the medical side?
“Exactly. Through the app, you can, for example, set which practices or pharmacies get access—and this permission can also be revoked. This is the fastest way to do it yourself. Those who are not so digitally savvy can authorize up to five representatives to take over. For example, I could manage the record for my grandmother. Those who cannot do it in the app but prefer to handle it themselves rather than through a representative can contact the health insurance ombudsman. They will then implement the request to exclude certain accesses, such as for a specific doctor’s office or pharmacy.”

What is necessary to appoint a representative for your ePA?
“The person acting as a representative needs the ePA app. The person to be represented needs the electronic health card and the associated PIN. With that, you can set everything in motion.”

Where Difficulties Still Lurk

Doctors had to adjust to new processes. How is it going technically?
“We are in contact with both software providers and doctors regarding this. We can say that the ePA is already running quite well. Certainly, there are areas where not everything works ideally. This has various reasons. For one, there are more than a hundred different system providers for medical practices. The quality of the ePA implementation can vary significantly. Some have implemented the ePA extremely well, while others still have room for improvement. Another reason is the workflows and processes that practices need to adapt. We all know it: When a new tool is introduced that changes a lot, you have to get used to it first. We are all only human. Unfortunately, there are occasionally problems in the telematics infrastructure that can disrupt processes. But overall, the system is stable—and acceptance is growing.”

“In the Media, You Mainly Find the Negative Stories”

In public perception, Germany often has the reputation of lagging behind in digitalization—or being particularly skeptical. Do you feel that too?
“The image of fear of digitalization in Germany is, in my opinion, somewhat distorted. Of course, there are critical voices, but they are by no means all. When we engage directly with doctors, pharmacists, and other health professionals, we find many who are fundamentally very open and find the ePA good. We are increasingly receiving feedback that patient records are filling up, and it is naturally helpful to look into them because you find important information. On the other hand, we have now created a tool with the medication list that did not exist before.”

What does the medication list offer?
“Whether doctor or pharmacist, the topic of medication connects everyone. The problem was that outside of one’s own institution, you didn’t know what medication the patient was already receiving. Here, the medication list is a solution: You can see who prescribed what and which prescription someone actually filled. This represents a significant advancement for patient safety.”

“Next Planned Steps Also Include Access From the Ambulance”

How quickly is such information available in an emergency?
“When a prescription is issued or filled, the entry immediately appears in the medication list. In acute emergencies—such as unconsciousness—direct access to the ePA is currently not technically possible, partly due to the infrastructure. But we want to take the next steps next year to support mobile scenarios as well. However, if we are talking about an emergency where the patient is awake and responsive and comes to the hospital, it looks different. In this case, the health card is read during admission, and you can then access the ePA data, provided the specific hospital is already ePA-capable.”

“There Was No Attack on Real Data”

There were reports of security vulnerabilities at the end of 2024. How secure is the ePA really?
“The ePA is secure. The incident with the ‘Chaos Computer Club’ in December 2024 referred to a vulnerability in the infrastructure, not in the ePA itself. Measures to close this gap were immediately initiated. It was also a theoretical case for which many prerequisites would have had to be created, some of which are outside the legal framework. But there was a gap that was closed. It is our duty of care to address and close a security gap when it becomes known. From my perspective, the difficulty is that people without deeper IT knowledge and the usual procedural processes can develop fears through such discussions because the classification is often missing or difficult to understand due to the complexity of the topic. Therefore, it is important to communicate that it was a theoretically demonstrated problem that has also been resolved.”

“There Is Nothing More Worth Protecting Than Health Data”

What would you like to say to people who are concerned about the security of the ePA?
“We work closely with the Federal Office for Information Security (BSI) and the Federal Data Protection Commissioner (BfDI). Every health insurance app and every ePA server system requires approval before going live, and it first comes to gematik for functional tests and security assessments. Parallel tests are conducted to see if unauthorized access to ePA data could be gained. And if something were found, this gap would be closed. We do not take this lightly, but we work on it continuously. There is hardly anything more worth protecting than health data.”

New Regulation Passed by the Bundestag Effective January 1, 2026

Recently, the Bundestag passed new regulations for the ePA as part of the Law for the Expansion of Powers and Bureaucratization in Care (BEEP), which will come into effect on January 1, 2026. What exactly is new?
“With the BEEP, an important adjustment for the ePA has been made. It stipulates that the billing data entered into the ePA by health insurance companies will be visible only to the insured from January 1, 2026. Until now, they have been visible to anyone with access to the patient’s record—unless visibility is adjusted via the app. This is a change that can be implemented without much technical effort but fundamentally addresses a major issue. It ensures that patients have transparency about billed services. At the same time, the visibility of potentially stigmatizing diagnoses is prevented.”

“There Was a Long-standing Chicken-and-egg Problem With the ePA”

Why was the “opt-out” procedure chosen—an automatic creation of the ePA that one must actively object to?
“Since 2021, the ePA has already existed in the so-called opt-in procedure. It was originally mainly about data storage. An app and active steps were necessary for ePA use. So, the ePA, despite its known advantages, simply did not become widespread. There was a kind of chicken-and-egg problem: The interest among doctors for their system to support the ePA functionality was not particularly high because hardly anyone asked for it. Health insurance companies wanted to promote the ePA only when doctors were also working with it. They wanted to spare their customers, i.e., the patients, the experience of unmet demand. So, there were many discussions about who should move first—doctors, health insurance companies, or patients. With the opt-out model, a uniform basis was created: Everyone has an ePA—those who do not want it can object. And the nice thing is: No one is disadvantaged. Even those who do not actively use the app benefit because doctors can and must now enter the relevant information since October.”

More on the topic

ePA on the App and PC Step by Step: Setting Up the Electronic Patient Record

Nikolay Kolev in FITBOOK Interview Doctolib CEO: “My 3 Demands for the New Health Minister”

“We Need to Think Differently About Health Care”

Basically, the function of the ePA has also changed since 2021, right?
“Yes, you could say that. At the beginning, it was more of a storage system. Now, the ePA is supposed to support processes between doctors, patients, and other health care providers like pharmacies. This further development of the ePA is helpful, especially now that we are at a point where we need to think differently about health care. Among other things, we need to reduce or make bureaucracy more transparent. For example, if a doctor’s letter is not available because it has not yet been sent by mail or fax, another doctor usually cannot start further treatment. Once the data is stored in the ePA, they find all the important information they need there.”

After the ePA Is Before the ePA—This Is How the Electronic Record Will Continue

What’s next—what is planned for the future?
“We like to say internally: After the ePA is before the ePA. We will see the next stages of the ePA in 2026. The medication plan can then be maintained centrally by all those involved in care. What sounds like a small feature but is quite significant: The app will get the push notification function. Later in the year, doctors will have the option to use a full-text search. Additionally, data can then be outsourced to the research data center for research purposes. Beyond that, there are other points we will address. As a next planned topic, we want to look at structured lab data so that doctors can directly recognize disease progressions or changes in values. A big topic is also the European harmonization regarding the data that will be found in electronic patient records in Europe. In practice, this would mean: If someone goes to the doctor abroad, they can be treated much better there because they can also access health data from Germany—but in their language.”