Capture and process patient data

If patient data is handled, strict rules apply with regard to data protection. Whether in doctors’ offices, hospitals, pharmacies, or other medical facilities – wherever patient data is handled, the utmost security and caution must be exercised.

Learn how to securely collect and process sensitive, personal data in this article.

Patient Data

Capturing and processing patient data - how does it work?

If you work in a medical facility, handling personal data is part of your everyday work. Patient data is subject to medical confidentiality and may only be collected, stored, and processed under certain conditions.

Generally, written acceptance from patients is required as a form of consent. Patient consent must be obtained on a regular basis to ensure that coverage is always updated. However, patient data may only be collected and processed for specific purposes. This includes, for example, the treatment of a disease, preventive care or diagnostics.

Personal data is stored in a patient file, which must be protected from access by third parties due to its sensitive content.

Medical confidentiality

Medical confidentiality is regulated in the professional codes of the state medical associations (§9 Berufsordnung der Ärztekammer Berlin) and in the German Criminal Code (§203 StGB). According to the provisions of the professional regulations, doctors must keep silent about what is disclosed to them in their capacity as physicians.

This includes medical confidentiality:

  • the fact that the person concerned has been or is being treated by the doctor
  • the names of the patients
  • Thoughts, opinions, family relationships, professional and financial circumstances entrusted to the doctor by patients
  • the third secret
  • Observations on the part of the physician

In addition, medical confidentiality – and this is the most important point in this context – also includes all medical data that belong to the patient’s file.

The electronic patient file

More and more medical facilities are switching to storing patient data electronically. Digital patient management is closer to the spirit of the times, saves unmanageable mountains of paper and allows all personal data to be stored in one place.


According to §630 f paragraph 1 of the German Civil Code (BGB), the digitization of documents is permitted under certain conditions:


  • chronological traceability of the data
  • Prevention of unauthorized access to the data by third parties through appropriate backup

The digitization of patient records brings a number of benefits. For example, it enables faster exchange between different medical facilities as well as networking of medical services.

The electronic patient record (EPR) ensures the permanent availability of patient records and represents an important element of digitization. Thanks to the German Federal Ministry of Health, all people with statutory health insurance will be able to obtain an electronic patient file from their health insurers from January 1, 2021.

The EPA contains medical findings and information from examinations and treatments. All patient data can be stored across practice and hospital boundaries thanks to the new development.

Other benefits of the electronic health record include:


  • better availability of data
  • Improvement of personal medical treatment
  • Time for information procurement is eliminated
  • Relieving the burden on doctors, physicians and patients by avoiding duplicate examinations

Record and store patient data

How long patient data may be retained depends on a case-by-case basis. As a general rule, however, patient records are subject to a retention period. As a rule, patient data is thus retained for up to 10 years after treatment. In individual cases, such as the treatment of chronic illnesses that extend over a long period of time, the retention period may extend well beyond 10 years.


The storage of sensitive patient data in the electronic patient record must be subject to the highest security standards and must not allow unauthorized access by third parties under any circumstances. One way to ensure data privacy is to transfer information using a secure VPN tunnel. An alternative approach is to use closed networks that are backed by encryption systems.

If sensitive data is sent by e-mail, this must be done under appropriate end-to-end encryption. Only the sender and recipient receive a special key for accessing the content in order to exclude third parties.

Disclosure of patient data to third parties?

As already explained, unauthorized access to patient data by third parties must be avoided at all costs. Anyone who accesses sensitive personal data without clear consent is in breach of data protection and therefore liable to prosecution.

Section 203 of the German Criminal Code (StGB) stipulates that the unauthorized disclosure or disclosure of patient data subject to professional secrecy may be punished by a fine or imprisonment of up to one year.

Declaration of consent

However, if patient data must be disclosed, for example, in the course of legal proceedings or due to a change of physician, this can only be done with the patient's consent.  
Prior to the transfer of patient data, the patients concerned must be informed about the purpose of the transfer, as well as the recipients. If a consent form for data transfer is subsequently signed by the patient, the transfer of patient data may take place.

The trend is clear - capture patient data digitally

The electronic patient record is a revolution in the collection and processing of patient data. The trend in medicine continues to move toward the use of mobile devices. In some doctors' offices, for example, tablets are already being used to call up patient data or view findings.

Probatix - Capture and process patient data quickly and securely

Probatix is the software for your medical facility. Whether pharmacy, hospital or doctor’s office – our goal is to support you sustainably. We make your day-to-day work easier by supporting you with all-encompassing software that enables the digital capture, storage and processing of patient data securely and quickly.


Get important information of your patients bundled and clearly arranged at a glance, save valuable time when recording patient data and protect sensitive content from unauthorized access by third parties.


Our software is DSGVO compliant and easily customizable to your setup. Benefit from digitization and make your everyday work more relaxed and smoother.

Probatix – The software for secure processing of patient data!

Illustration - Tests Possible - EN