How do I access my medical information

How are my medical data protected in Germany?

If you seek treatment in Germany, your personal data will be regularly collected, processed and used by health care providers and, under certain circumstances, by health insurance companies. The protection of this personal data is of great importance throughout Europe and therefore also in Germany.

Personal data is all information that relates to an identified or identifiable natural person (hereinafter "data subject"). These data, in particular the associated medical data, are particularly worth protecting. Therefore, special requirements are placed on the handling of medical data. As a patient, you should be able to trust that unauthorized persons will not gain access to your data. In addition to the data protection regulations, the professional secrecy and confidentiality of your doctor or dentist should also ensure the protection of your data.

The collection, processing and use of the data is therefore only permitted within the legal framework - or if you, as the person concerned, have given your written consent after detailed prior information.

Legal regulations for data processing can be found in

  • the European General Data Protection Regulation
  • the general provisions of the Federal Data Protection Act and
  • the state data protection laws.

Special regulations can be found in

  • the social code books (SGB II to SGB XII).

The European Data Protection Regulation has a direct impact on national German law; is therefore applied directly.

Data protection is primarily based on the following principles:

  • Earmarking: The data will only be used for the respective legally regulated case.
  • Necessity: Only the data that are absolutely necessary to fulfill the defined purpose will be used.
  • Data economy and data avoidance: There is as little data as possible and as much data as necessary to collect, process and use.

Your data protection rights in detail

Please note that depending on the federal state and field of activity of the person who collects, processes or uses the data, other supervisory authorities may be responsible.