Patients have the right to inspect their patient file or to have it copied. You can find out here how far this right goes and when it may be restricted.

Legal basis for the patient file

Section 630 f of the German Civil Code (BGB) requires the treating physician to keep a patient record. This can be in paper form or electronically. The patient file must show when any changes to the content were made and what was changed. In a patient file, the treating physician documents all measures and their results that are essential from a professional point of view for the current and future treatment. In principle, the patient file must be kept for ten years after completion of treatment.

§ Section 630 g of the German Civil Code (BGB) regulates the patient's right to inspect this patient file. The treating physician can only refuse this if there are "substantial therapeutic reasons or other substantial rights of third parties to the contrary" (more on this below).

Likewise, the patient has a right to a complete and free copy of the file from Art. 15 III DSGVO.

No access to patient records for therapeutic reasons?

§ Section 630g I of the German Civil Code (BGB) also stipulates that the treating party may only refuse to allow inspection if there are "substantial therapeutic reasons or other substantial rights of third parties to the contrary."

This restriction on the release of information to the patient himself must not go too far. In principle, this exception is permissible under Art. 23(1)(i) of the GDPR. A similar exception is currently also provided for in the draft regulation on the "European health data area" (Art. 3 III of the regulation).

Historical development

The fact that the patient has a right of access at all has only emerged in recent history. In the 1970s, for example, it was still normal for medical records not to be released to the person concerned. Until the introduction of §§ 630 a - 630 h BGB in 2012 and later the entry into force of the GDPR, the requirements for medical documentation were gradually increased on the one hand and the rights of the data subjects were strengthened on the other.

Decision in individual cases

Whether inspection should nevertheless be refused for therapeutic reasons must be examined on a case-by-case basis. In particular, inspection should usually be refused if there is a psychiatric diagnosis which suggests that the patient's relationship of trust with the person treating him or a third party will be permanently destroyed by inspection, or if traumatized patients will suffer re-traumatization.

In the case of serious and incurable illnesses, no reason is nowadays assumed for refusing access. The euthanasia decision of the BVerfG made it clear here as early as 2020 that this would be tantamount to paternalism and that the "protection of a person from himself" may only serve the freedom of decision and not vice versa.

Reason for refusal

If the patient is refused access, reasons must be given (Section 630 g I 2 BGB). The patient must therefore be informed openly of the refusal. Inspection of a censored or modified file is not permitted. In this context, the physician must tread a fine line between explaining to the patient why he or she cannot inspect the file and not revealing what the patient is not supposed to know.

Circumstances of access to the patient's file

Instead of a complete denial of access, the treating party can and must also consider milder means of preserving the patient's rights.

The main option here is to adjust the circumstances of the inspection: the practitioner can offer the patient an accompanied inspection. The person who accompanies the inspection can be the practitioner himself or a trusted person of the patient. If the practitioner accompanies the inspection, he can also ensure that the information is easy for the patient to understand (Art. 12 I GDPR).

Form of provision

The patient must be allowed to inspect or copy the file free of charge. The patient may receive a copy in paper form or in electronic form (Section 630 g II BGB, Art. 15 III DSGVO).

DSB buchen