Recital 93

The processing of large amounts of personal electronic health data for the purposes of the EHDS, as part of data processing activities in the context of handling health data access applications, data permits and health data requests entails higher risks of unauthorised access to such personal data, as well as the possibility of cybersecurity incidents. Personal electronic health data are particularly sensitive as they often contain information covered by medical secrecy, the disclosure of which to unauthorised third parties can cause significant distress. Taking fully into consideration the principles outlined in the case law of the Court of Justice of the European Union, this Regulation ensures full respect for fundamental rights, for the right to privacy and for the principle of proportionality. In order to ensure the full integrity and confidentiality of personal electronic health data under this Regulation, to guarantee a particularly high level of protection and security, and to reduce the risk of unlawful access to those personal electronic health data, this Regulation allows Member States to require that personal electronic health data be stored and processed solely within the Union for the purpose of carrying out the tasks provided for in this Regulation, unless an adequacy decision adopted pursuant to Article 45 of Regulation (EU) 2016/679 applies.