Know Your Rights
Under International Law

Two international legal frameworks protect your rights as a patient. The CRPD establishes equality rights for people with disabilities. The GDPR gives you control over your personal health data. Together, they are more powerful than either law alone.

Plain-language guide. Educational resource. Not legal advice.

7 Rights explained in plain language
CRPD 4 Key Articles
GDPR 3 Data Rights
100% Free
Resource
UN CRPD

Your Disability Rights

The Convention on the Rights of Persons with Disabilities is a United Nations treaty ratified by most countries. Four articles are directly relevant to patients managing health information.

Article 9

Accessibility

You have the right to use digital health systems on equal terms with everyone else. If a hospital portal or health app is not accessible to you, that is a barrier the system must remove.

Health platforms, patient portals, and digital records must work for people with all types of disabilities. This includes screen readers, alternative input methods, and plain language. If you cannot access your own health information because the system was not built for your needs, Article 9 says that is a problem the system must fix — not something you must work around.

Article 21

Freedom of Expression and Access to Information

Health information must be provided in formats you can use, at no extra cost.

What this means for patients

If you need medical records in large print, plain language, audio, or another accessible format, you have the right to receive them that way. Health institutions should not charge more for an accessible version of your own information. This applies to test results, treatment plans, discharge summaries, and any other records about you.

Article 25

Health

You have the right to the same quality of health services as everyone else, without discrimination based on disability.

What this means for patients

Equal access to the same range of services, including specialist care, second opinions, and follow-up treatment. Health providers should give you the information needed to make informed decisions. Where disability creates barriers to understanding or accessing care, providers have a duty to remove those barriers.

Article 26

Habilitation and Rehabilitation

You have the right to support services that help you reach your highest level of independence and participation in daily life.

What this means for patients

During or after treatment, you are entitled to rehabilitation and support services based on your individual needs, available early, designed to help you participate fully in your community. This includes access to assistive technology and peer support. The goal is your independence, not dependence on any single institution.

EU GDPR

Your Data Rights

The General Data Protection Regulation is European law. If your health data is held by an institution in the EU or EEA, these three articles give you specific, legally enforceable rights over that data.

Article 15

Right of Access

You can ask any health institution for a copy of all personal data they hold about you. They must respond within one month, extendable to three months for complex requests. This includes test results, clinical notes, referral letters, and any data used to make decisions about your care.

In practice

Write to the institution's data protection officer and request all personal data held about you under GDPR Article 15. The first copy must be provided free of charge in a commonly used electronic format.

Article 16

Right to Rectification

If your health records contain errors, you have the right to have them corrected. This covers wrong dates, incorrect diagnoses in administrative systems, misspelt names, or outdated information that has not been updated.

In practice

Identify the specific error and send a written rectification request citing GDPR Article 16. The institution must correct the data without undue delay.

Article 20

Right to Data Portability

You can ask for your health data in a structured, machine-readable format and transfer it to another provider. Your data should follow you, not stay locked inside one institution's system. This applies to data you provided directly, processed by automated means on the basis of consent or contract.

In practice

Request a portable copy of your data (for example, CSV or JSON format) and ask the institution to transmit it directly to your new provider where technically feasible.

The Reality

The Gap Between
Law and Practice

These rights are established in international law. In practice, they are frequently difficult to exercise.

  1. Information Asymmetry

    Most patients are unaware these rights exist. Health institutions are not required to proactively inform patients of their data access rights at the point of care. The practical outcome is that most patients never exercise rights they already hold under law.

  2. Accessibility Barriers

    Even when patients request their records, responses often arrive in formats that are not accessible. Medical jargon, PDF-only delivery, and systems without screen reader support create barriers that fall disproportionately on patients with disabilities — the population these laws most directly protect.

  3. Institutional Friction

    Data access request procedures vary widely across health institutions. Some respond within days with complete records. Others take months or provide incomplete data. The law sets clear deadlines — but compliance and enforcement vary significantly across jurisdictions and institution types.

Make an Impact

Volunteer With Us

Join our global community of educators and mentors. Share your expertise, create lasting impact, and help build a more equitable future through education.

Explore Opportunities
Corporate Impact

Partner With TEEI

Amplify your CSR impact through strategic partnerships. Connect your team with meaningful educational initiatives through Benevity, YourCause, or direct collaboration.

Start Partnership

Site footer