Digital health sits at the intersection of healthcare, emerging technologies, and data processing, all of which are of high importance to China’s long-term political, social, and economic objectives. The most prominent example of rapid digital health development in recent years is telemedicine. In 2020, the COVID-19 pandemic rendered many in-person treatment options untenable, forcing many providers to shift to digital solutions and kicking the industry’s development into overdrive.
According to a survey conducted last year, while only about one-in-four Chinese patients had used telemedicine, 97 percent expressed interest in digital health services if covered by insurance. More than half expect to use digital health services more often within the next 5 years. While the uptick in interested patients has been a boon for business, data and healthcare regulatory regimes have lagged behind technological developments, leaving digital health providers to operate without clear rules of the road.
The emergence of digital health in official planning
Since the release of the first policies on internet-based medical activities in 2014, precise regulations remained scarce for nearly 5 years until a slew of formal opinions and implementing rules emerged in 2019. These mainly reinforced the Healthy China 2030 blueprint, reducing gaps in basic health services through increasing system capacity, but primarily worked to improve the efficacy of medical insurance systems with minimal mention of specific technologies.
In 2020, the pandemic prompted concerted efforts to leverage online healthcare and improved technologies. Initially, this was meant to reduce the pressure on offline medical institutions, but by May, the National Health Commission (NHC) began to further expand the applicability of digital health. Provincial governments were encouraged to establish their own platforms to oversee and regulate online medical providers and accelerate market access for internet-based hospitals, laying the groundwork for more diversified data-based health services. Two months later, the State Council released a set of key tasks for the medical system, which included incorporating big data, video monitoring, facial recognition, and other new generation information technologies.
While the growing interest in digital health was reflected in recent policy planning, there is a gap between existing regulatory frameworks and the cutting edge technologies that the government is promoting. Healthcare bodies frequently reference “big data analytics” and telemedicines broadly, but specific emerging technologies like artificial intelligence (AI), robotics, medical wearables, blockchain, 3D printing, and augmented reality (AR) have yet to be tangibly included in any guidance. This is expected to change as China solidifies its cyber and data security regime, which will directly influence health standards for years to come.
Telemedicine and data regulations: current framework
Digital health stands at the forefront of both emerging regulatory regimes around personal information protection and new technological advancements. As a result, it is beholden to a variety of standards and regulators.
For example, the Cyberspace Administration of China (CAC) leads the regulation of personal information and sets standards for health data privacy, the NHC maintains national health data, while the Ministry of Science and Technology (MOST) is tasked with overseeing use of human genetic resources. While these agencies have related mandates, relevant measures governing the treatment of health-related data are often scattered across separate jurisdictions, and it is not always apparent which regulator can provide clarification or direction for businesses. What we get is a set of current regulations that are not always an ideal fit for the sector, especially given the volume, sensitivity, and necessity of medical data to digital health companies. Compounding this issue is a lack of clear definitions for key terms, requiring companies to do a considerable amount of guesswork to find the appropriate compliance response.
The 2017 Cybersecurity Law serves as the foundation to regulate all data, including digital health personal data, with a raft of supporting regulations which set requirements for digital healthcare operators. Many of the implementing measures are still in draft form. Other areas for digital health businesses to watch include:
- The multi-level protection scheme (MLPS): This is an optional program that requires certain operators to enact stricter data standards if data breaches would pose serious risks to national security. The scale runs from Level 1 to Level 5 (low risk to high risk). Current regulations mandate that platforms running health or medical data or internet hospitals to be accessed as Level 3, requiring them to comply with national regulations, understand incidents along both their information supply chain and originating from cloud service providers, and respond with appropriate protection measures. While participation in MLPS is voluntary, the implicit pressure for companies to opt in appears to be growing.
- Scrutiny of app-based data: Apps serve as a key interface with patients. App-based digital health services rely on vast volumes of patient data to operate, but they are governed by two types of regulations—medical device regulations and general app regulations—neither of which is specific to telehealth companies.
Digital healthcare is at a crossroads. While it benefits from the regulatory emphasis on digital economic growth, it also must contend with existing and growing data restrictions. For domestic businesses, restrictions on data flows and a lack of regulatory clarity stand to limit expanding operations. For foreign businesses, the current regulatory climate poses barriers to market entry, despite its considerable growth potential.
The recently released 14th Five-Year Plan (FYP) includes two macro-level goals that are expected to spur the industry’s growth. First, it emphasizes building a robust digital economy as a long-term pathway for China’s economic development. Second, a strong focus is placed on expanding China’s healthcare capacity and supply of medical services. The intersection of these two goals will further intertwine hospitals and digital systems, which will likely prompt additional guidelines for health-related data.
Moving forward, emerging data privacy and digital health regulations will need to align in order to provide clarity on compliance requirements for companies, especially as economic policies continue to incentivize digital healthcare and draw interest from an increasing number of companies.