Abstract This paper argues that assessing personal responsibility in healthcare settings for the allocation of medical resources would be too privacy‐invasive to be morally justifiable. In addition to being an inappropriate and moralizing intrusion into the private lives of patients, it would put patients’ sensitive data at risk, making data subjects vulnerable to a variety of privacy‐related harms. Even though we allow privacy‐invasive investigations to take place in legal trials, the justice and healthcare systems are not analogous. The duty of doctors and healthcare professionals is to help patients as best they can—not to judge them. Patients should not be forced into giving up any more personal information than what is strictly necessary to receive an adequate treatment, and their medical data should only be used for appropriate purposes. Medical ethics codes should reflect these data rights. When a doctor asks personal questions that are irrelevant to diagnose or treat a patient, the appropriate response from the patient is: ‘none of your business’.