You have a right to your health data. The GDPR says so. The new European Health Data Space Regulation says so more emphatically. But having a right and being able to exercise it are two different things — and that gap is where most health data governance fails.
This is the core argument of a chapter by Toivonen, Kovalainen, and colleagues in the Springer volume Generative AI, Contracts, Law and Design (2025). Their thesis: combining legal design methodology with Large Language Models can make health data access not just legally compliant, but genuinely usable for patients. It is a practical argument, and it deserves attention from anyone advising healthcare organisations in Switzerland or the EU.
The access right that nobody can use
The legal infrastructure for health data access in Europe is now substantial. The GDPR guarantees data subjects access to any personal data being processed, including health data (Art. 15). The EHDS — Regulation (EU) 2025/327 — goes further, requiring that patients receive immediate, free-of-charge access to their electronic health data through electronic access services. This includes patient summaries, electronic prescriptions, and discharge reports. The data must be provided "in an easily readable, consolidated and accessible format."
That last requirement is where theory meets reality. Because in practice, health data is anything but easily readable.
Consider what happens today: a patient visits their doctor, receives a verbal diagnosis, instructions for home care, and information about upcoming treatment. They leave confused. The patient record contains the data — but it was written by clinicians, for clinicians. The patient's right to access that information is technically fulfilled but practically meaningless.
This is not a training problem. It is a design problem.
Legal design as methodology, not decoration
Legal design is a human-centred, multidisciplinary approach that applies design thinking to legal problems. In this context, it means treating health data access not as a compliance checkbox but as a design challenge: how do you make complex medical and legal information comprehensible to the people it concerns most?
The approach follows the Design Council's Double Diamond framework — four phases that move from understanding the problem to delivering a solution:
What makes this more than a design exercise is the legal dimension. The process must ensure that solutions comply with the GDPR and EHDS — not just in data access, but in data portability (GDPR Art. 20), restriction of processing (GDPR Art. 18), and the EHDS provisions allowing patients to limit healthcare professional access to their data.
Where LLMs change the equation
The chapter's contribution is showing how LLMs fit into each phase of the legal design process — not as a replacement for human-centred design, but as an accelerant.
In the Discover phase, LLMs can draft and refine research questions, identify stakeholder groups, generate patient pathway models from existing data, transcribe interviews, and analyse qualitative research findings. They can read Post-it notes from service design workshops and structure the results. This is not glamorous work, but it is exactly the kind of labour that slows down the early phases of design projects.
In the Define phase, LLMs can cluster requirements, produce patient personas from qualitative data, generate illustrative charts from quantitative data, and create design briefs. They can separate user needs from organisational constraints and cost-feasible options from resource-intensive ones.
In the Develop phase, the productivity gains become substantial. LLMs can rapidly generate application mockups, prototype user interfaces, and produce variations from different stakeholder perspectives — the patient view, the nurse view, the administrator view. Speech-to-text and image-to-text capabilities speed up prototyping cycles. Users can test multiple alternatives faster than traditional design processes allow.
In the Deliver phase, LLMs can power the solutions themselves: automated text editing for patient-facing documents, speech-to-text applications that record and simplify home care instructions, mobile applications that present health data in an understandable format.
4 phases
Double Diamond
Discover → Define → Develop → Deliver, each augmented by LLMs
3 levels
Impact scope
Micro (patient), Meso (organisation), Macro (system-wide savings)
The risks you cannot ignore
The chapter is honest about the problems. And if you are advising healthcare organisations, you need to be equally honest with your clients.
Opacity. LLMs are surrounded by opacity — some of it inherent to how machine learning algorithms work, some of it intentional and protected by intellectual property. In a healthcare context where decisions affect patient wellbeing, this is not acceptable without mitigation. You need audit trails and human oversight at every decision point.
Hallucination and inaccuracy. LLMs can produce outputs that look authoritative but are wrong. In a health data context, a hallucinated medication instruction or a misrepresented lab result could have life-threatening consequences. The chapter flags "covariate shift and concept drift" — the training data may not match the real-world data the model encounters in use, leading to silently incorrect outputs.
Bias. Training datasets containing biases will produce biased outputs. In healthcare, this can mean systematically worse outcomes for underrepresented patient populations. This is not a theoretical risk — it is a documented pattern across medical AI applications.
Privacy erosion. Making health data more accessible inherently increases privacy risks. Health data is a special category under the GDPR (Art. 9), and the EHDS processes sensitive personal data by definition. Data cannot simply be fed into cloud-based LLMs for processing. On-premise or privacy-preserving architectures are not optional — they are a legal requirement.
What this means for Swiss and DACH practice
Switzerland occupies a distinctive position. The Swiss Electronic Patient Dossier (EPD / EPR) has been evolving for years, and the revised Federal Act on the Electronic Patient Record is pushing toward broader adoption. But Switzerland is not an EU member state, so the EHDS does not directly apply.
That said, Swiss healthcare organisations serving cross-border patients, participating in EU research programmes, or processing data of EU residents will need to account for the EHDS. And the design principles the chapter describes — making health data genuinely accessible, not just technically available — are relevant regardless of jurisdiction.
For legal practitioners advising healthcare clients in the DACH region, the practical implications are:
-
Compliance is a design question. Telling clients to "provide access" is insufficient. The EHDS accessibility requirement demands that health data be presented in a way patients can understand. Legal design combined with LLMs offers a concrete methodology to meet this obligation.
-
AI governance must be embedded from the start. Any LLM-powered solution for health data access needs strict governance: bias audits, accuracy monitoring, transparency mechanisms, and privacy-by-design architecture. Retrofitting governance is more expensive and less effective.
-
Interdisciplinary teams are not optional. The chapter is clear that legal design requires collaboration between legal professionals, designers, clinicians, patients, and technologists. Law firms advising on health data governance should be prepared to work with — or assemble — such teams.
The MyData dimension — individual control as design principle
One thread running through the chapter that deserves separate attention is the concept of MyData — the principle that individuals should have meaningful control over their personal data, not just access to it. This is not a fringe idea. It is embedded in both the GDPR (through data portability and restriction rights) and the EHDS (through provisions allowing patients to limit healthcare professional access).
But meaningful control requires comprehension. You cannot meaningfully decide to share or restrict access to data you do not understand. This is where the legal design approach becomes genuinely important: it treats comprehensibility not as a nice-to-have but as a precondition for exercising fundamental rights.
For Swiss practitioners, this connects directly to the EPD's consent architecture. The Swiss EPD gives patients granular control over who can access their records. But that control is only as good as the patient's understanding of what each record contains and what sharing it implies. An LLM-powered interface that explains clinical data in plain language — and in the patient's preferred language, whether German, French, Italian, or English — would transform consent from a checkbox exercise into an informed decision.
The EU AI Act overlay
Any deployment of LLMs in healthcare data access must also reckon with the EU AI Act (Regulation 2024/1689). Healthcare is explicitly listed among the high-risk domains, and AI systems that interact with health data will likely face conformity assessments, human oversight requirements, and post-market monitoring obligations.
This creates a layered compliance challenge: GDPR for data protection, EHDS for health data accessibility, and the AI Act for the AI systems themselves. Legal design can help navigate this complexity — but only if legal practitioners understand all three frameworks and how they interact. Advising clients to deploy LLMs for health data access without addressing the AI Act's requirements would be professionally negligent.
The measured optimism
The authors are careful not to overclaim. They acknowledge that few studies have measured the concrete benefits of human-centred design in healthcare environments. Their example is fictional — a demonstration of methodology, not a case study of proven outcomes.
But the logic is sound. The legal frameworks exist. The technology exists. The gap between patients' legal rights to health data and their practical ability to understand and use that data is real and measurable. Legal design combined with LLMs offers a structured approach to closing that gap.
For healthcare organisations, the practical next step is a pilot project: pick one data type — discharge summaries, for example — and apply the Double Diamond process with LLM support to redesign how that data is presented to patients. Measure comprehension before and after. Build the evidence base.
For law firms and consultancies, the opportunity is equally concrete. The organisations that can offer integrated legal-design-technology advisory services — not just compliance opinions, but actionable implementation support — will own this emerging market. The ones that wait for a regulatory enforcement action to prove the need will be responding to demand they helped create by inaction.
The question for practitioners is not whether this approach will become relevant — it is whether you will be ahead of it or behind it when your healthcare clients start asking.