The rapid expansion of emerging technologies and the rise of the metaverse as a new generation of digital interaction have brought about profound transformations in the healthcare sector. Services such as telemedicine, virtual reality–based therapies, and virtual clinics are increasingly being developed and delivered within this environment. While these innovations offer significant opportunities to improve the quality of care and enhance access to healthcare services, they simultaneously involve the large-scale generation, processing, and exchange of patients’ health data, giving rise to serious legal challenges. Health data, due to their personal, highly sensitive, and in some cases irreplaceable nature, enjoy the highest level of importance within legal systems, and any violation or misuse of such data may severely undermine human dignity and patients’ right to privacy. Nevertheless, the metaverse, owing to its technical complexity, cross-border nature, lack of transparency in data ownership, and the weaknesses of digital informed consent mechanisms, faces substantial legal gaps and ambiguities in the protection of health data. This study adopts an analytical–descriptive methodology combined with a comparative approach to examine the legal framework governing health data protection in the metaverse, drawing on international instruments and selected national legal systems. The findings indicate that existing legal frameworks are insufficient to address the complexities of the metaverse, highlighting the inevitable need for the development of specific and up-to-date regulations to effectively safeguard patients’ privacy in this emerging digital space.