---
title: "China's Hospitals Get Their Own Data Rulebook: Reading the 2026 Healthcare Data Security & PI Measures"
author: "DCC Editorial"
published: 2026-06-04T02:00:00.000Z
url: https://datacompliancechina.com/posts/china-healthcare-data-rulebook-2026/
description: "On 12 February 2026 five agencies — the National Health Commission, the Ministry of Public Security, the Cyberspace Administration of China, the National Administration of Traditional Chinese Medicine, and the National Disease Control and Prevention Administration — jointly issued the Measures for the Administration of Data Security and Personal Information Protection of Healthcare Institutions (Trial). It is the first operational, sector-specific rulebook that turns the Data Security Law, PIPL, and the Network Data Security Regulation into concrete hospital obligations: a three-tier core/important/general data classification keyed to MLPS levels and commercial cryptography; a five-pillar full-lifecycle security system; a ten-item data prohibition list and an eight-item personal-information prohibition list; heightened protection for special groups; limits on facial recognition and AI; and a real enforcement chain running from named-person accountability through regulatory interviews, administrative penalties, civil tort liability, and criminal referral. DCC reads it for overseas pharma, medtech, and hospital-JV counsel — with the cross-border choke point and its academic-cooperation carve-out as the parts that most affect global clinical-data flows."
tags: ["health-data", "healthcare", "data-classification", "cross-border", "facial-recognition", "ai-governance", "sensitive-personal-information", "enforcement"]
laws_cited: ["healthcare-institutions-data-security-pi-measures", "pipl", "dsl", "network-data-security-regulations", "cross-border-data-flows-provisions", "personal-info-audit-measures", "facial-recognition-technology-application-measures"]
domains: ["health", "data-security", "personal-information", "cross-border"]
source_language: "zh"
---
> *Editor's Note — DCC.*
>
> This is DCC's own reading of the
> [Measures for the Administration of Data Security and Personal Information
> Protection of Healthcare Institutions (Trial)](/laws/healthcare-institutions-data-security-pi-measures/)
> (国卫规划发〔2026〕6号) — issued jointly by five agencies on 12 February
> 2026 and effective on issuance. It is the sector-specific rulebook that
> turns the Data Security Law, PIPL, and the Network Data Security Regulation
> into operational obligations for Chinese healthcare institutions, and it is
> the first such instrument with real enforcement teeth. We read it for the
> overseas pharma, medtech, and hospital-joint-venture counsel who need to
> know what their China-side subsidiaries, partners, and vendors are now
> bound to do. Article references below are to the Measures themselves.

## From principles to a sector rulebook

China's three foundational data statutes — the Cybersecurity Law, the Data Security Law, and PIPL — are written at the level of principle. They tell a hospital that it must classify data, secure personal information, and assess cross-border transfers, but not *how*. Two earlier health-sector instruments (the 2018 National Health and Medical Big Data Measures and the 2022 Healthcare Institutions Cybersecurity Measures) set direction but stayed macro. The 2026 Measures are different: seven chapters and forty articles of operational detail, and the first time the sector's data duties come with a hard accountability structure.

Three features signal that shift. First, **joint issuance by five agencies** — the National Health Commission plus the Ministry of Public Security, the Cyberspace Administration of China, the National Administration of Traditional Chinese Medicine, and the National Disease Control and Prevention Administration — which means enforcement is no longer one ministry acting alone. Second, a **three-tier oversight structure** running national → local → institution (Article 3). Third, **personal accountability**: the institution's principal leader is the "first person responsible," the deputy in charge is the "directly responsible person," and every county-level-or-above institution must stand up a cybersecurity-and-informatization leading group and hold a dedicated data-security meeting at least once a year (Article 4). This is the language of a regime that intends to hold named individuals to account.

## Classify first: core, important, general

The spine of the Measures is data classification and grading (Articles 5–8, 11). Healthcare-institution data is sorted into **core data, important data, and general data**, with two rules that catch people out: where categories or grades are processed together and cannot be separated, the **highest grade governs** (Article 5); and **derived data** — produced by de-identification, labeling, statistics, or aggregation — must be **re-assessed and re-graded** from the original (Article 8). Grades are not static: a material change in content, scale, currency, application scenario, or processing method forces a re-grade (Article 7). Provincial health authorities propose the core- and important-data catalogues and report them to the NHC; institutions must periodically inventory their own data and report the inventory — its source, category, grade, scale, purpose, cross-border status, and protections, **but not the content itself** — to the local authority (Article 6).

Grade then drives the security baseline (Article 11). **Important data** must meet Multi-Level Protection Scheme (MLPS) Level 3 or above. **Core data** must meet critical-information-infrastructure protection if CII is involved, and MLPS Level 4 if not — plus a stack of "priority" obligations: commercial cryptography, secure-and-trusted products, third-party risk assessment, retention of incident-tracing logs for at least three years, and **national-security background checks** for key personnel and for the vendors that build and maintain core-data systems. There is even a volume trigger: cross-entity flows of core data that cumulatively reach 30% or more of the prior year-end stock require a risk assessment organized through the NHC.

## The ten data prohibitions (Article 22)

Article 22 is the operational heart — a ten-item prohibition list covering the full lifecycle. The ones overseas counsel should flag for their China operations:

- **Localization of important data** — important data collected and generated in China must be stored in China, with backup and encryption.
- **Transmission discipline** — core data, important data, and sensitive data may **not** be sent via email, cloud storage, or social/messaging software; interface transfers require de-identification and encryption.
- **The cross-border gate** (Article 22(4) — discussed below).
- **No unauthorized use or processing** — strict role-based permissions, no log tampering, and **no unsupervised remote operation-and-maintenance** by outside personnel; vendors may not use project data for other purposes or subcontract without approval.
- **No disclosure without impact assessment**, no equipment disposal without data erasure, and **no concealment of security incidents** (immediate emergency response plus reporting to the local health authority).

The lifecycle is backed by a **five-pillar system** (Article 9): institutional rules, trained personnel, day-to-day management with permissioned access and periodic risk assessment, technical controls (encryption, authentication, access control, de-identification, digital watermarking, audit), and emergency drills.

## The cross-border choke point — and its one real carve-out

For a multinational, **Article 22(4)** is the article that matters most. To send healthcare-institution data abroad, an institution must run a **self-assessment → approval by its cybersecurity leading group → review and approval by the local health authority → application by the provincial cyberspace authority → national-level Data Export Security Assessment**. That is procedurally *stricter* than the general cross-border regime: it bolts a health-authority gate and an internal-leadership gate onto the standard CAC pathway under the [Provisions on Promoting and Regulating Cross-Border Data Flows](/laws/cross-border-data-flows-provisions/).

The practical relief is the **academic-cooperation carve-out**: data generated in academic cooperation that contains **no personal information, no sensitive data, and no important data** is exempt from the Data Export Security Assessment, the Standard Contract, and Personal Information Protection Certification. For multi-site clinical research, registries, and global trial data, that carve-out — read together with the **separate-consent and PIPL Article 38** conditions for any personal-information export (Article 29(7)) — is where the workable cross-border design lives. Map which datasets can be stripped to fall inside it, and which must run the full gauntlet.

## Personal information: audits, special groups, facial recognition

Chapter V layers health-sector specifics onto PIPL. Institutions must run **personal-information protection compliance audits** under the [PI Compliance Audit Measures](/laws/personal-info-audit-measures/) (Article 26), and conduct a **Personal Information Protection Impact Assessment** before entrusting processing (Article 27). Article 29 then sets an eight-item prohibition list, of which three deserve attention:

- **Special-group protection** (Article 29(4)): pregnant and parturient women, newborns, HIV/AIDS patients, persons with mental disorders, the deceased and their survivors, and public figures get heightened, scenario-based access controls, dynamic authorization, and prompt revocation of permissions when staff change roles or leave.
- **Public-area de-identification** (Article 29(6)): no full names, ID numbers, or phone numbers on electronic display screens; no disclosure of patient information in news, lectures, social media, or papers without consent.
- **Facial recognition** (Article 29(8)): it may **not** be the sole verification method where a non-facial alternative exists; institutions must offer an alternative; and facial information must be **stored offline within the device and not transmitted over the internet** — squarely tracking the dedicated [Facial Recognition Technology Application Measures](/laws/facial-recognition-technology-application-measures/).

## AI on patient data needs a pre-use risk assessment

Two short articles carry weight for digital-health and clinical-AI deployments: when an institution uses **artificial intelligence or other new technologies** to process its data, it must **assess the resulting security risks and take technical safeguards** (Article 20); and where AI touches medical records or other personal information, the institution must ensure that information's security (Article 28). In practice, that is a documented gate to clear *before* pointing a model — including an LLM — at patient data.

## Enforcement: from "interview and rectify" to a full chain

Older health-data rules topped out at soft "interview and rectify" measures. The 2026 Measures build a full escalation chain (Articles 30–36): **regulatory interviews (yuetan)**, administrative penalties, mandatory engagement of a third-party agency for a compliance audit, **civil tort liability** under the Civil Code for disclosing a patient's privacy or records without consent (Article 33), and **criminal referral** where unlawful personal-information processing is suspected to be a crime (Article 35). Combine that with named-person accountability and five-agency reach, and the exposure is real and personal.

## Why overseas counsel should care

- **Classify now.** The core/important/general tier you land in drives MLPS level, localization, cryptography, background checks, and assessment triggers. It is the first thing a Chinese partner or target should be able to show you.
- **Treat cross-border as the choke point.** Article 22(4) adds health-authority and leadership gates on top of the national regime; design clinical-data flows around the academic-cooperation carve-out and the PIPL Article 38 conditions.
- **Paper the vendor chain.** The Measures push liability through to system integrators, device makers, and cloud providers (Articles 16–17), and require a cloud service that has passed the cloud-security assessment — diligence and contracting items in any China healthcare deal.
- **Expect the front-line rules to bite.** Facial-recognition limits, special-group controls, and public-area de-identification apply at the point of care, where breaches actually happen.
- **Gate your AI.** A pre-use security-risk assessment is now a compliance prerequisite, not a nice-to-have.

## DCC sources

- **Primary source:** [Measures for the Administration of Data Security and Personal Information Protection of Healthcare Institutions (Trial)](/laws/healthcare-institutions-data-security-pi-measures/) (国卫规划发〔2026〕6号) — the full text on DCC, on which this brief is based.
- **Cross-references:** [PIPL](/laws/pipl/) · [Data Security Law](/laws/dsl/) · [Network Data Security Regulation](/laws/network-data-security-regulations/) · [Cross-border Data Flows Provisions](/laws/cross-border-data-flows-provisions/) · [PI Compliance Audit Measures](/laws/personal-info-audit-measures/) · [Facial Recognition Technology Application Measures](/laws/facial-recognition-technology-application-measures/).
- Part of the [Health & Medical Data](/domains/health/) domain on DCC.

> This is an editorial summary and analysis of a public Chinese regulation, written from the regulation's own text — not a translation, and not a reproduction of any third party's commentary. The authoritative text is the Chinese original (国卫规划发〔2026〕6号). **Not legal advice.**