Regulation On Personal Health Data Has Been Amended

An amendment was introduced to the Regulation on Personal Health Data published in the Official Gazette dated 21 June 2019 and numbered 30808 ("Regulation") by the regulation published in the Official Gazette on 3 December 2025. The amendments primarily concern the rules governing access to personal health data. These changes serve to strengthen compliance with the Law on the Protection of Personal Data No. 6698 ("LPDP") and its secondary legislation.

The amendment defines the existence of the conditions set forth in paragraph three of Article 6 of the LPDP as the principal rule governing access to personal health data.

Prior to the amendment, the rules governing access to personal health data differed depending on whether the individual had an e-Nabız account. This distinction has now been removed. Under the Regulation, access to personal health data will now be possible in various circumstances depending on the type of healthcare service received. Accordingly:

i. The family physician may access personal health data indefinitely.

ii. The physician consulted, together with other physicians employed by the relevant healthcare provider, may access such data only until the completion of the procedures directly related to the service provided.

iii. Physicians employed at the healthcare provider where the patient is admitted as an inpatient may access the patient's health data until the patient is discharged.

iv. In emergency service admissions, all physicians on duty at the same healthcare facility may access the data until the individual is discharged from the emergency department.

v. Physicians will be able to access health data according to the security settings configured through the e-Nabız system.. However, in cases where the patient is admitted or presents through the emergency department, this rule will not apply to the extent that the processing conditions under paragraph three of Article 6 of the KVKK prevail.

vi. If individuals do not wish their past health data to be accessible, physicians may access such data only if the verification code sent to the phone number registered in the patient's e-Nabız profile is provided within the framework of the e-Nabız security preference mechanism introduced by the Regulation.

vii. Furthermore, in cases of criminal detention or imprisonment, since a verification code cannot be sent to the individual, access may be granted to the family physician and the relevant physicians without performing any security setting checks.

The new regulation strictly limits physicians' access to health data in terms of function, service relationship, and duration.

During the pendency of divorce proceedings, the party to whom temporary custody has been granted is now able to access the child's health data. In the event that the divorce becomes final, any request by the parent who has not been granted custody to access the child's health data will be assessed by the General Directorate. If the request is deemed appropriate, data that allow for an assessment of the child's health condition—but do not contain the address, contact information, or location data of the custodial parent or the child—may be shared with the requesting parent, in accordance with the principle of data minimization.

Persons who serve as caregivers for individuals holding a disability report are now able to access those individuals' health data. This regulation aims to enable caregivers who carry out procedures on behalf of disabled individuals to manage healthcare service processes more effectively.

The rules to be applied in the sharing of health data will no longer be determined solely by the practices of the relevant healthcare provider but will instead be established in accordance with the rules issued by the General Directorate. This aims to ensure a more centralized and standardized implementation. In addition, instead of the previous regulation concerning the revocation of authorization, the necessary procedures will now be carried out by the disciplinary authority.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.