Health data governance in China: Emphasizing ‘sharing’ and ‘protection’ based on the right to health

This article examines, within China’s complex healthcare sector, the extent to which China’s legal frameworks can adapt to a data-driven context that requires the reconciliation of public and private interests for the use of health data. Current data-processing mechanisms operate through individual consent, and administrative authorisation in mobile health settings are insufficient and ineffective to meet societal needs while simultaneously protecting individuals’ interests. In light of this shift of regulation from individual control to collective governance, this article argues that the principle of the right to health may complement this collective governance model. The right to health principle emphasises solidarity, justice, confidentiality, and collective responsibility, which may balance power asymmetries in the use of health data among different stakeholders. The article proposes a solution that incorporates the state’s obligation with private actors’ responsibilities, while stressing the importance of data sharing and the fair use of health data.


Introduction
Data governance systems in the field of healthcare must balance the sharing of health data with the simultaneous protection of individuals' fundamental interests. This regulatory need is an important but complex goal given the increase in new data-driven 3. An internet hospital is a website or a standalone mobile application that provides medical services, which are usually established and maintained either by a hospital or by another enterprise. By talking to a patient and accessing relevant electronic medical records via an internet hospital app, a doctor can make a diagnosis and provide a prescription without the need for physical contact. technologies, which rely on the use of massive amounts of health data for innovation. Mobile health ('mHealth') refers to information and healthcare services that are mediated through mobile devices in support of personalised healthcare and well-being management; mHealth thus forms one typical example of a digital health intervention. The advanced digital infrastructure for remote data transmission means that mHealth is accelerating healthcare coverage on a broader scale than was previously possible. However, the booming digital solution that is increasingly favoured by public and private actors may result in concerns about medical privacy and justice in the use of health data. This tension reflects the diverse, and even competing, interests of different stakeholders (e.g. patients, public institutions, technology companies, and governments) in the new digital context. Power asymmetries in the reuse and sharing of health data could potentially contribute to the abuse of personal data. 1 For this reason, there is widespread discussion on the need to change the legal framework to one that facilitates the appropriate use of health data while also safeguarding individuals against the risk of data misuse. 2 This concern over the issue of data misuse is clear in the data-intensive Chinese healthcare environment. The Chinese domestic mHealth industry is rapidly emerging, as demonstrated, for instance, by the expansion of Internet hospitals. 3 In June 2021, there were more than 1,600 Internet hospitals in China, 500 of which had been established in the first half of 2021 alone. 4 The COVID-19 pandemic prompted another surge in the use of online medical services, with 298 million users accessing mHealth information and services up to the end of 2021. 5 The rapid growth in the mHealth market and the large user base mean that patients are becoming increasingly vulnerable to breaches of medical privacy and information security. Scholars working in the Chinese context have given steadily more attention to data protection issues 6 and have offered reflections on and recommendations for dealing with concerns such as the state's obligation to protect personal information, 7 the premise underpinning personal information protection, 8 and possible future paths for data protection law in the context of shifting power relations. 9 However, there appear to be few up-to-date reviews of the legal framework used to govern health data in China amid new challenges from the private and public sectors during this digital transformation. Given that values in healthcare differ considerably from values held in other sectors of society, a study on health data governance that focuses on the country-specific healthcare context may provide more insights on this global debate.
This article examines the extent to which China's existing legal framework for regulating health data is capable of reconciling the fundamental interests of individuals with societal interests in data-driven healthcare. To what extent and in what ways should this framework be amended? The article begins with a contextual overview of privacy and healthcare in China. Next, it examines existing regulatory approaches by scrutinising the relevant laws and regulations that govern the flow of health data in the context of mHealth. The article will show that regulatory models for the individual self-control and administrative authorisation of health data are potentially insufficient. It thus concludes that -in the legal framework guiding the disclosure, authorisation, and use of health information -a collective governance solution may be available based on the right to health.

Context: medical privacy and data-driven healthcare in China
The concept of privacy is context-sensitive and culturally dependent, and it must, therefore, be examined in its local norms and against specific historical backgrounds. 10 To elucidate the underlying issues of health data governance, we must first consider China's specific context. This context includes the features of the healthcare setting, cultural traditions, and the country's stage of technological development.
China's health service delivery system provides a unique ecosystem in which to examine patient privacy. Despite significant improvements in health outcomes in recent years, an imbalance in resource allocation and a shortage of quality physicians remain major challenges. 11 In the absence of a strictly enforced primary care referral system, many patients tend to go to high-level hospitals in big cities, which leads to hospital overcrowding. Furthermore, a need for urgent care in these public hospitals in urban areas often results in patients directly approaching the doors of treatment rooms. It is not uncommon to see several patients sitting together in one treatment room when receiving personal medical advice. These examples are not intended to suggest that patients in China do not care about their privacy, but rather to illustrate that under certain circumstances, people might have to make a trade-off between personal privacy and timely access to healthcare.
Chinese culture favours collectivism as a central moral value. Essentially, the interests of the family and the community are considered more influential than those of the individual. 12 Asian countries share a similar tradition when defining obligations to the community and the boundaries between the public and private spheres. 13 While the concept of privacy is often seen as an individualistic value in Western cultures, the culture of individualism is not prominent in Eastern traditions. 14 This cultural factor may partially explain why the right to privacy is an evolving right in China. The development of such a right in Chinese legislation indicates a dynamic outlook that affirms respect for human dignity as an individual value, while echoing the social need to promote communal interests. 15 The development of mHealth in China is mainly driven by the private sector. A growing number of Internet technology giants are accelerating access to the digital healthcare market by providing novel products, including one-stop virtual care platforms, cloudbased medical image diagnoses 16 and artificial intelligence-assisted screenings. 17  latest statistics also show that mHealth is driving strong revenue growth for these companies. For instance, the total revenue of JD Health International Inc. for the first half of 2021 was US$2 billion, an increase of over 50% year-on-year. 18 The incentive of profitability is bringing more technology enterprises into the mHealth race, with 10 digitalhealth-related companies among the 'unicorn companies' valued at more than US$1 billion. 19 However, this rapid pace of development might come at the cost of personal data sharing. As the future of healthcare depends on technological innovations, private actors with large amounts of health data will reap greater economic benefits and achieve a better competitive position. Consequently, it is unsurprising that personal information leakage accounted for the greatest share of Internet security issues in China in 2021. 20 Furthermore, Chinese technology companies saw an opportunity to profit from the abundant data obtained through convenient and advanced digital consumer goods and services. 21 Treating health data as a tradable commodity could ultimately exacerbate health disparities and also hinder equal access to healthcare, if data cannot be used appropriately. 22 As a result, individuals are in a position of weakness and have a very limited capacity to negotiate with more powerful private actors. In summary, there are a number of dilemmas facing individuals with regard to this datadriven healthcare regime. Such dilemmas are bound up with power asymmetries and the collective need to share health data. The next section presents an overview of the legislative framework that regulates health data and medical privacy. This is followed by an analysis of how regulatory mechanisms respond to these new risks and threats in healthcare.

Regulatory models governing health data
The legal framework for regulating health data is scattered broadly across primary legislation and quasi-legal instruments. 23 Primary legislation generally deals with health data through the right to privacy and the protection of personal information. The right to privacy is defined in the Chinese Constitution 24 and is highlighted as a right of personality in the Civil Code. 25 Such a right as outlined in the Civil Code is further refined under the Personal Information Protection Law 26 by clarifying the scope of personal information, specifying the rights of individuals to control and process personal information, and stating the responsibilities of data processors. This legislative trend from the Civil Code to the Personal Information Protection Law suggests that the path of balancing individual with public-private interests is still being explored, in spite of China's constant efforts to protect individual interests. 27 A closer look at this legal framework indicates that health data are also regulated under certain specialised laws, regulations, and policies. 28 Although patient privacy is largely protected through the requirement for confidentiality in these regulations and policies, many rules that serve as statutory exemptions signal a promotion of the sharing of health data among various industries and institutions. These exemptions allow health data to be legitimately used without the individual concerned needing to consent. As such, two regulatory approaches in light of the governance of health data under this legal framework coexist: (1) the individual control approach and (2) the administrative approach. The next section examines these two regulatory approaches in the context of mHealth, to determine whether competing interests have been adequately reconciled to meet new challenges.

The individual control model
The individual self-control model, with 'notice-and-consent' at its core, is highlighted in the Civil Code and has been further strengthened in the Personal Information Protection Law. Under this model, personal consent is deemed a fundamental principle when sharing or processing personal information. 29 Scholars suggest that the adoption of this model in the new legislation was influenced by the concept of personality rights, with the aim of emphasising the personal interests of individuals under the mechanisms of data protection. 30 However, others argue that misinterpretations of the essential value of data and the over-protection of individual rights might destabilise the balance between the interests of individuals and those of commercial and public entities. 31  comprehensive information protection law appears to set out fairly stringent rules governing the procedure for notice and consent. For instance, consent for the secondary use of data must be renewed in the event of any change in the purpose or method of processing personal data 32 and the notification provided by the personal information processor must be truthful, accurate, and complete. 33 Where sensitive personal information is concerned, an individual's separate consent must be obtained, and may even be required in writing under some laws and regulations. 34 However, the effectiveness of this individual control model may have to be tested in specific mHealth scenarios, given that previous debates have primarily focused on the use of data in a generalised context. In practice, the task of implementing the 'notice-and-consent' principle seems to face some difficulties. The first problem concerns the 'one-size-fits-all' privacy policy adopted by mHealth platforms. To satisfy the 'requirement for notice', platform operators tend to create privacy policies that use mixed messages and lengthy text, 35 which may deter users from examining the clauses carefully. A study of the privacy policies of the 500 most visited Chinese websites revealed widespread inaccurate and incomplete disclosure of information. 36 These privacy policies are not likely to achieve the true purpose of the 'notice' requirement under the law and are instead merely intended to mitigate legal risks. Another issue facing these privacy policies is that they may not adequately allow Internet users to make sound judgements about the disclosure of personal data. Even if the owners of mHealth platforms can provide accurate, specific, and tailor-made privacy notices, Internet users may be incapable of anticipating the true impact of data use at the phase of notice-and-consent. In most cases, this informed consent focuses mainly on the potential risks associated with a single piece of personal information. The impact of data use on the interests of individuals might change when their data enter the big data pool and are connected with other data.
The second barrier relates to the limited functions of 'consent'. It is still not uncommon for users to be denied access to core functions or services via mobile apps without their consent. 37 The new law regulates this issue in which information processors must not refuse to provide products or services on the grounds that consent has not been provided. 38 However, the processing of health information with consent is necessary for medical services to be received at an Internet hospital. The issue is not therefore a question of individual consent, but rather of how others should properly use the data. With the increasing reliance on various mHealth interventions, users may also be unable to 39 remember exactly what they have consented to, what purposes their data were used for, and which specific rights they are entitled to. Given that data misuse is largely invisible, most cases are discovered through public investigations 39 and users are often made aware of these issues only by journalists' reports. 40 Hence, relying solely on individual control (as defined in the notice-and-consent principle) does not appear to bring more autonomy, confidence, and certainty to individuals. The analysis thus far has discussed some practical problems that are faced when processing health data in the mHealth context, but what about the secondary use of health data for other purposes? The individual control model may be difficult to follow when health data are used for additional purposes. Although the application of 'renewed consent' for each data extraction seems to enhance individual control according to the new law, it may place burdens on individuals, private actors, and research institutions. Obtaining renewed consent is challenging, given the large number of users on mHealth platforms. In addition to the aforementioned issues that render individual consent ineffective, the requirements of strict consent do not provide greater protection to individuals in the specific context of mHealth, and nor do they permit sufficient use of health data.

Administrative authorisation
While the 'notice-and-consent' principle predominates, laws and regulations also articulate how health information may be legitimately used without consent. For instance, a data processor may share personal information if this is necessary to respond to public health emergencies, or if it is permissible under other laws and regulations. 41 This administrative authorisation approach is further highlighted in specialised policies governing the use of population health information, human genetic resources, and health big data. To summarise, these regulations first have a clear division of responsibilities and a hierarchical arrangement for oversight between 'responsible entities' and 'supervisory bodies'. The term 'responsible entities' refers to various medical institutions that implement the authorisation and management of health data within their organisations. 42 The term 'supervisory bodies' means government authorities in charge of the supervision of the activities of responsible entitles, including the National Health Committee at the central government level, and health administrative departments of at the local government 43 level. 43 This data authorisation model is, therefore, a decentralised approach in which the authorisation power is distributed across different medical institutions (as responsible entities) under the supervision of government authorities. Second, health data must be used within the scope of authorisation, but the authorised use of the data is not necessarily restricted to a single domain. 44 This means that the flow of health data through administrative authorisation is not limited to healthcare, but may also extend to technology, business, human resources, insurance, public security, and other areas. Third, the authorisation of health data is based on the norms and standards developed by the National Health Committee and must not infringe the state's interests, public interests, or the legitimate rights and interests of individuals and other entities. 45 The implication is that each responsible entity should evaluate and determine whether a request for data use meets these thresholds, and under what conditions it should be permitted. Although concrete standards and procedures are not yet available, it remains possible to make a preliminary analysis of this model in the specific context of mHealth. When applied to data-driven healthcare, this administrative authorisation needs further clarification in at least three areas. The first relates to the decentralised approach to data authorisation. This approach has the advantage of mitigating the need for centralised approval and distributing authority to each medical institution for greater efficiency. However, this decentralised approach may not be feasible for the use of health data, because health data must be maintained and authorised by different medical institutions separately. For projects that require access to large amounts of health data from mHealth platforms, a project leader may need to seek approval from many different responsible entities. Not only is this time-consuming, it also does not always result in consistent conditions for the use of the data.
Second, supervising the use of health data after authorisation would be a challenge. The nature of data means that they can easily be replicated and reused for a purpose other than that for which they were intended. In response to new threats, the regulatory model needs to clarify the supervisory bodies and ensure that they are capable of detecting problems when data cross domains. It is also necessary to determine the role of the supervisory bodies in the legal system, given that this authorisation may lead to a power imbalance between individuals and the responsible entities. 46 However, according to different statutes, supervisory accountability may fall to both the National Health Commission and the National Cyberspace Administration. 47 Hence, how different supervisory bodies work together and how they collaborate with other sectors remains unclear.
Third, the interplay of various standards and principles remains the most fundamental issue under this administrative regime. It is relatively difficult for a single responsible entity to make a sound assessment without specialist knowledge and comprehensive understanding of the implications of data use. The situation will become more complex when data are applied to a broader context. Multiple interests intertwine and influence the situation: these include access to healthcare, privacy, public security, scientific innovation, social insurance, and so forth. Therefore, the choice of values defines the position of these administrative bodies and shapes the entire data governance mechanism.
Overall, this analysis of the data-processing mechanism demonstrates some ambiguities and difficulties in the principles and standards that purport to regulate the sharing of health data. While this legal framework also stipulates other individual rights, duties of data processors, and even criminal liability for violations, further improvements are needed to reconcile individual interests and societal needs in data-driven healthcare.

From individual control to collective governance
Having noted some practical issues with regard to existing regulatory approaches, this section investigates the theoretical development and social determinants of health data governance. According to international legislative practices, the choice of an approach that is strictly wedded to individual self-control provides stronger health data protection in relation to securing individual fundamental interests in data-driven healthcare. 48 Indeed, the 'notice-and-consent' model 49 has long served as a decisive factor in the processing of personal data. The idea of individuals controlling their own information through the exercise of consent is central to privacy protection. A strict consent model empowers patients by giving them greater autonomy to decide how their health information is used, and for what purposes they deem it appropriate. It affirms the intrinsic value of health information privacy as a fundamental individual interest. However, scholars have also identified shortcomings within this mechanism. The purpose-based notice-and-consent approach merely indicates procedural steps, and it does not specify substantial criteria by which to guide the flow of information. 50 Simply following the required conditions does not necessarily strengthen privacy protection. 51 As a result, individuals are sometimes poorly equipped to make decisions about data disclosure. 52  individual control is not sufficient to address the challenges of big data usage or to provide legal remedies for individuals whose data have been misused. 53 Succinctly put, the individual control model is not very effective.
Although 'consent' will no doubt continue to function as the essential instrument of data processing in the future, the simple approach of tightening health data access through individual control and strict purpose limitation might not address new challenges and solve practical problems in China's healthcare context. First, such an approach seems to shift the responsibility and risks of using health data unfairly from data users to individuals. In contrast to the popularity of simplified and user-friendly mHealth platforms, few people can either understand the meaning of specific data use requests or grasp the logic behind analytical methods. Such difficulties disproportionately affect people of low socio-economic status, whose intentions are mainly to obtain medical care that is otherwise denied to them given their more limited capabilities of evaluation and negotiation. Where inequalities in the distribution of healthcare resources exist, as in China, access to healthcare becomes a priority. Second, an approach that offers further restrictions on the flow of information may have negative implications for public health. For instance, restricting the sharing and reuse of personal health information during an epidemic may limit, to some extent, the effectiveness of national preventive measures and directly impact public health outcomes. 54 Third, there is a broad range of statutory exceptions where consent is, for good reason, not required. Cultural attitudes about the relationship between the individual and the collective good must also be considered. As J. Whitman has indicated, human intuitions are formed by the legal and social values that prevail in society, and people in different cultures perceive privacy differently. 55 A framework that emphasises responsibility to others and to the community can also afford protections to individuals. 56 Finally, the autonomy-based approach is not likely to provide sufficient safeguards against the greater 'data power' held by the data platforms and government authorities. 57 In other words, states are obligated to take measures through legislation and administrative practices to offer comprehensive and effective protection for individuals. Therefore, China still requires fresh solutions to reconcile individuals' interests, wider societal needs, and underlying values in regulating health data.
Given that individuals are not sufficiently able to counteract power asymmetries, one solution could be empowerment through the state's obligations and non-state actors' responsibilities. It has recently been suggested that the mechanism for consent needs to shift from individual control to social control (i.e. multi-party authorisation). 58 This could equate to 'collective governance', that is, a multi-stakeholder initiative with a focus on public value. 59 Although this is a good starting point, it is imperative to understand that the sharing of power and responsibility among a greater number of parties does not automatically assure a more harmonious outcome. The principles chosen to guide the use of data within this collective responsibility scheme play a pivotal role in whether a fair balance will be achieved. In most circumstances, the risk of data misuse in the context of healthcare would not merely stem from the flow of data per se. The biggest concerns regarding the secondary use of health data relate to the questions of how such data can be used, and how their use affects individuals. From this perspective, the protection of personal health data is less about control, and more about the appropriate use of information. 60 The new challenges arising from data-driven technology also call for a shift from regulating data collection to promoting appropriate and accountable use. 61 The absence of clear and consistent principles to guide data use may result in unforeseen outcomes and the potential misuse or abuse of health data. The guiding principles that are appropriate to complement this collective governance model are considered in the next section.

Health data governance and the right to health principle: a new perspective
Modern theories of privacy advocate 'contextual integrity'. Similarly, how we measure the appropriateness of information flow ought also to be based on contextual integrity. 62 Instead of favouring values that either are shaped by respect for human personality or focus on utilitarian outcomes, proponents of contextual integrity propose a relatively neutral approach to the issues of privacy and data protection. This theory states that the use of information will not be appropriate if it conflicts with 'context-relative informational norms'. 63 The parameters of informational norms are multi-faceted and contextspecific, encompassing the actors involved, the type of information at stake, and the transmission principles utilised. 64 Given that each specific context is a construct of different values, goals, and purposes, other factors depend on the norms inherent in this context. As regards the actors involved, it is important to understand, for instance, their social roles, their capacities to affect data subjects, and their intentions. 65 Attending to these contextual norms ultimately permits an approach that evaluates new threats to privacy and consistently guides the flow of information in an appropriate manner. 66 Respect for access to healthcare A contextual integrity approach allows us to assess the regulation of personal health information from a new angle, thus avoiding some of the shortcomings of the methods previously mentioned. The primary legal principle in healthcare is equal access to necessary healthcare. 67 This principle is derived from the right to health, as enshrined in Article 12 of the International Covenant on Economic, Social and Cultural Rights. The right to health highlights 'the right of everyone to the enjoyment of the highest attainable standard of physical and mental health'. 'Accessibility', 'availability', 'acceptability', and 'quality' are essential standards for realising the right to health. 68 Moreover, states are obligated to realise the right to health for everyone. 69 China enshrines the recognition of the right to health and a citizen's right to access basic medical services as the fundamental principle of its first-ever comprehensive health law. The law stipulates that the state and society should realise, protect, and respect this positive social right in the healthcare system. 70 This essential concept is fundamental to the healthcare sector and constitutes the authoritative principle for guiding stakeholders in delivering healthcare goods and services.
This respect for access to healthcare should become a contextual norm that is used to guide health data circulation. The concept of the right to health underlines the importance of 'sharing' and 'protection' in data-driven healthcare. Observing the impact of health data sharing through the lens of the right to health reveals how sharing health data protects both individual health and public health, as well as how data sharing can be facilitated on a basis of solidarity. Health is not merely a fundamental rights issue, but also an essential component of sustainable development, poverty reduction, and economic prosperity. 71 The use of health data for the purpose of realising the right to health is, therefore, in the greater interest of society. Meanwhile, the specific meaning of solidarity in this context is that the healthcare system is organised in such a way that is based on universal access, with no risk selection: this constitutes a commitment to carry the costs of assisting each other. 72 Thus, the notion of solidarity can also illuminate the importance of data sharing in the healthcare sector. Previous approaches to health information have, by contrast, largely been limited to the issues of autonomy, data ownership, and individual control, and have generally placed less emphasis on the use of health data as a public good for improving health and healthcare. 73 Privacy-related arguments focus on the individualised understanding of data ownership 74 but ignore the social and relational features of health data. 75 Hence, an approach based on the right to health is conducive to the growing need for open data to improve healthcare.
In addition to highlighting the need for sharing health data, essential standards and values embedded in the right to health may provide important additional guidance in terms of protecting individual interests from the secondary use of health data. The substantive and procedural standards of the right to health, and their relationship to health data governance, can be elaborated by drawing out four central threads.
First, respect for access to healthcare in law emphasises the just use and equitable sharing of health data for the benefit of everyone. Under General Comment No. 14, the authoritative interpretation of the right to health, essential health goods and services must be accessible to all, but in particular to poor and disadvantaged groups. 76 In addition, whether healthcare is privately or publicly provided, payment for basic healthcare services must align with the principle of equity. 77 This interpretation of how the right to health is realised affects the way in which we should use and share health data. Data will add value only if they are applied to the development of programmes, goods, and services that improve healthcare and well-being. 78 Hence, this principle suggests that everyone should have equal access to essential healthcare goods and services, including to those programmes developed using the large-scale sharing of personal health data. The foundation for building trust and sustaining data sharing is not to limit the opportunities for any individual to benefit from the health data that he or she has shared. One notable concern in this respect is the unfair and inequitable treatment of individuals through the application of predictive analytics to health data. 79 Big data-enabled price discrimination against existing customers is another example. 80 Therefore, data justice in healthcare means that individuals (especially marginalised groups) must not be denied access to healthcare services because of personal data sharing.
Second, the concept of the right to health underscores the collective responsibilities of the state and private actors. The state should take measures to ensure that private actors do not limit the accessibility of healthcare goods and services. 81 By advocating equal access to healthcare, this principle responds to the current phenomenon of the privatisation of health data for competitive gain. The excessive concentration of health data in the hands of corporations may lead to data monopolisation. Despite short-term technological innovation, privatising personal health data will hamper scientific progress and worsen rather than improve inequalities and injustice in the long term. 82 Moreover, the idea of granting individuals private ownership rights over personal data 83 or commercialising data 84 does not bring additional benefits to individuals. Rather, personal data ownership might incentivize people of lower socio-economic status to sell their personal data in exchange for services. 85 Therefore, an approach based on the right to health highlights the responsibilities of private actors in using health data to achieve the ultimate goal of this data-driven healthcare, namely improving health for everyone.
Third, the rights-based approach to health addresses the duty of confidentiality. 86 Confidentiality requires doctors and medical institutions to remain silent about the information that is entrusted to them by patients, given that the failure to take this duty seriously can deter patients from seeking medical advice. In other words, professional duty -and the trust built through its performance -constitutes a prerequisite for effective and accessible healthcare. An individual's unencumbered access to healthcare takes precedence over other interests. This interpretation indicates that the need for data sharing does not equate to a diminished responsibility of doctors and hospitals to maintain medical confidentiality. Even in the face of ever-increasing demand for data use, doctors must still make justified choices in the face of competing interests. 87 Where patient consent is granted, doctors have a further decision to make over whether the disclosure of health information to a third party is justified in the interest of access to healthcare. 88 The fourth standard relates to processes, namely participation and inclusion. The participatory process requires that individuals and relevant responsible parties should participate in decisions that directly affect them. 89 The process needs to be transparent, striking a fair balance that respects the most disadvantaged groups. 90 In so doing, the process ensures that policies and programmes are implemented in a way that meets people's needs. 91 People's participation in health-related decision-making processes certainly has a crucial role in the collective governance model: it means that the agency of the state and the non-state parties (e.g. private actors) must include a greater number of opinions from interest groups and experts in the process of authorising and using health data.
In short, the dual targets of data governance, namely 'sharing' and 'protection', are embodied in the concept of the right to health. The application of the right to health prioritises good health for everyone, with this common interest embodied in the sharing of health data. Meanwhile, respect for access to healthcare points to the need for justice, confidentiality, and collective responsibility in the use of health data. In this sense, it balances a mechanism that is heavily reliant on individual consent and refines the collective governance model. Collective governance through the state's obligation to protect its people, together with an emphasis on the responsibility of private actors, may change the power asymmetries between individuals, the government, and private actors. Collective governance based on the right to health could be a way of reconciling diverse interests in the use, sharing, and authorisation of data. The next (and final) section presents some operational suggestions for the achievement of this collective model.

A way forward for health data governance
The strong collective governance of health data requires carefully designed legislation, enforcement, monitoring, and collaboration. Two things deserve particular attention.
First, an independent organisation should be established to manage data authorisation and coordinate different regulators. 'Independent' means here that the organisation must not be influenced or controlled in any way by local government authorities and bureaucracies. To maintain agency and autonomy, this central organisation must be empowered to organise and oversee the fragmented responsible entities in charge of data authorisation across different medical institutions. In addition, it is recommended that a 'review committee' is established within in this organisation for providing consultation on cases raised by each responsible entity. This 'review committee' should include experts from the fields of statistics, analytics, technology, ethics, and medicine to provide relevant advice on each specific request. 92 Furthermore, it is important that the representatives of potentially affected patient groups, commercial developers, and other interest groups are included in the decision-making process, thereby delivering a more inclusive, consistent, and rational outcome. As regards post-authorisation regulation, this central organisation needs to cooperate closely with other relevant organisations such as the Anti-trust Authority, the Consumer Protection Agency, the Food and Drug Administration, and the General Data Protection Authority. A stronger degree of cooperation with these relevant regulatory institutions could help to mitigate the risks of data abuse and realise equal access to data-powered digital tools, platforms, and services.
Collective responsibility 93 is the second value to be strengthened in the proposed future legal framework governing health data. This is in line with General Comment No. 14, which indicates that the responsibility to realise the right to health is relevant and binding not only for government but also for private actors. 94 The use of health information by private actors may have commercial purposes, but those actors are expected, the principle maintains, to deliver better health for individuals and the community as the eventual outcome of using that information. Their use of health information should not constitute a barrier that reduces or denies individual rights to equal access to healthcare. It has been suggested that the profits obtained by using health data could be ploughed back into the public domain (healthcare) through tax. 95 An initiative to encourage participation in the co-creation of health data-based interventions could also help to avoid potential data misuse. 96 Moreover, it is important to ensure equal access to data-driven devices for essential care. In brief, in this new healthcare context, emphasising respect for access to healthcare during health data sharing may help ease individuals' concerns, establish trusted governance schemes, and boost public participation.

Conclusion
The governance of the data-driven transformation of the healthcare sector must ultimately aim to bolster access to healthcare for everyone. 97 Owing to digital health interventions such as mHealth, a tremendous amount of health data are generated, driving this transformation. However, health data are increasingly concentrated in the hands of large technology companies, leading to an asymmetry of power between data users and the individuals to whom those data relate. This asymmetry is starker in a country such as China, in which health resources and social welfare are unevenly distributed, and where market integrity is relatively weak. Some patients may refuse to seek medical treatment or be reluctant to donate personal health data owing to fears over health disclosure or the inappropriate use of their health information. Still more might seek healthcare services without the ability to bargain for the appropriate use of their personal health information. These consequences are at odds with the goals and promises of mHealth and data-driven healthcare. This article has explored and analysed the legal landscape pertaining to the latest health information protection regime in China. It proposes a new perspective, emphasising access to healthcare as a basic principle that guides the use of health data for the interests of individuals and society. Although this is a case study of China, every country faces similar new challenges. At present, compliance with personal data protection law may have to depend, primarily, on individual control and security measures, while the appropriate use of health data is also key to the fundamental interests of the individual. Collective governance, based on the right to health, can solve some problems that are insurmountable under alternative approaches. It protects equal access to healthcare, promotes health data sharing, and drives the implementation of mHealth towards a sustainable goal.