Federal Commissioner for Data Protection, Louisa Specht-Riemenschneider, is calling for enhancements to the safeguarding of sensitive health data within Germany’s electronic patient record system. Speaking to publications of the Funke-Mediengruppe, she highlighted discrepancies between the current functionality and evolving European standards.
The present system allows patients to control access to their data, but Specht-Riemenschneider noted this level of control is not as detailed or granular as desired. She referenced the ongoing development of the European Health Data Space, which envisions a more refined approach to data access settings, exceeding the current capabilities of the German system.
“My advice to all those responsible is to anticipate what will be regulated at the European level” she stated. “Otherwise, technical adjustments may have to be implemented very quickly later on. And that is always the worst solution. One should plan proactively and look at other countries in Europe.
Specht-Riemenschneider also pointed out that an initial German proposal for a document-level default setting was previously scaled back. Currently, individuals are encouraged to adjust visibility preferences within the app before each medical consultation.
She revealed she is personally reconsidering the use of the electronic patient record, stating, “I do not rule out at this point in time to use the electronic patient record”. Her decision will depend on the specific features and security protocols offered by her health insurance provider.
Acknowledging the inherent risks associated with digital technology, Specht-Riemenschneider emphasized that absolute security is unattainable. While the electronic patient record represents the current state of technical advancement, the possibility of misuse cannot be entirely excluded.
She drew attention to a security vulnerability uncovered last December by the Chaos Computer Club, where perpetrators, utilizing credentials for healthcare professionals and a card reader, were able to access unrelated patient health records. Authorities have since implemented measures to mitigate this risk, but the potential for such attacks remains a concern.