Overview

• The electronic patient record (ePA) was launched nationwide in Germany on April 29, 2025, automatically enrolling over 73 million statutory insured citizens under an opt-out model.
• Ethical hackers from the Chaos Computer Club discovered new security vulnerabilities in the ePA system, allowing unauthorized access to patient data despite updated protections.
• Gematik, the organization overseeing the system, implemented immediate fixes and stated there is no evidence of unauthorized data breaches so far.
• Consumer advocates are calling for improved privacy controls, including the ability for patients to selectively share specific medical documents with healthcare providers.
• Healthcare providers have until October 1, 2025, to adopt the ePA system, with pseudonymized data sharing for research scheduled to begin in July 2025.