JAPAN Trends and Developments Contributed by: Satoshi Ogawa, Yuto Noro, Hitoshi Fujimaki and Yuka Hirata, TMI Associates
the legal system of such country and the data compliance system of the data recipients, when obtaining consent to the data transfer. In 2021, Japan’s data protection laws, which had been fragmented by applicable entities, were merged into the APPI, but the data protection regulations remain different for the public and private sectors. This amendment also embodied the blanket academic research exception into separate exceptions for the acquisition, use and provision scenarios. At present, the government is considering amendments to the APPI. This includes intro- ducing new requirements to process biomet- ric data, such as enhancing transparency and expanding the data subject’s rights for the pro- cessing of biometric data. Modernisation of healthcare information security Healthcare data security was previously gov- erned by four guidelines across three ministries, but these were merged into two guidelines by such three ministries. This has been done to organise the overly complex security guide- lines and to encourage compliance by health- care organisations and their vendors. In 2023 and 2025, these guidelines were further revised and modernised due to the complexities in pro- tecting medical information from the increasing sophistication of cyber-attacks. Importance of global data compliance Given the trends towards global data protec- tion, Japanese companies are increasingly being required to establish healthcare data compliance systems not only for Japanese law but also for foreign laws. This is due to the fact that foreign data protection and privacy laws are becoming more and more stringent over time. For exam-
ple, the EU enacted the General Data Protec- tion Regulation (GDPR) in 2016. In the US, the California Consumer Privacy Act of 2018 (CCPA) was enacted in California in 2018, followed by a series of laws and regulations in other states. In China, the Personal Information Protection Law (PIPL) was enacted in 2021. In light of this situation, Japanese companies need to comply with these laws, as well as Japanese laws, when handling healthcare data. Other topics Individual number card The Individual Number Card (My Number Card) is an official identification card issued by the Japanese government which allows individu- als to access their personal health insurance information, including drug prescriptions, health checkup results, and medical expense notifica- tions, through a government portal. With the user’s consent, such information can also be shared with third parties via an API (Application Programming Interface). Furthermore, starting in December 2024, the issuance of renewed traditional health insurance cards was discontinued, and the government began transitioning to the My Number Card as the primary form of health insurance identifica- tion. When used as a health insurance card and with the necessary consent, it allows doctors to access a patient’s health information, enabling more personalised medical care. From 1 April 2025, under the facility requirements for the newly introduced “Medical DX Promotion Infrastructure Development Add-on”, medical institutions and pharmacies are required to meet a minimum threshold for the use of the My Num- ber Card as a health insurance card. The number of points granted under the medical service fee schedule will vary depending on each facility’s
72
CHAMBERS.COM
Powered by FlippingBook