On July 3, 2020, the Bundestag, the German parliament, passed a new law to protect patients’ health data. The law provides for the creation of a digital medical file, or shared medical file, which German health insurance companies will have to offer to their clients as of 2021. Under this law, the shared medical record should, among other things, enable the use of electronic prescriptions.

The first version of this law was strongly criticized by the Federal Commissioner for Data Protection and Freedom of Information, the German counterpart of the CNIL. Indeed, in the initial version of the law, the health data contained in the shared medical file were visible to all medical staff, so that a dentist could have access to medical reports submitted by a psychiatrist on the same patient, as the Commissioner stated. The German legislator clarified in the final version of the law, to comply with GDPR, that the patient remained in control of his or her health data and could decide which data he or she wished to share or delete. In addition, the patient must decide alone on the use of the shared medical record.

It is interesting to recall that France also introduced in 2018 shared medical records such as the digital health record to secure the exchange of health data, such as medical history, medical examination results or health insurance care history over the last 24 months. The French shared medical record is also optional and requires patient consent for its implementation and to identify the healthcare professionals who have access to it. Unlike in Germany, patients can only request the correction or deletion of their health data if it is inaccurate, equivocal, incomplete or out of date, provided they can oppose a “legitimate reason”.

https://www.bfdi.bund.de/DE/Infothek/Pressemitteilungen/2020/20_BfDI-zu-PDSG.html

https://www.cnil.fr/fr/dossier-medical-partage-dmp-questions-reponses