National Health Insurance Data Management Act
2025-12-19
手機睡眠
語音選擇
Article 1
This Act is enacted to regulate the use and management of National Health Insurance data for purposes other than the specific purposes for which the data were collected, safeguard individuals’ right to information privacy, enhance the quality of medical care, promote public health and social welfare, advance academic research and development, facilitate the performance of statutory duties by government agencies, and improve the health and well-being of all citizens.
Article 2
The Competent Authority of this Act shall be the Ministry of Health and Welfare.
Article 3
Terms used in this Act are defined as follows:
1. National Health Insurance data (hereinafter referred to as “NHI data”): Data collected and processed by the National Health Insurance insurer (hereinafter referred to as the “Insurer”) in accordance with the National Health Insurance Act for the purpose of administering insurance operations.
2. Specific purposes: The legally prescribed purposes for which the competent authority and the Insurer collect personal NHI data.
3. Data subject: The individual whose personal NHI data is collected, processed or used.
4. Pseudonymization: A process by which NHI data is processed or transformed so that the identity of the data subject cannot be identified without cross-referencing other information, provided that such other information is stored separately and is subject to technical or organizational safeguards.
1. National Health Insurance data (hereinafter referred to as “NHI data”): Data collected and processed by the National Health Insurance insurer (hereinafter referred to as the “Insurer”) in accordance with the National Health Insurance Act for the purpose of administering insurance operations.
2. Specific purposes: The legally prescribed purposes for which the competent authority and the Insurer collect personal NHI data.
3. Data subject: The individual whose personal NHI data is collected, processed or used.
4. Pseudonymization: A process by which NHI data is processed or transformed so that the identity of the data subject cannot be identified without cross-referencing other information, provided that such other information is stored separately and is subject to technical or organizational safeguards.
Article 4
The competent authority shall establish a National Health Insurance Data Advisory Council (hereinafter referred to as the “Advisory Council”), whose duties shall be as follows:
1. To provide recommendations on policies, regulations, and supervision concerning the management and oversight of the use of NHI data for purposes other than the specific purposes.
2. To provide consultation and conduct assessments regarding supervisory and protective measures for safeguarding the use of NHI data for purposes other than the specific purposes.
3. To handle disputes arising from applications for the use of NHI data for purposes other than the specific purposes.
4. To handle disputes concerning requests by data subjects to cease the use or provision of NHI data for purposes other than the specific purposes.
5. To assist the competent authority in guidance, evaluation, and supervision regarding entrusted management of the use of NHI data for purposes other than the specific purposes.
6. To provide recommendations on other matters related to NHI data.
1. To provide recommendations on policies, regulations, and supervision concerning the management and oversight of the use of NHI data for purposes other than the specific purposes.
2. To provide consultation and conduct assessments regarding supervisory and protective measures for safeguarding the use of NHI data for purposes other than the specific purposes.
3. To handle disputes arising from applications for the use of NHI data for purposes other than the specific purposes.
4. To handle disputes concerning requests by data subjects to cease the use or provision of NHI data for purposes other than the specific purposes.
5. To assist the competent authority in guidance, evaluation, and supervision regarding entrusted management of the use of NHI data for purposes other than the specific purposes.
6. To provide recommendations on other matters related to NHI data.
Article 5
The Advisory Council shall consist of a number of members appointed or designated by the competent authority, including experts and scholars in medicine, public health, law, and information and communications security; representatives of human rights and patient advocacy organizations; impartial persons; and representatives of government agencies (institutions), with at least two members from each category. The number of experts and scholars, representatives of human rights and patient advocacy organizations, and impartial persons shall not be less than three-quarters of the total membership. Members of any single gender shall constitute no less than one-third of the total membership.
The term of office for members shall be two years, and reappointment upon expiration of the term is permitted.
Regulations governing the number of members, method for selecting the chairperson, convening of meetings, attendance, resolutions and deliberative procedures, dispute handling, and other related matters shall be prescribed by the competent authority.
The term of office for members shall be two years, and reappointment upon expiration of the term is permitted.
Regulations governing the number of members, method for selecting the chairperson, convening of meetings, attendance, resolutions and deliberative procedures, dispute handling, and other related matters shall be prescribed by the competent authority.
Article 6
The competent authority and the Insurer shall provide computers, information and communications systems and services, and other necessary facilities and equipment, establish relevant databases for NHI data, and designate dedicated units and personnel for their management.
NHI data required by the competent authority for establishing the databases referred to in the preceding paragraph shall be pseudonymized by the Insurer before transmission to the competent authority.
Regulations governing the procedures, operational methods, and other related matters concerning the pseudonymization of NHI data referred to in the preceding paragraph shall be prescribed by the competent authority.
The competent authority shall conduct periodic or ad hoc assessments of the management and utilization of the databases referred to in Paragraph 1; where improvements are required, it shall make such improvements or notify the Insurer to make immediate or time-limited improvements.
NHI data required by the competent authority for establishing the databases referred to in the preceding paragraph shall be pseudonymized by the Insurer before transmission to the competent authority.
Regulations governing the procedures, operational methods, and other related matters concerning the pseudonymization of NHI data referred to in the preceding paragraph shall be prescribed by the competent authority.
The competent authority shall conduct periodic or ad hoc assessments of the management and utilization of the databases referred to in Paragraph 1; where improvements are required, it shall make such improvements or notify the Insurer to make immediate or time-limited improvements.
Article 7
The use and management of NHI data for purposes other than the specific purposes shall be carried out by the competent authority and the Insurer.
Article 8
Applications for the use of NHI data for purposes other than the specific purposes shall be limited to purposes of improving the quality and accessibility of medical care, reducing health inequalities, enhancing public health, social welfare, and the public interest, promoting academic research and development, and enabling government agencies (institutions) and administrative corporations to perform statutory duties.
Such applications shall not be made for commercial profit-making purposes.
Such applications shall not be made for commercial profit-making purposes.
Article 9
An applicant under the preceding Article shall be limited to government agencies (institutions), administrative corporations, medical care institutions, academic research institutions, universities established within the territory of the Republic of China, and universities, legal persons, or institutions commissioned by government agencies.
Article 10
Where government agencies (institutions) or administrative corporations apply to use NHI data for purposes other than the specific purposes for the performance of statutory duties, a written application shall be submitted to the Insurer. The use and management of the NHI data obtained shall be governed by the laws applicable to such agencies (institutions) or administrative corporations.
Regulations governing application procedures, required supporting documents, methods of provision of NHI data, and other compliance matters referred to in the preceding paragraph shall be prescribed by the competent authority.
Where judicial authorities retrieve NHI data for statutory duties related to investigation, trial, or enforcement, such retrieval shall be handled in accordance with applicable procedural laws; where supervisory authorities retrieve NHI data for the performance of statutory duties, such retrieval shall be handled in accordance with supervisory laws.
Where the application referred to in Paragraph 1 involves the use of NHI data not relating to specific individuals, the applicant shall establish data use and management regulations, which shall include the following:
1. Purposes and methods of data use.
2. Security management regulations for personnel accessing the data.
3. Procedures for prevention, notification, and response to data-related incidents.
4. Procedures for deletion, cessation of processing or use when the specific purpose for data collection no longer exists or when the retention period expires.
Regulations governing application procedures, required supporting documents, methods of provision of NHI data, and other compliance matters referred to in the preceding paragraph shall be prescribed by the competent authority.
Where judicial authorities retrieve NHI data for statutory duties related to investigation, trial, or enforcement, such retrieval shall be handled in accordance with applicable procedural laws; where supervisory authorities retrieve NHI data for the performance of statutory duties, such retrieval shall be handled in accordance with supervisory laws.
Where the application referred to in Paragraph 1 involves the use of NHI data not relating to specific individuals, the applicant shall establish data use and management regulations, which shall include the following:
1. Purposes and methods of data use.
2. Security management regulations for personnel accessing the data.
3. Procedures for prevention, notification, and response to data-related incidents.
4. Procedures for deletion, cessation of processing or use when the specific purpose for data collection no longer exists or when the retention period expires.
Article 11
Government agencies (institutions), administrative corporations, medical care institutions, academic research institutions, universities, and universities, legal persons, or institutions commissioned by government agencies applying to use NHI data for purposes other than the specific purposes, except in circumstances prescribed in the preceding Article, shall submit an application form together with a project plan for such use. Approval shall be granted after review by the competent authority or the Insurer, and the applicant shall be notified in writing.
Where an applicant requires amendment, modification, or extension of an approved project plan for use for purposes other than the specific purposes, an application shall be submitted in accordance with the preceding paragraph, and execution may proceed only after review and approval by the competent authority or the Insurer.
The review of applications under the preceding two paragraphs shall be conducted by review committees respectively convened by the competent authority and the Insurer, consisting of relevant experts and scholars, civic groups, impartial persons, and representatives of government agencies (institutions). The number of experts and scholars, civic group representatives, and impartial persons shall not be less than one-half of the total membership, and members of any single gender shall not constitute less than one-third of the total membership.
Regulations governing qualifications, conditions and procedures for applications under Paragraphs 1 and 2, required contents of application forms and project plans for use for purposes other than the specific purposes, data type classifications and levels, review procedures and standards, revocation of approval, fees, and other compliance matters shall be prescribed by the competent authority.
Where an applicant requires amendment, modification, or extension of an approved project plan for use for purposes other than the specific purposes, an application shall be submitted in accordance with the preceding paragraph, and execution may proceed only after review and approval by the competent authority or the Insurer.
The review of applications under the preceding two paragraphs shall be conducted by review committees respectively convened by the competent authority and the Insurer, consisting of relevant experts and scholars, civic groups, impartial persons, and representatives of government agencies (institutions). The number of experts and scholars, civic group representatives, and impartial persons shall not be less than one-half of the total membership, and members of any single gender shall not constitute less than one-third of the total membership.
Regulations governing qualifications, conditions and procedures for applications under Paragraphs 1 and 2, required contents of application forms and project plans for use for purposes other than the specific purposes, data type classifications and levels, review procedures and standards, revocation of approval, fees, and other compliance matters shall be prescribed by the competent authority.
Article 12
Where an applicant disagrees with the review decision made by the competent authority or the Insurer pursuant to Paragraph 1 or Paragraph 2 of the preceding Article, the applicant shall file a petition for reconsideration with the competent authority or the Insurer within thirty (30) days from the day following receipt of the written notice. Applications filed after the deadline shall not be accepted. If dissatisfied with the reconsideration decision, the applicant may file an administrative appeal and institute administrative litigation in accordance with the law.
Regulations governing required documents and information for reconsideration applications, supplementation and correction procedures, review operations, time limits for rendering reconsideration decisions, and other compliance matters shall be prescribed by the competent authority.
Regulations governing required documents and information for reconsideration applications, supplementation and correction procedures, review operations, time limits for rendering reconsideration decisions, and other compliance matters shall be prescribed by the competent authority.
Article 13
Where an applicant referred to in Paragraph 1 of Article 11 has obtained approval to use NHI data for purposes other than the specific purposes and has paid the prescribed fees, such use shall be carried out in accordance with the methods, time, and location designated by the competent authority or the Insurer. The competent authority and the Insurer shall establish secure operating environments and relevant regulations at the designated locations.
Regulations governing the designated methods, time, locations, operational procedures, prohibited items for removal, handling of violations, information and communications security measures, secure operating environment standards, and other compliance matters referred to in the preceding paragraph shall be prescribed by the competent authority.
Regulations governing the designated methods, time, locations, operational procedures, prohibited items for removal, handling of violations, information and communications security measures, secure operating environment standards, and other compliance matters referred to in the preceding paragraph shall be prescribed by the competent authority.
Article 14
The results obtained from the use of NHI data for purposes other than the specific purposes by applicants referred to in Paragraph 1 of Article 11 shall not contain information from which the identity of a specific individual may be identified.
The results referred to in the preceding paragraph shall not be used by the applicant for purposes other than those approved under the project pursuant to Paragraphs 1 and 2 of Article 11.
Upon completion of the project, the applicant shall submit a utilization results report to the competent authority or the Insurer.
For applications made pursuant to Paragraph 1 of Article 11, the competent authority or the Insurer shall periodically disclose the number of approved cases, a list of approved cases, utilization results reports, and other relevant information.
The results referred to in the preceding paragraph shall not be used by the applicant for purposes other than those approved under the project pursuant to Paragraphs 1 and 2 of Article 11.
Upon completion of the project, the applicant shall submit a utilization results report to the competent authority or the Insurer.
For applications made pursuant to Paragraph 1 of Article 11, the competent authority or the Insurer shall periodically disclose the number of approved cases, a list of approved cases, utilization results reports, and other relevant information.
Article 15
Where an applicant referred to in Paragraph 1 of Article 11 derives industrial benefits from the results obtained through the use of NHI data for purposes other than the specific purposes within fifteen (15) years from the date of application, the applicant shall allocate a certain proportion as a benefit-sharing contribution, which shall be incorporated into the National Health Insurance Fund.
Regulations governing the determination of industrial benefits, the proportion of benefit-sharing contribution to be allocated, the method of allocation, and other related matters referred to in the preceding paragraph shall be prescribed by the competent authority.
Regulations governing the determination of industrial benefits, the proportion of benefit-sharing contribution to be allocated, the method of allocation, and other related matters referred to in the preceding paragraph shall be prescribed by the competent authority.
Article 16
When the competent authority and the Insurer disclose matters concerning NHI data they hold pursuant to Article 17 of the Personal Data Protection Act, they shall additionally disclose the following:
1. That a data subject may request the cessation of the use of all or part of their NHI data by others for purposes other than the specific purposes.
2. The procedures for making the request referred to in the preceding subparagraph, the authority responsible for receiving such requests, and other related matters.
Within thirty (30) days from the enforcement of this Act, the competent authority or the Insurer shall suspend acceptance of applications for the use of NHI data for purposes other than the specific purposes under Paragraph 1 of Article 11.
Where a data subject does not request cessation of such use within the period specified in the preceding paragraph, the data subject shall be deemed to have consented to the use of their NHI data for purposes other than the specific purposes. After the expiration of the period, the data subject may still request cessation of such use.
1. That a data subject may request the cessation of the use of all or part of their NHI data by others for purposes other than the specific purposes.
2. The procedures for making the request referred to in the preceding subparagraph, the authority responsible for receiving such requests, and other related matters.
Within thirty (30) days from the enforcement of this Act, the competent authority or the Insurer shall suspend acceptance of applications for the use of NHI data for purposes other than the specific purposes under Paragraph 1 of Article 11.
Where a data subject does not request cessation of such use within the period specified in the preceding paragraph, the data subject shall be deemed to have consented to the use of their NHI data for purposes other than the specific purposes. After the expiration of the period, the data subject may still request cessation of such use.
Article 17
A data subject may submit an application requesting that the Insurer cease the use of all or part of the subject’s NHI data for purposes other than the specific purposes.
Where the data subject is under seven years of age or has been placed under guardianship, the application referred to in the preceding paragraph shall be made by the subject’s legal representative or guardian. Where the data subject is seven years of age or older but under eighteen years of age, or has been placed under assistance, the application shall be made by the legal representative or the assisted person, with the consent of the data subject or the assistant.
Upon accepting an application under Paragraph 1 and verifying that the data subject’s NHI data exists, the Insurer shall, within thirty (30) days from the day following the date of application, record a notation indicating that the data shall not be provided for use for purposes other than the specific purposes, and shall notify the data subject, the legal representative, or the guardian of the approval and the date of such notation.
Regulations governing the categories and scope of NHI data subject to cessation of use for purposes other than the specific purposes, the contents of notation and notification, and other related matters referred to in Paragraph 1 shall be prescribed by the competent authority.
Where the data subject is under seven years of age or has been placed under guardianship, the application referred to in the preceding paragraph shall be made by the subject’s legal representative or guardian. Where the data subject is seven years of age or older but under eighteen years of age, or has been placed under assistance, the application shall be made by the legal representative or the assisted person, with the consent of the data subject or the assistant.
Upon accepting an application under Paragraph 1 and verifying that the data subject’s NHI data exists, the Insurer shall, within thirty (30) days from the day following the date of application, record a notation indicating that the data shall not be provided for use for purposes other than the specific purposes, and shall notify the data subject, the legal representative, or the guardian of the approval and the date of such notation.
Regulations governing the categories and scope of NHI data subject to cessation of use for purposes other than the specific purposes, the contents of notation and notification, and other related matters referred to in Paragraph 1 shall be prescribed by the competent authority.
Article 18
Where a data subject’s NHI data has been marked with a notation to cease use for purposes other than the specific purposes, the competent authority and the Insurer shall not provide such data externally for use for purposes other than the specific purposes, except where the Insurer transmits such data to the competent authority pursuant to Paragraph 2 of Article 6. The cessation of use for purposes other than the specific purposes shall not apply retroactively.
Article 19
After a data subject has requested cessation of use of NHI data for purposes other than the specific purposes and such notation has been made, the competent authority or the Insurer may still provide such data externally for use for purposes other than the specific purposes under any of the following circumstances:
1. Where the competent authority or the Insurer has a duty to provide such data pursuant to Paragraphs 1 and 3 of Article 10.
2. Where necessary to avert imminent danger to the life, body, or property of any person.
In the circumstance referred to in Subparagraph 2 of the preceding paragraph, applications shall be limited to government agencies (institutions), and the purpose and necessity of use, the period of use, and the manner of data utilization shall be specifically stated and publicly announced.
1. Where the competent authority or the Insurer has a duty to provide such data pursuant to Paragraphs 1 and 3 of Article 10.
2. Where necessary to avert imminent danger to the life, body, or property of any person.
In the circumstance referred to in Subparagraph 2 of the preceding paragraph, applications shall be limited to government agencies (institutions), and the purpose and necessity of use, the period of use, and the manner of data utilization shall be specifically stated and publicly announced.
Article 20
Any person who, by theft, destruction, or other unlawful means, interferes with the normal operation of the core information and communications system equipment or computer facilities of the databases established by the competent authority or the Insurer pursuant to Paragraph 1 of Article 6 shall be sentenced to imprisonment for not less than one year and not more than seven years, and may additionally be fined up to ten million New Taiwan Dollars.
Where the offense described in the preceding paragraph is committed with intent to endanger national security or social stability, the offender shall be sentenced to imprisonment for not less than three years and not more than ten years, and may additionally be fined up to fifty million New Taiwan Dollars.
Where a person engaged in professional duties commits any of the offenses set forth in the preceding two paragraphs by taking advantage of his or her occupational position, the punishment shall be increased by one-half.
Attempts to commit the offenses set forth in Paragraphs 1 and 2 shall be punishable.
Where the offense described in the preceding paragraph is committed with intent to endanger national security or social stability, the offender shall be sentenced to imprisonment for not less than three years and not more than ten years, and may additionally be fined up to fifty million New Taiwan Dollars.
Where a person engaged in professional duties commits any of the offenses set forth in the preceding two paragraphs by taking advantage of his or her occupational position, the punishment shall be increased by one-half.
Attempts to commit the offenses set forth in Paragraphs 1 and 2 shall be punishable.
Article 21
Any person who, by any of the following means, interferes with the normal operation of the core information and communications systems and databases established by the competent authority or the Insurer pursuant to Paragraph 1 of Article 6 shall be sentenced to imprisonment for not less than one year and not more than seven years, and may additionally be fined up to ten million New Taiwan Dollars:
1. Without authorization, inputting account credentials, circumventing computer protection measures, or exploiting vulnerabilities in computer systems to gain unauthorized access to computers or related equipment.
2. Without authorization, interfering with computers or related equipment by means of computer programs or other electromagnetic methods.
3. Without authorization, obtaining, deleting, or altering electromagnetic records of computers or related equipment.
Any person who produces computer programs specifically for committing the offenses set forth in the preceding paragraph and uses them, or provides them to others for such purposes, shall be subject to the same penalties.
Where a person commits any of the offenses described in the preceding two paragraphs with intent to endanger national security, social stability, or for profit-making purposes, the offender shall be sentenced to imprisonment for not less than three years and not more than ten years, and may additionally be fined up to fifty million New Taiwan Dollars.
Where a person engaged in professional duties commits any of the offenses set forth in the preceding three paragraphs by taking advantage of his or her occupational position, the punishment shall be increased by one-half.
Attempts to commit the offenses set forth in Paragraphs 1 through 3 shall be punishable.
1. Without authorization, inputting account credentials, circumventing computer protection measures, or exploiting vulnerabilities in computer systems to gain unauthorized access to computers or related equipment.
2. Without authorization, interfering with computers or related equipment by means of computer programs or other electromagnetic methods.
3. Without authorization, obtaining, deleting, or altering electromagnetic records of computers or related equipment.
Any person who produces computer programs specifically for committing the offenses set forth in the preceding paragraph and uses them, or provides them to others for such purposes, shall be subject to the same penalties.
Where a person commits any of the offenses described in the preceding two paragraphs with intent to endanger national security, social stability, or for profit-making purposes, the offender shall be sentenced to imprisonment for not less than three years and not more than ten years, and may additionally be fined up to fifty million New Taiwan Dollars.
Where a person engaged in professional duties commits any of the offenses set forth in the preceding three paragraphs by taking advantage of his or her occupational position, the punishment shall be increased by one-half.
Attempts to commit the offenses set forth in Paragraphs 1 through 3 shall be punishable.
Article 22
Any person who violates Paragraph 1 of Article 11 by using NHI data for purposes other than the specific purposes without approval from the competent authority or the Insurer shall be subject to an administrative fine of not less than two million New Taiwan Dollars and not more than ten million New Taiwan Dollars imposed by the competent authority or the Insurer. Such person shall be prohibited from applying for use for purposes other than the specific purposes for one year from the date of service of the disposition, and any NHI data already obtained shall be destroyed.
Article 23
Where any of the following circumstances occurs, the competent authority or the Insurer shall impose an administrative fine of not less than five hundred thousand New Taiwan Dollars and not more than two million five hundred thousand New Taiwan Dollars, and shall order the violator, within a specified period, to cease execution, cease utilization, or make corrections. If the violator fails to comply within the specified period, penalties may be imposed consecutively, and the violator may, from the date of service of the disposition, be prohibited from applying for use for purposes other than the specific purposes for a period of one year:
1. Failure to execute the project in accordance with the approved plan under Paragraph 1 or Paragraph 2 of Article 11.
2. Violation of Paragraph 2 of Article 11, or Paragraph 2 of Article 11 as applied mutatis mutandis under Article 25, by executing amendments, modifications, or extensions to an approved project plan without obtaining approval.
3. Violation of Paragraph 1 of Article 13, or Paragraph 1 of Article 13 as applied mutatis mutandis under Article 25, by failing to execute use for purposes other than the specific purposes in accordance with the methods, time, or location designated by the competent authority or the Insurer.
4. Violation of regulations concerning items prohibited from being removed or information and communications security maintenance measures prescribed under Paragraph 2 of Article 13, or Paragraph 2 of Article 13 as applied mutatis mutandis under Article 25.
5. Violation of Paragraph 1 of Article 14, or Paragraph 1 of Article 14 as applied mutatis mutandis under Article 25, where the results of use for purposes other than the specific purposes contain information from which the identity of a specific individual may be identified.
6. Violation of Paragraph 2 of Article 14, or Paragraph 2 of Article 14 as applied mutatis mutandis under Article 25, by using utilization results for purposes other than those originally approved.
7. Violation of Paragraph 1 of Article 15, or Paragraph 1 of Article 15 as applied mutatis mutandis under Article 25, by failing to allocate the required proportion of benefit-sharing contribution to the National Health Insurance Fund.
1. Failure to execute the project in accordance with the approved plan under Paragraph 1 or Paragraph 2 of Article 11.
2. Violation of Paragraph 2 of Article 11, or Paragraph 2 of Article 11 as applied mutatis mutandis under Article 25, by executing amendments, modifications, or extensions to an approved project plan without obtaining approval.
3. Violation of Paragraph 1 of Article 13, or Paragraph 1 of Article 13 as applied mutatis mutandis under Article 25, by failing to execute use for purposes other than the specific purposes in accordance with the methods, time, or location designated by the competent authority or the Insurer.
4. Violation of regulations concerning items prohibited from being removed or information and communications security maintenance measures prescribed under Paragraph 2 of Article 13, or Paragraph 2 of Article 13 as applied mutatis mutandis under Article 25.
5. Violation of Paragraph 1 of Article 14, or Paragraph 1 of Article 14 as applied mutatis mutandis under Article 25, where the results of use for purposes other than the specific purposes contain information from which the identity of a specific individual may be identified.
6. Violation of Paragraph 2 of Article 14, or Paragraph 2 of Article 14 as applied mutatis mutandis under Article 25, by using utilization results for purposes other than those originally approved.
7. Violation of Paragraph 1 of Article 15, or Paragraph 1 of Article 15 as applied mutatis mutandis under Article 25, by failing to allocate the required proportion of benefit-sharing contribution to the National Health Insurance Fund.
Article 24
Where a penalty is imposed pursuant to the preceding two Articles, the competent authority or the Insurer shall additionally impose an administrative fine of not less than fifty thousand New Taiwan Dollars and not more than five hundred thousand New Taiwan Dollars on the individual who actually committed the act.
Where the individual referred to in the preceding paragraph is qualified as a medical professional and has violated laws governing professional practice, penalties shall additionally be imposed in accordance with the applicable laws.
Where the individual referred to in the preceding paragraph is qualified as a medical professional and has violated laws governing professional practice, penalties shall additionally be imposed in accordance with the applicable laws.
Article 25
Where use of NHI data for purposes other than the specific purposes was approved prior to the enforcement of this Act and such use continues after the enforcement of this Act, Paragraphs 2 and 3 of Article 11 and Articles 12 through 15 shall apply mutatis mutandis to such continued use.
NHI data obtained prior to the enforcement of this Act shall be destroyed. However, this shall not apply where government agencies (institutions) use such data for the performance of statutory duties.
Where NHI data is not destroyed in violation of the preceding paragraph, an administrative fine of not less than two million New Taiwan Dollars and not more than ten million New Taiwan Dollars shall be imposed.
NHI data obtained prior to the enforcement of this Act shall be destroyed. However, this shall not apply where government agencies (institutions) use such data for the performance of statutory duties.
Where NHI data is not destroyed in violation of the preceding paragraph, an administrative fine of not less than two million New Taiwan Dollars and not more than ten million New Taiwan Dollars shall be imposed.
Article 26
The Enforcement Rules of this Act shall be prescribed by the competent authority.
Article 27
The date of enforcement of this Act shall be prescribed by the Executive Yuan.