Health Data

Personal data related to the physical or mental health of an individual, including information about healthcare services provided, medical history, diagnoses, treatments, prescriptions, test results, and health conditions. Health data is particularly sensitive because it reveals intimate personal information, can affect employment and insurance, may carry social stigma, and impacts critical life decisions. GDPR Article 9 classifies health data as special category data requiring explicit consent or another specific exception for processing. In the U.S., HIPAA governs health information held by covered entities and business associates. Health data extends beyond traditional medical records to include fitness tracker data, mental health information, genetic data relevant to health, and even online searches about health conditions. Organizations handling health data should implement rigorous security, conduct privacy impact assessments, train personnel on handling requirements, carefully limit access, obtain appropriate consent or legal basis, and comply with sector-specific regulations.