China Issues Data Protection Measures for the Healthcare and Medical Industry

Technology development is driving the big data revolution in the healthcare sector in China. The Chinese government sent out clear signals on developing and applying big-data in healthcare and medical treatment back in 2015. However, accessing the medical data maintained by Chinese healthcare institutions and transferring those data outside China by business operators triggered regulatory concerns from a cybersecurity administration perspective. The National Health Commission of the People's Republic of China (NHC) recently issued a rule to regulate data protection in the healthcare industry.

The Measures on Administration of Standard, Security and Service for National Healthcare and Medical Data (Trial Implementation) (Measures) (国家健康医疗大数据标准、安全和服务管理办法（试行））was publicly announced on September 13, although the NHC issued them on July 12 this year. The Measures apply not only to healthcare institutions but also to any entities or individuals that may be involved in the administration of the healthcare and medical big data. The term “healthcare and medical big data” (HM Data) is broadly defined to include Chinese citizens' healthcare data generated during the process of disease prevention and health management within the territory of PRC.