Recital 18

In addition, due to the different sensitivities in the Member States on the degree of patients’ control over their health data, Member States should be able to provide for an absolute right to opt out from access to their personal electronic health data by anyone other than the original controller, without any possibility to override that opt-out in emergency situations. In such a case, Member States should establish the rules and specific safeguards regarding such opt-out mechanisms. Those rules and specific safeguards could also relate to specific categories of personal electronic health data, for example genetic data. The right to opt out means that personal electronic health data relating to the natural person who exercises that right would not be made available through the services set up under the EHDS other than to the healthcare provider that provided the treatment. Member States should be able to require the registration and storage of personal electronic health data in an EHR system used by the healthcare provider who provided the health services and accessible only to that healthcare provider. If a natural person has exercised the right to opt out, healthcare providers will still document the treatment provided in accordance with applicable rules, and will be able to access the data registered by them. Natural persons who exercise the right to opt out should be able to reverse their decision. In such cases, personal electronic health data generated during the period of the opt-out might not be available via the access services and MyHealth@EU.