Health data are data relating to the mental or physical state of health of data subjects or information, from which this state of health can be gleamed.
These data are considered in the special categories of personal data in the General Data Protection Regulation, the processing of which requires the express consent of the data subjects. Processing of health data, for example in a doctor’s office or a hospital, is generally possible, but there are strict confidentiality regulations. These data may only be processed by qualified personnel subject to professional secrecy.
Article 4(15) GDPR (Definitions)
“data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status
Source: Regulation (EU) 2016/679