Hospital Digitalization under the Hospital Future Act (KHZG)
A modern, high-quality, and digital healthcare system – during the Covid-19 pandemic and beyond – is the core objective of the Hospital Future Act (KHZG). This new law primarily governs the financing of hospital investments. Here’s what the KHZG means for the healthcare sector.
Starting 1 January 2021, an investment program makes €3 billion available to digitize hospitals across Germany. These funds are intended to support investments in modern emergency care capacity, digital transformation, and IT security in hospitals. In addition, the federal states (Länder) are expected to contribute a further €1.3 billion in investment funding. The KHZG implements the “Hospital Future Program” adopted by the governing coalition on 3 June 2020. The Act entered into force on 29 October 2020.
The KHZG supports the provision of high-quality, modern healthcare. Source: Adobe Stock / Gorodenkoff
Key Provisions at a Glance:
-
A Hospital Future Fund (KHZF) is established at the Federal Office for Social Security (Bundesamt für Soziale Sicherung).
From 1 January 2021, the federal government allocates €3 billion to the KHZF via the Health Fund’s liquidity reserve. -
The Länder and/or hospital operators must cover 30 percent of each project’s investment costs.
-
The total funding volume available through the KHZF thus amounts to up to €4.3 billion.
-
Hospital operators have been permitted to begin implementing projects and submit their funding requests to the Länder since 2 September 2020. From the Act’s entry into force until 31 December 2021, the Länder may submit funding applications to the Federal Office for Social Security. Any federal funds not applied for by that deadline will be returned to the federal budget by the end of 2023. Deadlines for submitting applications to the Länder vary accordingly (e.g., Bavaria: 31 May 2021).
-
Cross-state projects are also eligible for funding via the KHZF.
-
Projects at university hospitals may receive funding of up to 10% of the respective Land’s total KHZF allocation.
The Federal Office for Social Security and the Federal Ministry of Health jointly developed and published, for the first time on 30 November 2020, guidelines for funding initiatives aimed at digitizing patient-related processes and structures throughout the course of a hospital stay. Eligible measures include, for example, patient portals, digital admission, treatment, or discharge management systems, and digital documentation solutions.
For every funded measure, 15% of the total amount must be invested in information security. Leveraging our existing expertise, we have thoroughly analyzed the new Hospital Future Act and are fully equipped to provide you with competent, tailored advice. As a starting point, we offer a free webinar providing an initial overview of the KHZG and the current state of information security best practices in German hospitals.
We are also happy to serve as your implementation partner for IT security projects – drawing on our extensive network of specialists. You can reach us by phone at +49 89 71680240
Key Facts
KRITIS attacks: Cyberattacks targeting critical infrastructure in Europe rose by 38 percent.
BSI reports: The BSI (Federal Office for Information Security) recorded over 250,000 new malware variants per day in 2024/2025.
Frequently Asked Questions
What is the difference between data protection and information security?
Data protection governs the lawful handling of personal data – including legal basis, purpose limitation, and data subject rights. Information security encompasses the technical and organizational measures designed to protect all data against loss, manipulation, or unauthorized access.
Is a Data Protection Officer mandatory for every company?
In Germany, appointing a Data Protection Officer is mandatory if at least 20 people are regularly engaged in the automated processing of personal data – or if special categories of personal data (e.g., health data) are processed.
What rights do data subjects have under the GDPR?
Rights include access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, and objection. Organizations must respond to such requests within one month.
Related Articles
- GDPR 2026: What’s changing – and what companies need to watch
- Case Study: Hospital thwarts cyberattack thanks to OT segmentation
- Beyond theory: How phishing simulations boost employee security awareness
More from the MBF Media Network
Header Image Source: Adobe Stock / sdecoret
Fact: According to AV-TEST, more than 450,000 new malware variants are discovered daily.
Fact: According to Cisco, 75 percent of consumers trust companies more when they handle data transparently.
TL;DR
- €3 billion made available in January 2021 to digitize hospitals across Germany.
- €3 billion allocated to the KHZF by the federal government via the Health Fund’s liquidity reserve, effective January 2021.
- The Hospital Future Act aims to foster a modern, high-quality, and digital healthcare system – both during the Covid-19 pandemic and beyond.
- The Länder are additionally expected to contribute €1.3 billion in investment funding.
