The electronic patient file (ePA) is accepted only hesitantly. In an interview study, researchers from the Ruhr University Bochum, the Leibniz University Hannover and the Helmholtz Center for Information Security CISPA refer to numerous “misunderstandings about the digital infrastructure” of the ePA. For example, it is unclear who can see which data. However, as has often been criticized, one cannot oblige doctors and pharmacists to provide information about the patient’s file.
The ePA has been available to those with statutory health insurance in Germany since 2021, and private health insurance companies are still working on the implementation. So far, it has hardly been used – according to the TI dashboard of Gematik (as of August 9th, 2023), only 737,731 people have an electronic ID card. This is partly due to the lack of information and the complicated application for the ePA. This is to change with the planned digital law (DigiG) – insured persons are to receive an ePA automatically in 2025, and health insurance companies are to provide information.
Significant improvements possible
“The digital infrastructure of the electronic patient file could be significantly improved,” says Professor Karola Marky from the Ruhr University in Bochum. For example, according to the surveyed insured persons, the health insurance companies should not “provide the apps that insured persons can use to specify access to their data”, but instead there should be a central open source app.
Insured persons should use a sketch to show the researchers how they imagine the data flow when an insured person grants their doctor access to their EHR. Icons were used to symbolize a doctor, a smartphone, health insurance companies or a hospital. Also included were icons of facilities that were not part of the digital infrastructure. None of the 21 people interviewed knew what the structure actually is.
The representations also differed “significantly” from each other, some assumed, for example, “that all medical practices can automatically view the data in their files”. In fact, however, the insured can grant permissions to the doctors. 85 health insurance companies currently provide apps for this purpose. According to researchers, insured persons can also use them to edit and delete the data in the file. “It is regulated by law which data health insurance companies are allowed to see,” says Marky. But that also caused mixed feelings: the insured saw the control over their own data as positive, but as negative about possible drug abuse. This is possible, for example, if people have the same drug prescribed by different doctors and delete the information about it.
An open source app would be better
The fact that the health insurance companies make apps available to the insured suggests that health insurance companies could see more data than without digital files, but the researchers did not examine whether this is actually true. “From a security perspective, it would be better to offer a central open source app in Germany that all insured persons can use,” explains Marky. “That would ensure more trust, guarantee a uniform security standard and also reduce maintenance effort”.
The researchers also demand that all health insurance companies should have different access options to the file so that people without a smartphone can also use the services. According to the research team, “the electronic medical record should allow easy access to the data in the event of a medical emergency.” The study was financed by the German Research Foundation, and the Federal Ministry of Education and Research supported it as part of the joint project “Digital Fitness for Citizens – Realistic Risk Perception, Safe Routines”.
#eHealth #misunderstandings #electronic #patient #records