Who owns your medical records? Global Medical Data Sovereignty Map
Healthcare Sovereignty | Season 1, Part 4
Dr. Chen Jiarui made a statement during an interview with GFM that deserves special consideration:
"Even as a doctor, finding the right specialist, retrieving the images, and going through the procedures still feels like navigating a maze."
A physician with over thirty years of clinical experience, who had long served as the head of orthopedics at a trauma hospital, discovered that his medical records and images were locked in different systems and could not be accessed smoothly after he became a patient.
If even he can navigate a maze, where would an ordinary patient be?
The answer to this question points to one of the most specific, yet least publicly discussed, dimensions of medical sovereignty: Who owns your medical records? 
(Image caption) True sovereignty over medical records is not just about "access to medical records," but about whether patients can decide who can access them, when they can access them, and under what conditions they can be accessed. Technology can improve access methods, but it may not change the control itself.
1. What is a medical record?
In a legal sense, a medical record is a record of a person's health status, including diagnosis, treatment plan, medication history, imaging, laboratory reports, and the physician's clinical judgment.
In an institutional sense, a medical record is a person's passport to the medical system. Without a medical record, or if the record cannot be accessed, a patient must start from scratch in any new medical scenario—re-describe their symptoms, redo any tests that may have already been done, and wait again for the results that may already be available.
In terms of power, control over medical records determines who holds the informational advantage in the medical relationship. When your medical records are locked in a system, the holder of that system possesses a structural power over you—because you need them, but it doesn't necessarily need your permission to use them.
This is why sovereignty over medical data is the most concrete manifestation of medical sovereignty. 
(Image caption) Medical records are not just medical records, but also a person's passport to the medical system. When records cannot be accessed, patients are often forced to start from scratch in new medical situations.
II. United States: The Design Logic and Implementation Challenges of HIPAA
In 1996, the U.S. Health Insurance Portability and Accountability Act (HIPAA) established a forward-thinking principle at the time: patients have the right to access their own medical records.
HIPAA stipulates that healthcare institutions must provide a copy of a patient's medical record within 30 days of a patient's request, and cannot refuse on the grounds of excessive cost or technical difficulty. The theoretical logic behind this design is clear: if the information belongs to the patient, the patient has the right to access it.
However, HIPAA has a fundamental problem in its design: it manages "access" rather than "interoperability".
In other words, HIPAA tells you that you have the right to access your medical records, but it doesn't require your old hospital to automatically transfer them to your new doctor. This transfer requires you to actively apply, wait, and follow up, and usually also requires a paper-signed authorization.
As a result, in the United States, a patient who moves from Boston to Los Angeles does not automatically have their medical records transferred with them. They need to request records one by one from each of the institutions where they previously received treatment, and each request may involve different formats, different fees, and different waiting times.
In 2016, the U.S. government introduced the 21st Century Cure Act, which further required healthcare institutions to adopt interoperability standards, allowing medical records to flow between different systems. However, the implementation of this law remains fragmented, and interoperability between different electronic health record (EHR) systems is still fraught with friction in practice.
Nora's predicament in seeking medical care was partly a direct result of this friction: her medical history existed, but it was not in the doctor's system, and the doctor had neither the will nor the ability to retrieve it in those few minutes.
III. The United Kingdom: The Advantages of a Unified Architecture and Its Boundaries The UK's NHS electronic health record system is, in theory, a unified national architecture. Patients' medical records can be accessed by authorized healthcare personnel within the NHS system without requiring patients to submit them repeatedly.
The advantage of this unified architecture is significant: when a UK patient visits different cities or different NHS hospitals, the attending physician can usually access the same record without the patient having to describe their medical history from scratch.
However, there are two noteworthy boundaries to the unified architecture of the NHS.
The first boundary is between the public and the private sector. The UK has a sizable private healthcare market, and the records of private clinics and hospitals are often not part of the unified NHS system. An examination performed at a private clinic may not be directly accessible to an NHS doctor.
The second boundary is system security. In 2017, the NHS suffered the WannaCry ransomware attack, forcing many electronic health record systems offline and some hospitals to revert to paper-based records. This attack exposed the vulnerability of a unified architecture: while centralization brings convenience, it also introduces the risk of single points of failure. 
(Image caption) In many healthcare systems, medical records exist, but they are locked in systems that are not interconnected. The existence of data does not equate to the flow of data; the preservation of records does not mean that patients can actually access them.
IV. EU: GDPR's Strong Protection and Mobility Dilemma
The General Data Protection Regulation (GDPR), which came into effect in 2018, is one of the most stringent legal frameworks for personal data protection in the world. Medical data is classified as a "special category of data" and enjoys a higher level of protection.
Under the GDPR framework, EU citizens have clear rights to their medical records: the right to access (to know who holds your data), the right to correction (to correct inaccurate records), the right to deletion (to request deletion under certain conditions), and data portability (to request access to their data in a machine-readable format).
These rights are very strong in text. But the GDPR also creates a tension: it imposes strict restrictions on the flow of data, making cross-border sharing of medical data fraught with legal friction in practice.
For a German patient receiving treatment in France, the cross-border transfer of his medical records if he needs to continue treatment in Germany must comply with strict data protection requirements, a process that may be more complicated than simply redoing certain tests.
The strong protections of the GDPR, in some situations, have ironically become obstacles to the flow of medical information.
V. China: The Boundary Between State-Led Framework and Individual Sovereignty China has made significant legislative progress in the governance of medical data in recent years: the Personal Information Protection Law and the Data Security Law of 2021 established a basic framework for the protection of individuals' data.
In the healthcare sector, China is promoting the unified integration of "health codes" and electronic health records, with some cities already achieving cross-hospital electronic medical record sharing. This integration has significantly improved efficiency: patients can sometimes avoid repeating tests with existing results when visiting different hospitals.
However, the core issue of China's sovereignty over medical data lies not in efficiency, but in who controls the data. In China's institutional design, the state has relatively broad access to medical data, while the boundaries of an individual's control over their own data can be legally narrowed within the framework of national security and public health.
This is not a simple matter of "good" or "bad." In public health emergencies, broad access to data can improve the system's response speed. But it also means that individual sovereignty over their medical data was not a top priority in the initial design of the system. 
(Image caption) From HIPAA to GDPR, from the NHS to China's state-led framework, different countries have different methods for controlling, sharing, and protecting medical data. The question of who owns medical records has completely different answers depending on the system.
VI. Singapore: An Experiment in Balancing Efficiency and Privacy Singapore's National Electronic Health Record (NEHR) system is a relatively advanced example in Asia in terms of integrating medical data.
NEHR allows healthcare providers to access patients' cross-institutional medical records with patient authorization, and patients can also view their health records through the HealthHub platform. This design achieves a high level of efficiency and transparency.
However, Singapore has also faced significant challenges to its data security. In 2018, Singapore's health database suffered a cyberattack, resulting in the theft of personal data and outpatient records of approximately 1.5 million patients, including the medical records of then-Prime Minister Lee Hsien Loong. This incident forced Singapore to comprehensively re-examine its medical data security architecture.
The Singapore case illustrates that even relatively well-designed integrated systems face ongoing security challenges. The ease of integration and the vulnerability of security are two sides of the same coin.
VII. The Global South: When Data Sovereignty is a Luxury. In resource-scarce environments in sub-Saharan Africa, parts of South Asia, and Latin America, discussions of medical data sovereignty take on entirely different contexts.
In many regions, paper-based medical records remain the mainstream, but the problem with paper-based records is that they are easily lost, difficult to transmit, and cannot be shared between different institutions. When patients visit different medical institutions, they often need to describe their medical history from scratch, and doctors make clinical decisions based on incomplete information.
The more fundamental problem is that in an environment with severely inadequate basic medical facilities, the answer to the question "who owns your medical records" is often "nobody owns them because nobody records them."
Data sovereignty is a luxury here, not because it is unimportant, but because its prerequisite—a complete record of data—does not exist.
This is one of the most easily overlooked dimensions in the global debate on healthcare data sovereignty: when we discuss who should control healthcare data, we implicitly assume that this data exists. But for a large portion of the global population, this assumption itself is invalid. 
(Image caption) While consolidating medical data improves efficiency, it also amplifies risks. Centralized systems make records flow more easily, but they also make attacks, leaks, and single points of failure greater institutional challenges.
8. AiTmed's proposition: Can technology restore data sovereignty?
Chen Jiarui and AiTmed are attempting to solve the problem of the flow and control of medical data. Blockchain-based evidence storage, cross-institutional data sharing, and patient authorization management—these designs are based on the goal of giving patients back actual control over their medical data.
This direction is meaningful. However, it faces a fundamental challenge: technological solutions can change the way data flows, but they cannot automatically change the control logic of the system.
In other words, even if AiTmed establishes a data architecture that patients can control, the access rights of hospitals, insurance companies, and regulatory agencies to this data within the existing healthcare system will not automatically disappear due to changes in the technological architecture. True data sovereignty requires simultaneous changes in the technological architecture, the institutional design, and the legal framework.
This is not a denial of AiTmed, but a questioning of the assumption that "technology can solve institutional problems".
Dr. Chen said, "Medicine can be redesigned."
Yes. But what's needed for the redesign isn't just a better system, but a clearer definition of the problem: to whom should your medical records belong? The answer to this question can be very different in different political, cultural, and institutional environments.
In the next article, we will delve into another underrated issue of power: when you need to see a specialist, who has the authority to decide whether or not you can go?
Part Five: Referral is a Power Barrier
The legal frameworks cited in this article include the U.S. HIPAA (1996), the U.S. Cure for the 21st Century Act (2016), the EU GDPR (2018), and China's Personal Information Protection Law (2021) and Data Security Law (2021), all of which are publicly available legal documents. Descriptions of the national systems are based on publicly available policy documents and academic research.