Tag: glance

At a glance: data protection and management of health data in South Korea

Data protection and management

Definition of ‘health data’

What constitutes ‘health data’? Is there a definition of ‘anonymised’ health data?

No law specifically defines ‘health data’ per se, but ‘health information’ is categorised as a type of sensitive information under article 23 of the Personal Information Protection Act (PIPA). According to the Guidelines for Use of Health-Medical Data co-published by the Ministry of Health and Welfare (MOHW) and PIPA in September 2020, ‘health information’ includes but is not limited to the following:

  • medical records and electronic medical records under the Medical Service Act (MSA), and other records produced in hospitals that indicate or easily enable the indication of medical treatment details (eg, hospital receipts containing medical treatment details);
  • data for insurance claims collected by the National Health Insurance Service, the Health Insurance Review and Assessment Service, and other private insurance companies, data related to health, illness, injury, etc, used in the subscription design and ancillary data;
  • health examination data, health examination result data;
  • health status information diagnosed by a physician, measured by medical devices, or identified or estimated through estimation of insurance claim records, other algorithms, etc; and
  • information collected through medical devices to measure health status or health habits (eg, number of steps, heart rate, oxygen saturation, blood sugar, blood pressure and electrocardiogram).


In particular, if information that is normally not considered health information is used for the diagnosis, treatment, prevention or management of diseases, such information will also be viewed as health information (eg, a voice recording is not health information under normal circumstances, but if the risk of disease is predicted using a voice recording, that voice recording file will be considered health information). Meanwhile, pseudonymised information refers to personal information that has been processed, such as deletion or replacement of certain parts, so that a specific

Back To Top