Editor’s Note — DCC.
This is DCC’s own reading of the Measures for the Administration of Data Security and Personal Information Protection of Healthcare Institutions (Trial) (国卫规划发〔2026〕6号) — issued jointly by five agencies on 12 February 2026 and effective on issuance. It is the sector-specific rulebook that turns the Data Security Law, PIPL, and the Network Data Security Regulation into operational obligations for Chinese healthcare institutions, and it is the first such instrument with real enforcement teeth. We read it for the overseas pharma, medtech, and hospital-joint-venture counsel who need to know what their China-side subsidiaries, partners, and vendors are now bound to do. Article references below are to the Measures themselves.
From principles to a sector rulebook
China’s three foundational data statutes — the Cybersecurity Law, the Data Security Law, and PIPL — are written at the level of principle. They tell a hospital that it must classify data, secure personal information, and assess cross-border transfers, but not how. Two earlier health-sector instruments (the 2018 National Health and Medical Big Data Measures and the 2022 Healthcare Institutions Cybersecurity Measures) set direction but stayed macro. The 2026 Measures are different: seven chapters and forty articles of operational detail, and the first time the sector’s data duties come with a hard accountability structure.
Three features signal that shift. First, joint issuance by five agencies — the National Health Commission plus the Ministry of Public Security, the Cyberspace Administration of China, the National Administration of Traditional Chinese Medicine, and the National Disease Control and Prevention Administration — which means enforcement is no longer one ministry acting alone. Second, a three-tier oversight structure running national → local → institution (Article 3). Third, personal accountability: the institution’s principal leader is the “first person responsible,” the deputy in charge is the “directly responsible person,” and every county-level-or-above institution must stand up a cybersecurity-and-informatization leading group and hold a dedicated data-security meeting at least once a year (Article 4). This is the language of a regime that intends to hold named individuals to account.
Classify first: core, important, general
The spine of the Measures is data classification and grading (Articles 5–8, 11). Healthcare-institution data is sorted into core data, important data, and general data, with two rules that catch people out: where categories or grades are processed together and cannot be separated, the highest grade governs (Article 5); and derived data — produced by de-identification, labeling, statistics, or aggregation — must be re-assessed and re-graded from the original (Article 8). Grades are not static: a material change in content, scale, currency, application scenario, or processing method forces a re-grade (Article 7). Provincial health authorities propose the core- and important-data catalogues and report them to the NHC; institutions must periodically inventory their own data and report the inventory — its source, category, grade, scale, purpose, cross-border status, and protections, but not the content itself — to the local authority (Article 6).
Grade then drives the security baseline (Article 11). Important data must meet Multi-Level Protection Scheme (MLPS) Level 3 or above. Core data must meet critical-information-infrastructure protection if CII is involved, and MLPS Level 4 if not — plus a stack of “priority” obligations: commercial cryptography, secure-and-trusted products, third-party risk assessment, retention of incident-tracing logs for at least three years, and national-security background checks for key personnel and for the vendors that build and maintain core-data systems. There is even a volume trigger: cross-entity flows of core data that cumulatively reach 30% or more of the prior year-end stock require a risk assessment organized through the NHC.
The ten data prohibitions (Article 22)
Article 22 is the operational heart — a ten-item prohibition list covering the full lifecycle. The ones overseas counsel should flag for their China operations:
- Localization of important data — important data collected and generated in China must be stored in China, with backup and encryption.
- Transmission discipline — core data, important data, and sensitive data may not be sent via email, cloud storage, or social/messaging software; interface transfers require de-identification and encryption.
- The cross-border gate (Article 22(4) — discussed below).
- No unauthorized use or processing — strict role-based permissions, no log tampering, and no unsupervised remote operation-and-maintenance by outside personnel; vendors may not use project data for other purposes or subcontract without approval.
- No disclosure without impact assessment, no equipment disposal without data erasure, and no concealment of security incidents (immediate emergency response plus reporting to the local health authority).
The lifecycle is backed by a five-pillar system (Article 9): institutional rules, trained personnel, day-to-day management with permissioned access and periodic risk assessment, technical controls (encryption, authentication, access control, de-identification, digital watermarking, audit), and emergency drills.
The cross-border choke point — and its one real carve-out
For a multinational, Article 22(4) is the article that matters most. To send healthcare-institution data abroad, an institution must run a self-assessment → approval by its cybersecurity leading group → review and approval by the local health authority → application by the provincial cyberspace authority → national-level Data Export Security Assessment. That is procedurally stricter than the general cross-border regime: it bolts a health-authority gate and an internal-leadership gate onto the standard CAC pathway under the Provisions on Promoting and Regulating Cross-Border Data Flows.
The practical relief is the academic-cooperation carve-out: data generated in academic cooperation that contains no personal information, no sensitive data, and no important data is exempt from the Data Export Security Assessment, the Standard Contract, and Personal Information Protection Certification. For multi-site clinical research, registries, and global trial data, that carve-out — read together with the separate-consent and PIPL Article 38 conditions for any personal-information export (Article 29(7)) — is where the workable cross-border design lives. Map which datasets can be stripped to fall inside it, and which must run the full gauntlet.
Personal information: audits, special groups, facial recognition
Chapter V layers health-sector specifics onto PIPL. Institutions must run personal-information protection compliance audits under the PI Compliance Audit Measures (Article 26), and conduct a Personal Information Protection Impact Assessment before entrusting processing (Article 27). Article 29 then sets an eight-item prohibition list, of which three deserve attention:
- Special-group protection (Article 29(4)): pregnant and parturient women, newborns, HIV/AIDS patients, persons with mental disorders, the deceased and their survivors, and public figures get heightened, scenario-based access controls, dynamic authorization, and prompt revocation of permissions when staff change roles or leave.
- Public-area de-identification (Article 29(6)): no full names, ID numbers, or phone numbers on electronic display screens; no disclosure of patient information in news, lectures, social media, or papers without consent.
- Facial recognition (Article 29(8)): it may not be the sole verification method where a non-facial alternative exists; institutions must offer an alternative; and facial information must be stored offline within the device and not transmitted over the internet — squarely tracking the dedicated Facial Recognition Technology Application Measures.
AI on patient data needs a pre-use risk assessment
Two short articles carry weight for digital-health and clinical-AI deployments: when an institution uses artificial intelligence or other new technologies to process its data, it must assess the resulting security risks and take technical safeguards (Article 20); and where AI touches medical records or other personal information, the institution must ensure that information’s security (Article 28). In practice, that is a documented gate to clear before pointing a model — including an LLM — at patient data.
Enforcement: from “interview and rectify” to a full chain
Older health-data rules topped out at soft “interview and rectify” measures. The 2026 Measures build a full escalation chain (Articles 30–36): regulatory interviews (yuetan), administrative penalties, mandatory engagement of a third-party agency for a compliance audit, civil tort liability under the Civil Code for disclosing a patient’s privacy or records without consent (Article 33), and criminal referral where unlawful personal-information processing is suspected to be a crime (Article 35). Combine that with named-person accountability and five-agency reach, and the exposure is real and personal.
Why overseas counsel should care
- Classify now. The core/important/general tier you land in drives MLPS level, localization, cryptography, background checks, and assessment triggers. It is the first thing a Chinese partner or target should be able to show you.
- Treat cross-border as the choke point. Article 22(4) adds health-authority and leadership gates on top of the national regime; design clinical-data flows around the academic-cooperation carve-out and the PIPL Article 38 conditions.
- Paper the vendor chain. The Measures push liability through to system integrators, device makers, and cloud providers (Articles 16–17), and require a cloud service that has passed the cloud-security assessment — diligence and contracting items in any China healthcare deal.
- Expect the front-line rules to bite. Facial-recognition limits, special-group controls, and public-area de-identification apply at the point of care, where breaches actually happen.
- Gate your AI. A pre-use security-risk assessment is now a compliance prerequisite, not a nice-to-have.
DCC sources
- Primary source: Measures for the Administration of Data Security and Personal Information Protection of Healthcare Institutions (Trial) (国卫规划发〔2026〕6号) — the full text on DCC, on which this brief is based.
- Cross-references: PIPL · Data Security Law · Network Data Security Regulation · Cross-border Data Flows Provisions · PI Compliance Audit Measures · Facial Recognition Technology Application Measures.
- Part of the Health & Medical Data domain on DCC.
This is an editorial summary and analysis of a public Chinese regulation, written from the regulation’s own text — not a translation, and not a reproduction of any third party’s commentary. The authoritative text is the Chinese original (国卫规划发〔2026〕6号). Not legal advice.