DVPMG – Law on Digital Modernisation of Healthcare and Nursing Care

The Law on Digital Modernisation of Healthcare and Nursing has been in force since 9 June 2021. Its German title is “Digitale-Versorgung-und-Pflege-Modernisierungs-Gesetz”, abbreviated to DVPMG. This law amends numerous other laws and regulations, for example Volume V of the Social Insurance Code and the Regulation on Digital Health Applications. The DVPMG goes well beyond the introduction of digital health applications.

Most stakeholders affected by the DVPMG welcome the obvious intention: to digitalise healthcare including nursing and thereby to improve it.

There is, however, also a lot of criticism. Lots of medical device manufacturers are also unaware of the consequences of the law for them.


Click here for the 172-page draft of the DVPMG (german) of 17 March 2021 including the justifications and here for the HTML version of the DVPMG as it was passed (german)of 3 June 2021.

You can download the differences between the draft and the resolution by the committee here (german).

1. Goals: what the DVPMG is aiming to achieve

The Law on the Digital Modernisation of Healthcare and Nursing Care aims to expand care with digital health applications and to expand these to nursing care. The goals are:

  • to improve the quality and availability of nursing care
  • to simplify processes such as the prescribing of medications and documentation
  • to increase patient autonomy
  • to ensure data security
  • to release service providers from the burden of data protection impact assessments

2. Implementation: how the DVPMG aims to achieve these goals

The law creates the necessary legal requirements and incentives to achieve these goals.

a) Reimbursement of digital nursing care applications

Digital nursing care applications should be reimbursed by the health insurance providers in the same manner as digital health applications.

Examples of digital nursing care applications of this type include:

  • software that helps with medication intake
  • apps and sensors on patients that provide warnings if the patient is developing bedsores
  • systems that help patients not to forget anything (e.g. to switch off the hob)
  • alarm systems for patients who have fallen
  • software that patients can use to train their memories
  • systems that help with administrative tasks such as completing applications

b) Electronic documentation

The data on patients (who require nursing care) should be integrated into the electronic patient file (ePF). Patients must be able to access this ePF via a “stationary terminal device”.

From 2023 this also applies to an additional  electronic patient summary. This also includes the emergency details.

Medication prescriptions should be electronic to a greater extent.

c) Digital communication

Telemedicine, in particular video consultations and other digital communication between nursing care professionals and those receiving nursing care should be enabled and promoted.

The technical requirements, in particular the telematics infrastructure, should be created and further expanded.

Many medical devices should or must offer open interfaces.

d) Data protection and data security

The Federal Office for Information Security (german)(Bundesamt für Sicherheit in der Informationstechnik, BSI) should be involved in the security checks to an increased extent.

Doctors in private practice no longer need to complete data protection impact assessments is they connect their practices to the telematics infrastructure in a manner consistent with the law.

3. Which laws the DVPMG amends

 Tip for readers in a hurry

This chapter sets out the details of the DVPMG. If you are not interested in these, scroll down to the fourth chapter which sets out the consequences for the medical device manufacturers.

a) Overview

The DVPMG amends a large number of laws:

  • Volume I of the Social Insurance Code
  • Volume V of the Social Insurance Code
  • Volume VI of the Social Insurance Code
  • Volume XI of the Social Insurance Code
  • Hospital Remuneration Act
  • Federal Healthcare Tariff Law
  • Implant Registration Act
  • Social Court Act
  • Regulation on Digital Health Applications
  • Regulation on the Prescription of Medicinal Products
  • Medicinal Products Act
  • Pharmacy Operation Order
  • Law on Narcotics
  • Second Sickness Insurance for Farmers Act
  • VAT Act
  • Hospital Financing Act
  • Insurance Supervision Act
  • Repeal of the Usage Supplement Act
  • Healthcare and Nursing Strengthening Act
  • Transplant Act
  • Laws regulating social compensation
  • BSI Act
  • Pharmacies Act

The following sub-chapters set out the most important changes.

b) Volume V of the Social Insurance Code

The most extensive changes introduced by the DVPMG relate to Volume V of the Social Insurance Code.

  • Medication plans may be created electronically.
  • There is an entitlement for remedies to be provided via telemedicine.
  • Doctors may prescribe digital health applications.
  • The associations of panel physicians provide telemedicine services as part of the emergency service.
  • The Federal Joint Committee sets out regulations for the remuneration of telemedicine services, in particular for the remuneration of video consultations (maximum of 30% of the services in the respective quarter). This also applies to the emergency service.
  • Structural finds into which the health insurance providers pay should promote telemedical forms of care.
  • Digital health applications should be used as remedies as part of midwifery assistance.
  • It is not just substantial changes to the devices that manufacturers must report to BfArM, they must also document all changes.
  • Manufacturers must be able to satisfy the interoperability requirements that can be set out by BfArM.
  • The BSI will set out the information security requirements each year.
  • A national eHealth contact point will be established.
  • As an alternative to the electronic health care, health insurance providers shall provide an accessible “digital identity for the healthcare sector”.
  • The rights and obligations of gematik (german) will be expanded. They will be able to run components and services within the telematics infrastructure themselves. They also have the right to set out the interoperability requirements of the digital identities.
  • The insured persons may access the electronic medication plan and the patient summary.
  • The patient summary also includes information about whether the insured person has agreed to donate their organs.
  • The Association of Statutory Health Insurance Physicians will set out both the content of the ePF, the medication plan and the summary and the interoperability requirements. In doing this, they must coordinate with other stakeholders such as gematik.
  • Home care prescriptions and non-hospital intensive care prescriptions must be issued electronically.
  • The cross-border exchange of health data should be made possible. However, patients’ consent is required for this.
  • Telemedical monitoring will be regulated.
  • The associations of panel physicians must support the provision of telemedicine services.
  • Remedies and implants that already transmit data via publicly accessible networks must permit data exchange with digital health applications.
  • A national health portal is to be set up along with a “Medical Service Federation”.

c) Volume XI of the Social Insurance Code (social care insurance)

The DVPMG makes numerous changes and additions to Volume XI of the Social Insurance Code. These include the new digital nursing care applications, among other things. Patients who require care are now entitled for these to be reimbursed too.

A requirement here, too, is that BfArM considers the digital application to be necessary and has included it in a new register of digital nursing care applications. Reimbursement is also limited to EUR 50 per month.

Definition: Digital nursing care application

“A digital nursing care application is an application (typically software) that is essentially based on digital software which is intended by the manufacturer to be used by persons who require care or their relatives to interact with one another” or “to decrease the reduction in independence or abilities of the person who requires care and counteract a worsening of the need for care unless the application is covered by health insurance or another responsible payer as a result of a disease or disability.”

according to Volume XI of the Social Insurance Code, Section 40a

These nursing care applications may also be used as part of nursing care consultations.

Like Digital Health Applications, (german) digital nursing care applications must satisfy quality criteria relating to:

  • Suitability for use: Accessibility, age-appropriate usability
  • Robustness
  • Consumer protection
  • Care-related content
  • Degree of support of the person who requires care, their relatives and care facilities
  • Interoperability

d) Regulation on Digital Health Applications

The DVPMG makes the following changes to the Regulation on Digital Health Applications, among others:

  • providing additional information when making submissions to BfArM, e.g.
    • about the data on remedies and implants and the associated data security evidence
    • about the activity relating to midwives and remedied affected
  • obligation to ensure interoperability with electronic patient files in line with an interface set out in Volume V of the Social Insurance Code, Section 354

right of BfArM to request penetration tests and a certificate for an IT security management system

e) Other

The DVPMG also amends other laws. Because of the option to issue electronic prescriptions, this primarily affects laws relating to medicinal products.

4. What the DVPMG means for medical device manufacturers

 Tip for readers in a hurry

This chapter sets out the requirements of manufacturers. Readers in a hurry can jump straight to the summary in sub-chapter f).

a) Documentation of the device and the changes to it is required

Manufacturers are obliged

“To document changes to the digital health applications. The Federal Institute for Drugs and Medical Devices can request that documentation be submitted if the Federal Institute for Drugs and Medical Devices becomes aware that the manufacturer has not met their notification obligation according to sentence 1.”

Volume V of the Social Insurance Code, Section 139e

This documentation should be a matter of course. The right of BfArM to request this documentation has now been clarified.

b) The interoperability requirements could become a problem

Interoperability is an explicit quality feature of the medical device. Through legal regulations, the ministry can regulate the

“requirements of interoperability and the fulfilment of the obligation to integrate interfaces [...]”

Volume V of the Social Insurance Code, Section 139e(9)

Interoperability relates to interfaces with electronic patient files and electronic patient summaries.

There are also new requirements for the interoperability of implants and remedies that already “transfer data about the insured person to the manufacturer or third parties electronically via publicly accessible networks”.

The additional interoperability requirements often lead to changes to the devices.


Certain medical devices must offer a new interface. MDCG 2020-3 makes clear that a “new channel of interoperability” is a substantial amendment. This removes the “inventory protection” for all digital health applications that were marked under the MDD.

Combined with the costs of implementing the interface and switching to MDR and the limited availability of notified bodies, this could be an existential problem for Digital Health Application manufacturers. This is precisely the opposite of what the legislator was planning.

c) The data protection requirements are increasing

The BSI is empowered to establish the data security requirements of digital health applications on an annual basis. From 1 June 2022, it must define testing procedure and/or corresponding certificates with which the requirements of the GDPR are demonstrated (see GDPR Article 42).

BfArM can request penetration tests and security reports. From 1 January 2022 it can insist on a certificate for an information security management system. This also applies for digital health applications that have already been included in the register.

d) New opportunities for manufacturers

The legislator was aiming to strengthen the market for digital health and nursing care applications. There are new opportunities for manufacturers:

  • They benefit from the new reimbursement options.
  • A new market for nursing care applications has been created in particular. The care market is huge: there are more than 4 million people who require care. According to information provided by the Federal Ministry of Health, over  EUR 45 billionwas spent on social care insurance in 2020.
  • The data from remedies and implants must also be available to third parties. Linking these data and other data enables new applications and business models to be developed. This was precisely the intention of the law.

f) Summary for manufacturers

Manufacturers should do the following to satisfy the requirements of the DVPMG:

  • Software requirements
    • add data security requirements
    • add interoperability requirements, including
      • electronic patient files,
      • electronic patient summaries and
      • other requirements for implants and remedies
  • software design, implementation and verification
    • add software architecture accordingly
    • implement and verify software
    • carry out the penetration tests that are now compulsory for all digital health applications
  • if necessary “re-authorise” software (see discussion above on MDCG 2020-3)
  • strive to achieve data security certificates
    • Organisation: information security management system
    • Device: if necessary test certificate (can also be requested for digital health applications that are already listed)
  • Include in the PMS plan that changes by the BSI relating to these data security requirements are monitored on an annual basis (the BSI “will generally set out the data security requirements for digital health applications to be proven on an annual basis [...]”

5. Criticism of DVPMG

a) Too few changes

The German Electrical and Electronic Manufacturers' Association has complained (german) that DVPMG is not a breakthrough as it is just one numerous individual measures but there is no identifiable overarching strategy.

Criticism from Bitkom is in a similar vein and notes that a digital restart in a modern, digital healthcare sector is needed. The law is not sufficient.

They also claim that the restriction on video consultations to 30 percent is not appropriate during an epidemic [source].

b) Too much digitalisation

The medical profession is warning about too much digitalisation (german). The arguments are the ones that are to be expected:

  • Data protection: there would be central data storage, which would “torpedo” medical confidentiality.
  • It would interfere with the relationship between the doctor and the patient.
  • Doctors were not sufficiently involved.

c) Distortion of competition and too much power for gematik

Dr Doris Pfeiffer, Chair of the Central Federal Association of Health Insurance Funds, also things that the increase in the power of gematik is a problem (german).

“gematik is creating increasing numbers of direct interfaces with and access points to insured persons, giving it a direct influence over the way in which the insured persons experience the digitalisation of the healthcare system, understand their health, decide which routes to take and use devices. This puts them in a position to bypass key stakeholders such as the doctors and health insurance providers. […] A gematik which not only tests and certifies the applications to be marketed practically as a state sub-department but also simultaneously develops and markets its own devices should definitely be rejected.”

6. Summary and conclusion

There is a lot of criticism...

As usual, criticism comes from all directions. The criticisms are:

  • Too much work
    • Bureaucracy
    • Costs, e.g. for changing the devices and new authorisations
    • Costs to meet data protection requirements
  • Rush job
    • Consequences not considered (e.g. consequences arising from MCG 2020-3)
    • Patchwork instead of a digital strategy
    • Poor management (cynics are already predicting digital homoeopathy)
  • Risk to the market that is aiming to be built up and protected
    • Disadvantaging smaller companies and favouring larger companies (e.g. US groups)
    • Interference in competition by gematik
    • Interference in the autonomy of the manufacturers by obliging them to open up interfaces
  • Other
    • Concentration of power as a result of centralisation, e.g. through the national health portal and the increased rights allocated to gematik and BfArM
    • Additional data protection risks
    • Interference in the relationship between the doctor and the patient


It’s easy to criticise, but balancing out the interests of the lobbyists is an almost impossible task. The complexity of the rules is difficult to master. It’s no coincidence that the draft of the amending law runs to over 170 pages.

Many of those who are complaining about the law are precisely the ones who have caused Germany to fall behind in the digitalisation of the healthcare sector by blocking initiatives and pursuing their own individual interests.

Many of the processes in the healthcare sector with its silos are inefficient and embarrassing. Four million people who require care cannot continue to be treated using last century’s approaches. The ruling by the Federal Labour Court awarding minimum wage to foreign nursing staff is exacerbating the situation.

We should welcome any attempt to drive this complex system forwards. We can no longer continue as we always have.

We should therefore recognise that experts looking in from outside, such as the Swiss professor, Dr Andrea Bellinger, envy Germany for what Jens Spahn and his ministry have managed to do. Ms Bellinger refers explicitly to the DVPMG.

Do you need help to get your digital health application or digital nursing care application listed in the BfArM register? We’d be happy to help. Get in touch using the contact form.


Prof. Dr. Christian Johner

Find out what Johner Institute can do for you

A quick overview: Our


Learn More Pfeil_weiß

Always up to date: Our


Learn More Pfeil_grau

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.