Health data is in the special category personal data category. Processing by the hospital/clinic is subject to strict rules.
Legal Framework
- KVKK article 6 (special qualification)
- Health Services Law No. 3359
- Patient Rights Regulation
- Ministry of Health communiqués
Legal Basis for Data Processing
- Treatment contract (contract). performance)
- The physician is under the obligation of confidentiality
- Notification to the Ministry of Health (in cases of necessity)
Patient Rights
- Access to medical records
- Request for correction
- 3. information in case of sharing to a person
- Deletion under certain conditions
e-Pulse System
- Central system of the Ministry of Health
- All health institutions transfer data
- Person sees his data through e-Government
- Can close certain sharing
Hospital Obligations
- VERBİS record
- Information text (including emergency)
- Security measures (encryption, authorization)
- Storage period (usually 20 years)
- Destruction processes
Breach Scenarios
- Unauthorized viewing of the patient file
- Leakage of the patient list
- Results to the wrong person sending
- Sharing about the patient on social media
KVKK Board Decision
KVKK Board gives the highest penalties for health data leaks. It controls employee training and technical infrastructure of hospitals.
Health/KVKK expert lawyer is recommended.