The Regulation Amending The Regulation On Personal Health Data Has Been Published

The Regulation (the "Amendment Regulation") Amending the Regulation on Personal Health Data (the "Regulation") was published in the Official Gazette dated 3 December 2025 and numbered 33096 and entered into force on the date of its publication.

In accordance with the amendments introduced as of March 2024 under the Personal Data Protection Law No. 6698 (the 'DP Law') regarding the processing of special categories of personal data, the Amending Regulation has comprehensively restructured the existing regulatory framework governing the access and processing of personal health data.

• Pursuant to Article 5 of the Regulation, the revision introduced under the heading 'General Principles and Rules' has changed the legal basis for the obligation to present or share individuals' past health data. Instead of the former approach, which limited this obligation to cases where it was "necessary for the provision of healthcare services", the new framework now makes such obligation dependent on the existence of the processing conditions set out under Article 6(3) of the DP Law.
• Furthermore, with the amendment under Article 6 of the Regulation, the system governing healthcare professionals' access to personal health data has been transformed into an access framework based on statutory processing conditions and aligned with the principles of data security and privacy. Instead of the previous "service necessity" based approach, which was open to broad interpretation, access is now strictly required to be directly linked to the existence of a lawful processing condition, the nature of the healthcare service provided, the stages of the operational workflow, and the scope of the physician's duties. Accordingly, access authorisation has been removed from an abstract necessity criterion and placed within clearly identifiable, limited, and purpose-related legal parameters.
• Another amendment under the Regulation removes the requirement to include an explicit consent clause for special categories of personal data in powers of attorney for lawyers' access to health data. With this revision, the processing of such data is now directly grounded on the processing conditions set out under Article 6 of the DP Law.
• The provisions introduced by the Amending Regulation also include comprehensive updates regarding the procedures for access to children's health data, the security preferences determined through the e-Nabız system (Türkiye's national digital health platform), and the practical criteria governing physicians' data access authorization.

You can access the full text of the Amendment Regulation via this link. (Only available in Turkish)

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.