As healthcare moves online, countries are competing not just in technology but in who controls medical data. This battle shapes privacy, innovation, and trust in the digital age.
Across the world, health systems are digitizing fast. But a quiet battle is underway — not over who delivers healthcare, but who owns and governs the data behind it. Different countries are taking very different approaches to regulating medical data. These choices reveal deep questions about privacy, innovation, and sovereignty in the age of AI-driven medicine.
In the UK, the National Health Service (NHS) has embraced a central digital system powered by US tech giant Palantir. In 2023, the UK government signed a £330 million contract to create the Federated Data Platform. This platform collects patient data from over 200 NHS trusts. However, this decision sparked major concern. Privacy experts, politicians, and doctors warned that relying on a company linked to US intelligence could break public trust. Many NHS trusts remain cautious, with only a third actively using the platform by 2025. To encourage adoption, the government added £8 million to support consultancy efforts.
The UK’s experience shows the challenges of public-private partnerships in health data. What was meant to unify patient records has exposed tensions over control, transparency, and ethics.
Meanwhile, the European Union has taken a different path. The European Health Data Space (EHDS), effective since March 2025, sets one of the world’s strictest rules for sharing health data across borders. It gives individuals stronger rights to access and control their electronic health records. Unlike earlier laws like GDPR, EHDS allows broader real-time access and sets mandatory standards for interoperability, ensuring data can move safely across member countries.
EHDS also separates how data is used for individual care from research and innovation. It limits personal control over secondary uses of data but promises strong security. The EU is also building HealthData@EU, a shared system that controls access tightly and excludes countries or companies without proper safeguards.
Still, not all EU countries are ready. Some struggle with weak digital systems and limited budgets to meet EHDS’s tough standards.
Another challenge is AI. Medical AI needs large data sets, but poor data quality can lead to bias. EHDS requires pharmaceutical companies to share data while protecting intellectual property and balancing individual rights. Health Data Access Bodies must prevent monopolies on data use. This careful approach may slow innovation but aims to keep it ethical.
India is racing ahead with a very different model. Its digital health market is booming, expected to grow nearly 30% annually until 2032. India has issued over 739 million unique health IDs under the Ayushman Bharat Digital Mission. More than 500 million health records are linked, creating one of the largest digital health networks in the world.
However, India’s laws have not caught up. The Supreme Court recognized privacy as a fundamental right, but the country relies on general data protection laws. The Information Technology Act and newer Digital Personal Data Protection Act regulate health data broadly, but lack detailed rules for healthcare needs like data sharing or interoperability.
India has proposed the Digital Information Security in Healthcare Act (DISHA) and a Health Data Management Policy. These aim to protect health data specifically and set standards for privacy and data use. But both remain drafts as of 2025.
The road ahead is uncertain. India must balance rapid digital growth with stronger protections to avoid risks in data misuse or breaches. Its journey highlights the tension between fast innovation and legal safeguards.
Globally, three models stand out: the EU’s rights-based, security-first approach; India’s fast, market-driven expansion; and the UK’s controversial mix of public health data with private tech. Each shows a different way to handle the future of health data.
The ultimate test is trust. Patients must believe their sensitive health information is safe and used fairly. How countries regulate this will shape healthcare, privacy, and democracy for years to come.
The global race to digitize health care is well underway. But the fight over who controls the data is just beginning.
Related topics
