The fact no one else here has considered that all your private healthcare data is going through an MITM that can strip SSL before reaching the endpoint is rather terrifying. Even if we assume CloudFlare is trustworthy, they are US based, which means little to no GDPR.
