- eco Board Member Pohlmann: “Security and functionality must be top priorities”
- Only 35% of Germans feel well-informed about the launch of the German electronic patient record (ePA)
- Security and protection of personal data are top criteria for 61% of respondents
- eco welcomes the introduction of the ePA, but also urges public authorities and health care institutions to implement clear processes and transparent communication
- eco White Paper on Confidential Computing shows potential for trustworthy IT
Today on 15 January 2025, the German electronic patient record (ePA) is being introduced for all those with statutory insured persons who have not opted out. Nonetheless, a recent Civey survey conducted on behalf of eco – Association of the Internet Industry reveals that 65% stated that they did not feel well informed about the introduction of the ePA.* While eco sees significant potential for improved patient care and more efficient healthware processes, it also recognises the need for action by public authorities and healthcare institutions to strengthen trust in digital health services and to address questions. In particular, the focus is on building trust through technical measures and clear, transparent communication.
“The electronic health record is a positive example of how digital technologies can drive efficiency while simultaneously creating valuable synergies with added value – here in such an important sector as our healthcare system. However, the ePA will only be successful if it is not only efficient, but also secure and trustworthy. Security and functionality must therefore be the top priority,” emphasises Prof. Norbert Pohlmann, eco Board Member for IT Security.
Overcoming challenges: Public authorities need to “do their homework”
While the Fraunhofer Institute for Secure Information Technology (SIT) uncovered vulnerabilities ranging from hacker attacks to problems in data management in late 2024, organisational deficiencies on the part of the authorities also significantly delayed implementation. “Responsibility doesn’t end with technology. Clear processes and transparent communication are essential,” says Norbert Pohlmann.
Security standards in practices and facilities are crucial
Not only the central infrastructure of the ePA, but also local systems in clinics and hospitals must meet the highest security requirements. Previous security incidents underscore this need for action. Doctors and other service providers must be better trained and technically supported to prevent identity theft and other threats.
A central aspect for the trustworthy use of the ePA is the protection of personal data. In the survey, 61% of participants named security and data protection as the most important factor, followed by the possibility of self-administration and data access. These priorities must be reflected in practice and technology.
Pohlmann emphasises that a comprehensive pilot phase is crucial to address security gaps at an early stage. Clear communication processes for citizens and service providers are just as important as strict security standards for both central and local systems. He also calls for stronger involvement of public authorities to ensure clear responsibilities and swift decision-making processes.
Technological solutions: Building trust through Confidential Computing
A key aspect of improving data security is the use of modern technologies. This includes “Confidential Computing”, which offers the possibility of securely processing even highly sensitive health data by protecting it from unauthorised access in isolated, trustworthy execution environments. Particularly in a sector fraught with security risks and privacy concerns, Confidential Computing can play a critical role in strengthening users’ trust in digital health solutions such as the ePA. EuroCloud and the eco Association are promoting the adoption of Confidential Computing by encouraging the exchange of innovative approaches on specialised platforms.
“Progress needs trust. A secure and stable ePA is the foundation for advancing digitalisation in healthcare,” Pohlmann sums up. “eco appeals to health insurance companies and medical associations to shape digital transformation consistently, securely and trustworthily.”
The complete White Paper on Confidential Computing is available here for free download.
*The market and opinion research institute Civey conducted a survey on behalf of eco – Association of the Internet Industry in which 2,512 German citizens were interviewed between 9 and 10 January 2025. The survey is representative of the population, with a statistical error of 3.4%.
