The Challenge of Electronic Health Records

What do health insurance companies need to be aware of if they want to reorganise their digital services?

Feb 27, 2023 12:30:00 PM - 3 min.

Zurich, February 2023: Digitalisation in healthcare has been a major topic of discussion in Germany for several years. Although health insurance companies have offered the electronic health record (ePA) since 2021, its uptake to date has been minimal. Now the Federal Minister of Health wants to press ahead with digitalisation in the healthcare sector. What do health insurance companies need to be aware of if they want to reorganise their digital services? And what obstacles to seamless implementation must they consider? The experts at Nevis Security AG have compiled a list of five tips.

From 1 January 2024 onward, health insurance funds must provide policyholders with secure digital access in addition to the electronic health card. Holders of private health insurance policies have been able to use the ePA since 2022 – provided that their insurer already offers this service. The ePA is set to become an opt-out solution by 2025. This means that patients who do not wish their data to be stored in the electronic record must actively object to this. Meanwhile, a recent study by the Bertelsmann Stiftung shows that three-quarters of Germans want to use the ePA and regard it as a positive development. However, industry associations as well as the Federal Commissioner for Data Protection and Freedom of Information, Professor Ulrich Kelber, are rather more critical of its introduction. 

At the same time, statutory health insurance funds are facing increasing demands from policyholders, who have expectations that go beyond the insurance benefits themselves. The quality of the digital offering is increasingly becoming the factor that determines whether or not young people, for example, take an interest in a particular health insurance fund. As a result, health insurance funds are coming under strong pressure to optimise their digital offering.

Five tips for successful digitalisation: 

  • Privacy and security

One key aspect is the secure transfer and administration of sensitive patient and health data. This calls for the implementation of appropriate security measures to guarantee data security and prevent potential misuse.

  • Guaranteed interoperability

An ePA must be able to interact with other healthcare systems and applications without impairing efficiency. This is the only way to guarantee the effective exchange of information.

  • Ease of access for patients

Another key point is that patients must be granted full access to their data. Their ability to control who can view this data and who cannot is also essential. 

  • Legislative changes

The ePA falls within the scope of various laws such as the GDPR and other German legislation such as health insurance and digital health legislation, the E-Health Law and health competence legislation. For this reason, the electronic health record must be continuously amended to reflect changes in legislation. It is also important that stakeholders in the healthcare sector are familiar with the requirements and laws so that they can guarantee secure, effective and legally compliant use. 

  • Implementation

Integrating the ePA into existing systems and processes can become not only complex but also costly. This is why thorough planning is essential.

To address the challenges, it is important for the health insurance funds ensure that the numerous contacts between policyholders and insurance funds are secure and function seamlessly. The use of a dedicated identity solution (IdP or sectoral IdP) is recommended as the easiest possible way to achieve this. As a result, the identities of patients can be managed digitally. What’s more, verification and authentication is guaranteed digitally. This makes it possible to confirm the identity of a user who wishes to access an application or a service.

To allow different systems to interact and enable the intelligent exchange of data without impeding IAM (Identity Access Management), health insurers must choose architectures and concepts that are based on established security technologies and that facilitate the seamless federation of the IAM/IdP systems. In addition, migration concepts and processes should operate in a straightforward manner. Suitable choices for this are end-to-end solutions that are easy to implement and do not need to be developed from scratch.


About Nevis

Nevis develops security solutions for the digital world of tomorrow. Its portfolio encompasses passwordless logins, which are intuitive to use and offer optimal protection for user data. Nevis is the market leader for Identity and Access Management in Switzerland and secures over 80 percent of all online banking transactions. Public authorities, leading service providers, and industrial enterprises worldwide rely on Nevis solutions. The authentication specialist has locations in Switzerland, Germany, UK and Hungary. 

Press Contact

LEWIS Communications GmbH
Mareike Funke,