Legal Risks and Regulatory Pathways for the Application of Health and Medical Big Data

As health and medical big data is elevated to a “national key strategic resource,” its legal significance in public health governance, individual rights protection, and resource allocation optimization has become increasingly prominent. The World Health Organization (WHO) Global Strategy on Digital Health 2020–2027 states that digital health development should adhere to the principles of ethics, security, equity, and sustainability, with data governance serving as critical support for realizing the universal right to health. China has issued the Measures for Ethical Review and Service of Artificial Intelligence Technology (for Trial Implementation), which incorporates high-risk areas such as life and health, public order, and algorithmic decision-making into a full-process ethical review, thereby initially establishing a dual regulatory framework of “rule of law + ethics.” However, a structural tension remains between technological logic and rule-of-law values. In the application of health and medical big data, multiple risks have gradually emerged, including de-anonymization failures, algorithmic discrimination, imbalances in data-related interests, and ethical misconduct. In light of this, from a scenario-based perspective, this paper systematically identifies the core legal risks and proposes regulatory pathways such as classified and graded protection, dynamic anonymization, algorithm auditing, and the return of public interests, aiming to safeguard human dignity and public health security in the digital era while unlocking the value of data.