No, my doctors surgery is fine to store my patient records internally (e.g on-site).

But no it’s not fine to store those externally without my express written permission , or make recordings and send them to a third party.

It’s realistic here — this is how it works in Germany for decades and i’m fine with it.

edit: storing these on an american cloud provider, or any cloud provider really counts as a third party to me, also.