1、 recommended national standard, the Information Security Tech- nology Guide for Healthcare Data Security was released to provide comprehensive guidelines in protecting healthcare data, particularly in light of the rapid development of digital healthcare. More healthcare data-related regulations are
2、expected to be issued in the not-too-distant future. Additionally, in April 2021, the NHSA issued the Guidance on Strengthening Network Security and Data Protection, which requires the estab- lishment of a more solid foundation for network security and data protection mechanism in digi- tal medical
3、insurance and digital healthcare. From a general perspective, draft versions of two important data protection laws, the PRC Person- al Information Protection Law and the PRC Data Security Law, were released for public comment, which indicates the continuous strengthening of data protection. 3.3 Regu
4、latoryEnforcement Currently, the key areas of regulatory enforce- ment in digital healthcare include cybersecurity and personal data protection. In terms of cybersecurity, the implementation of the Multi-Level Protection Scheme (MLPS), which is a compulsory legal obligation under the PRC Cybersecuri
5、ty Law and relevant regula- tions, is now becoming an enforcement focus for most industries including sensitive information, including healthcare. The MPLS is composed of a series of technical and organisational standards and requirements that need to be fulfilled by all network operators in China.
6、As the development and operation of digital healthcare heavily relies on networks and IT infrastructure, it is critical for digital health- care providers to enforce and complete the MLPS grading process. Pursuant to the Inter- net-based Diagnosis Measures and the Internet Hospital Measures, healthc
7、are institutions pro- viding internet-based diagnosis services and internet hospitals shall be graded and protected as Grade III under the MLPS regime. Failure to complete the MLPS would lead to administrative penalties including warnings and fines issued by the Public Security Bureau (PSB). In term
8、s of personal data protection, relevant data protection authorities such as the Cyber- space Administration of China (CAC), the Min- istry for Industry and Information Technology (MIIT) and the PSB have been actively enforcing personal data protection requirements across industries, including health
9、care. Industry super- vision authorities such as the NHC and the NHSA are also involved in those enforcement actions on healthcare institutions. 4.NON-HEALTHCARE REGULATORY AGENCIES 4.1 Non-healthcareRegulatory Agencies,RegulatoryConcernsand NewHealthcareTechnologies CAC The CAC is responsible for the overall planning and co-ordination of network security and rel- evant supervision and administration. In terms of digital healthcare, the CACs involvement may include regulating the cross-border transfer of healthcare data, cybersecurity
