Cybersecurity Matters and ePA Usage: Insights from Philipp Müller, Head of Digitalization and Innovation at the German Federal Ministry of Health
- Germany's healthcare system is advancing its digital transformation with a renewed focus on cybersecurity and the nationwide rollout of the electronic patient record (ePA), as officials emphasize the...
- Philipp Müller, head of the Digitalization and Innovation department at the Federal Ministry of Health (BMG), highlighted that cybersecurity remains a top priority in the ongoing digitalization of...
- The electronic patient record, known as ePA, has been available to all 73 million people with statutory health insurance in Germany since April 29, 2025.
Germany’s healthcare system is advancing its digital transformation with a renewed focus on cybersecurity and the nationwide rollout of the electronic patient record (ePA), as officials emphasize the critical importance of securing sensitive health data amid increasing digital integration.
Philipp Müller, head of the Digitalization and Innovation department at the Federal Ministry of Health (BMG), highlighted that cybersecurity remains a top priority in the ongoing digitalization of healthcare services. His remarks underscore the government’s commitment to ensuring that technological advancements in patient care do not compromise data protection or system integrity.
The electronic patient record, known as ePA, has been available to all 73 million people with statutory health insurance in Germany since April 29, 2025. Initially launched in selected model regions, the system expanded nationwide after a trial phase, with health insurance companies automatically setting up the ePA for their policyholders. Insured individuals retain the right to object to the ePA at any time and maintain full control over who can access their health data through dedicated applications provided by their insurers.
The ePA enables secure storage and exchange of essential health documents, including doctor’s letters, laboratory results, and medication plans. Authorized healthcare providers can access this information to improve care coordination, reduce duplication of tests, and support more targeted medical decisions. Patients can view and manage their data at any time via insurer-provided apps, where they can also set access permissions, designate representatives, or revoke access to specific institutions.
Data protection and security are central to the ePA’s design. Sensitive health information is stored in encrypted form within certified data centers located in Germany. Access is strictly limited to authorized individuals and institutions, and patients maintain continuous oversight of data sharing permissions. These safeguards aim to address public concerns about potential misuse of personal health information while enabling the benefits of a connected healthcare system.
The push for nationwide ePA adoption aligns with broader efforts by the German Federal Ministry of Health to modernize healthcare infrastructure. Officials have emphasized that digitalization offers significant opportunities to enhance patient care quality, streamline administrative processes, and improve the efficiency of medical services through better data utilization.
As Germany advances its digital health agenda, cybersecurity measures continue to evolve in response to emerging threats and regulatory requirements. The integration of systems like the ePA into broader European health data initiatives, including the European Health Data Space (EHDS), requires robust protection standards that comply with frameworks such as GDPR, the NIS2 Directive, and sector-specific regulations governing medical devices and health data.
Industry events such as DMEA, Europe’s leading digital health trade show, have provided platforms for showcasing innovations in secure health data handling. Organizations including Fraunhofer institutes have participated in these events to present research on safeguarding patient information during transmission, storage, and long-term use in cloud environments, reflecting ongoing efforts to strengthen trust in digital health solutions.
