Health data sharing is conditional on the benefit of authorized healthcare personnel + patient.
Permitted sharing
- Authorized healthcare personnel.
- For the benefit of the patient.
- Explicit consent is not required (Art. 6/3 - as required by law).
e-Pulse
- Ministry infrastructure; official.
- User password check.
Inside the hospital
- Access is role based.
- Log recording + auditing.
Frequently asked
Is data requested from the old hospital?
Yes; Within 30 days upon patient request.
Sharing reports via WhatsApp?
Risk; There may be a violation of KVKK; KEP / e-signature is recommended.
Does the hospital have to appoint a DPO?
A practical necessity if it processes 50K+ files.
Relevant legislation
- KVKK no. 6698 article 12 — Data security obligation; notice of violation (art.12/5).
- KVKK no. 6698 article 14 — Right to compensation.
- KVKK no. 6698 article 18 — Administrative fine (up to 5 million TL).
- GDPR Art. 33-34 — 72-hour infringement notification on EU cross-border transfer.
- TCK art.135-136 — Unlawful recording/dissemination of personal data.
Legal notice: This article is for general information purposes; A meeting with a lawyer is required for a concrete case.