Introduction: The confidentiality of patients' medical data is an essential principle in healthcare, regulated by both the legal and ethical frameworks of Spain and the European Union. Recent legislative developments and technological advances have posed new challenges related to data privacy, especially about actual cases of non-compliance by healthcare professionals.Objectives: This analysis aimed to jointly characterize the current legal and ethical frameworks that regulate the confidentiality of patients' medical data in Spain and Europe, and to examine cases of judicial or administrative sanctions derived from non-compliance by health professionals in various healthcare settings and the media.Method: An exhaustive analysis of the literature was carried out using selected sources that included empirical studies, statistical reviews and doctrinal analyses of the Spanish and European legal frameworks. The review consisted of the analysis of empirical surveys on the knowledge and behaviour of healthcare professionals, as well as a systematic review of 201 administrative decisions issued by the Spanish Data Protection Agency in the healthcare sector between 2005 and 2018.Results: The review found that the GDPR and the Spanish law (LOPDGDD) provide strict regulatory bases for the handling of health data, reinforced by codes of professional ethics. More than half of the professionals surveyed lacked knowledge of the relevant laws, and informal violations were more frequent among older staff. Detailed analysis of administrative cases revealed violations such as unauthorized data transfers and loss of electronic media. Few studies incorporated legal, ethical, and empirical evidence, and most lacked complete case descriptions.Conclusions: There is a gap between existing legal and ethical requirements and practical compliance among health professionals in Spain. Although regulatory frameworks are robust, empirical evidence reveals persistent non-compliance and insufficient knowledge. Integrated analyses that combine legal, ethical and sanctions data are scarce, indicating the need for more research and institutional measures to ensure confidentiality in the management of health data.