The use of data from electronic health records in times of a pandemic-a legal and ethical assessment.

National electronic health record systems controlled (at least in parts) by the patient are becoming increasingly common. During a pandemic, data stored in such records could be used by health authorities to identify persons with a particular health risk. In this contribution, the authors focus-from the perspective of law and medical ethics-on the question whether such state access to data could, under certain circumstances, be disadvantageous to a person's state of health in the long run. This may be the case if the data extracted is not only used for the purpose of informing persons, but serves as a basis for measures taken against the will of the individual concerned. This might be perceived as a "breach of trust" and could result in persons opting out of or not opting into an electronic health record system. Such unintended consequences raise concerns from an ethical and a legal point of view. It follows that, even in times of a pandemic, access to personal data stored in patient-controlled health records should be used as a last resort only. While this contribution deals with the legal framework within the EU, its considerations are transferable to other national electronic health record systems.