Your medical data is highly sensitive and protected under strict Chinese and international regulations. We adhere to the highest standards of medical data security and privacy.
1. Scope of Medical Data Protection
This policy applies to all protected health information (PHI) that you provide to us, including but not limited to:
- Medical history, diagnosis records, test results, and treatment plans
- Prescription information and medication history
- Allergy information and existing health conditions
- Imaging records (CT, MRI, X-ray, etc.) and other medical documents
- Information related to your medical treatment in China
We treat all medical data as strictly confidential, separate from general personal information, and apply additional layers of protection.
2. Compliance with Regulations
Our medical data protection practices fully comply with:
- China's Personal Information Protection Law (PIPL) and Healthcare Institution Cybersecurity Management Measures
- China's Regulations on the Administration of Medical Records
- International standards for health information protection (aligned with HIPAA requirements for cross-border medical services)
- All relevant regulations of the National Health Commission of China
All our partner hospitals are also required to comply with the same strict medical data protection regulations.
3. Medical Data Storage and Security Measures
We implement industry-leading security measures to protect your medical data:
- End-to-end encryption: All medical data is encrypted during transmission (256-bit SSL) and at rest (AES-256 encryption)
- Restricted access: Only authorized medical personnel directly involved in your treatment have access to your medical data, subject to strict access controls and audit trails
- Secure storage: Medical data is stored in compliant, certified medical cloud servers with multi-site backup and disaster recovery capabilities
- Regular security audits: We conduct quarterly security audits and penetration testing to identify and address any potential vulnerabilities
- Employee training: All staff handling medical data receive annual training on medical privacy protection and data security protocols
4. Medical Data Usage and Sharing
Your medical data will only be used for the following purposes, and will never be used for any other purpose without your explicit written consent:
- To facilitate your medical consultation, diagnosis, and treatment arrangements with partner hospitals
- To coordinate with medical specialists to develop personalized treatment plans for you
- To arrange medical appointments, pre-examination preparations, and post-treatment follow-up services
- For internal quality control and service improvement purposes, with all personal identifiers anonymized
We will never share your medical data with any third parties except:
- Your treating hospital and medical personnel, as required for your treatment
- When required by law, court order, or regulatory authority, subject to strict legal procedures
- With your explicit written consent for specific purposes
5. Your Rights Over Your Medical Data
As the owner of your medical data, you have the following rights:
- Access right: You can request a copy of all your medical data that we hold
- Correction right: You can request correction of any inaccurate or incomplete medical data
- Deletion right: You can request deletion of your medical data at any time, subject to legal retention requirements
- Control over usage: You can restrict or withdraw consent for the use of your medical data for specific purposes
- Portability right: You can request that we transfer your medical data to another medical institution of your choice
- Access log request: You can request a log of all access to your medical data by our staff or partner hospitals
To exercise any of these rights, please contact our data protection officer at [email protected]. We will respond to all valid requests within 7 working days.
6. Medical Data Retention Period
We retain your medical data for:
- 30 years from the date of your last treatment, in compliance with Chinese medical record retention regulations
- After this period, we will securely delete or anonymize your medical data in accordance with data destruction standards
- You can request early deletion of your medical data at any time, and we will process your request within 15 working days, subject to any legal requirements to retain records
7. Medical Data Breach Response
We have a comprehensive medical data breach response plan in place:
- In the unlikely event of a data breach affecting your medical data, we will notify you within 72 hours of discovering the breach
- We will immediately take all necessary measures to contain the breach and prevent further unauthorized access
- We will notify the relevant regulatory authorities as required by law
- We will provide you with information on the steps you can take to protect yourself
8. Cross-Border Medical Data Transfer
If it is necessary to transfer your medical data outside of China for treatment purposes, we will:
- Obtain your explicit written consent before any cross-border transfer
- Ensure that the receiving country or region has an adequate level of data protection
- Implement additional security measures, including data encryption and binding data protection agreements with the receiving party
- Comply with all cross-border data transfer regulations of both China and the receiving country
We will never transfer your medical data outside of China without your explicit written consent.
9. Children's Medical Data
We take extra precautions to protect the medical data of children under the age of 18:
- Children's medical data can only be provided with the explicit consent of a parent or legal guardian
- We apply additional access restrictions to children's medical data, limiting access only to essential medical personnel
- Parents or legal guardians can exercise all rights over the child's medical data on their behalf
10. Contact Our Data Protection Officer
If you have any questions, concerns, or requests regarding medical data protection, please contact our dedicated Data Protection Officer (DPO):
Email: [email protected]
Phone: +86.15797879600
Address: Data Protection Office, MedChinaNow, 123 Medical Building, Chaoyang District, Beijing, China
We take all medical data protection inquiries seriously and will respond to you within 3 working days.