This analytical study addresses one of the most complex issues in modern law and bioethics: the ownership of medical data in the era of digital healthcare and artificial intelligence. The author conducts a comparative analysis of legal regulations and enforcement practices across three jurisdictions: the Russian Federation (Federal Law 323, EGISZ), the European Union (GDPR), and the USA (HIPAA, 21st Century Cures Act).
The paper reveals the fundamental dichotomy between ownership of the physical medium (server, paper record), which belongs to the medical organization, and rights to the informational content, which are vested in the patient. It is established that no jurisdiction grants the patient absolute property rights (including the right to data destruction) due to public safety requirements and the legal defense needs of physicians.
The study highlights distinct approaches: the Russian model is characterized by centralization (EGISZ) and bureaucratic access procedures ; the European model focuses on individual rights but restricts the «right to be forgotten» in medicine; while the US model, through the ban on «information blocking» and the implementation of APIs (Blue Button 2.0), enables rapid technological access to data.
The comparative legal analysis of regulation in the Russian Federation, the USA, and the EU demonstrates that in none of the jurisdictions examined is the patient granted an absolute right of ownership over medical records; a dichotomy is legally established wherein the physical medium belongs to the medical organization, while the patient holds rights only to the informational content. Furthermore, the implementation of the “right to be forgotten” in the medical sphere is effectively impossible due to the priority of public safety and strict requirements for archival storage and data auditing.
Despite differences in the mechanisms of rights implementation—ranging from bureaucratic centralization in the Russian Federation and an emphasis on legal protection in the EU to technological openness via APIs in the USA—a paradigm shift is becoming the common vector of development. Real patient “information sovereignty” in the digital age is achieved not through attempts to obtain rights to the original document, but through a transition from ownership to control: the technological ability to seamlessly create independent personal digital archives.
