Analysis of AI Report Review Efficiency and Medical Data Compliance Boundaries for Meinian Health

Based on the searched information, I will provide a detailed analysis of the efficiency improvement of Meinian Health’s AI report review and the definition of boundaries for the compliant use of medical data.

According to public research reports, as a leading player in China’s physical examination industry, Meinian Health has made significant progress in the field of AI health management [1]. The company launched the ‘Jiankang Xiaomei’ Digital Intelligent Health Manager Platform, which has achieved substantial progress:

• Launch Scale
  : As of the end of March 2025, the ‘Jiankang Xiaomei’ intelligent chief examiner application has been launched in 109 physical examination centers
• Processing Capacity
  : Has reviewed and generated over 390,000 physical examination reports
• Accuracy Performance
  :
  • Problem classification accuracy rate reaches
    99.8%
  • Conclusion merging accuracy rate reaches
    93.9%
  • Chief examiner recommendation accuracy rate reaches
    92.9%

This AI application has significantly improved the daily processing capacity of chief examiners, realizing the transformation from traditional manual review to intelligent auxiliary review. Although the specific data of “0.7 minutes” was not found, from the perspective of review efficiency and accuracy, AI technology has indeed significantly shortened the time required for report generation and review [1][2].

The application of AI in physical examination report review brings multiple values:

• Efficiency Improvement
  : Automated processing significantly reduces manual review time
• Quality Assurance
  : High accuracy ensures that review quality is maintained or improved
• Standardization
  : Reduces report differences caused by human factors
• Traceability
  : AI-assisted review processes are easier for quality control and traceability

The compliant use of medical data is based on a multi-level legal framework:

As sensitive personal information, the compliant use of medical data is strictly regulated. Article 28 of the Personal Information Protection Law clearly stipulates that medical and health information is sensitive personal information, “if leaked or illegally used, it may easily lead to infringement of the natural person’s personal dignity or harm to personal or property safety” [3][4].

According to the Data Security Law and Information Security Technology - Security Guide for Health Care Data, medical data is managed under a three-level classification system:

This classification and hierarchical management ensures that data of different sensitivity levels receive corresponding levels of protection measures [5].

According to relevant provisions of the Personal Information Protection Law, medical data processing must meet the requirements of informed consent:

• General Notification Obligation
  : Notify the purpose, method, scope, and possible impacts of processing
• Special Notification for Sensitive Information
  : Clarify the necessity of processing sensitive personal information and its impact on personal rights and interests
• Separate Consent
  : Processing sensitive personal information requires separate consent from the individual
• Dynamic Authorization Mechanism
  : Support users to withdraw authorization at any time, stop using and delete the data within 15 days [3][5]

Data collection and processing should follow the “minimal necessity” principle:

• Only collect information strictly necessary to achieve specific purposes
• Adopt methods that have the least impact on personal rights and interests
• Restrict the use and sharing of data to the necessary scope
• Prohibit collection and use beyond the scope [3][6]

Data processing must strictly distinguish between “de-identification” and “anonymization”:

• Delete direct identifiers (name, ID card number, etc.)
• Obfuscate indirect identifiers (e.g., age grouping)
• Store the corresponding relationship table separately (encrypted storage, access restricted)
• Prohibit providing original data to third parties
• Conduct identifiability testing every quarter [5]

• Completely delete all identifiers
• Use technical verification such as “k-anonymization” and “differential privacy”
• Obtain an Anonymization Compliance Report from a third-party institution
• Dynamically maintain to respond to external data updates [5]

Compliance Key Points:

• Follow the principles of legality, legitimacy, and necessity
• Clearly indicate the purpose and scope of collection
• Obtain consent from the collected individual
• Prohibit acquisition through illegal means such as fraud or deception [6]

Technical Measure Requirements:

• Static Encryption
  : Use high-strength algorithms such as AES-256
• Access Control
  : Role-based permission management, principle of least privilege
• Network Isolation
  : Virtual private cloud completely isolated from the public network
• Audit Logs
  : Retention period of no less than 5 years [6]

• Fully anonymized data: No separate authorization required, but data source must be indicated and the Anonymization Compliance Report must be retained
• De-identified data: Special authorization required, training conducted in a trusted data space
• Third-party institutions must sign a confidentiality agreement and submit usage reports regularly [5]

• Follow the “auxiliary” principle, label the interface with “Recommendations are for reference only”
• Doctors conduct manual review and record
• Evaluate accuracy every six months (suspend use if misdiagnosis rate exceeds 5%)
• Update data regularly and conduct compliance reviews [5]

Medical data transactions must meet the following requirements:

• Obtain re-authorization from patients (clarify scenario-specific uses)
• Obtain authorization from medical institutions/health departments
• Public data requires obtaining the Qualification Certificate for Authorized Operation of Public Data
• Priority on on-exchange transactions (data exchange) to ensure full-process traceability [5]

In the development and use of AI medical software:

• Data collection must comply with the requirements of the Personal Information Protection Law and Data Security Law
• Must be reviewed and approved by the medical institution’s ethics committee
• Sign a Data Use Agreement (DUA) to clarify data ownership, scope of use, security responsibilities, and destruction process [6]

• AI-assisted diagnosis systems must clearly define their “auxiliary” positioning
• Prescriptions must be issued by the attending physician themselves;
  automatic generation of prescriptions using artificial intelligence or other means is strictly prohibited
• Medical personnel must independently review suggestions output by AI and conduct manual verification [6]

Special attention must be paid to:

• Different countries and regions have different regulations on cross-border flow of sensitive data
• Some regulations (such as the U.S. Implementation Rule 14117) also govern desensitized sensitive personal data
• A compliance project must be established and a written record policy formulated [7]

As a leader in the physical examination industry, Meinian Health’s practice of including data assets in financial statements is exemplary:

• Develop AI agents using massive health examination data
• Achieve the leap from health examination to inclusive health management
• Unlock data value on the premise of compliance [1]

From Meinian Health’s practices, medical AI applications need to focus on the following:

• Compliance of Data Collection
  : Ensure informed consent from physical examination customers
• Standardization of Data Processing
  : Implement effective desensitization and classification hierarchical management
• AI Training Boundaries
  : Clarify the authorized scope and usage restrictions of training data
• Application Security
  : Ensure the accuracy and security of AI-assisted diagnosis
• Privacy Protection
  : Protect customers’ personal health information throughout the entire process

The development of medical AI needs to strike a balance between innovation value and compliance protection:

• Compliance is a prerequisite; efficiency improvement cannot be achieved at the expense of privacy protection
• Efficiency improvement (such as shortened review time) should be based on compliance
• Technological innovation needs to be advanced in sync with institutional innovation
• Establish a trusted data space to achieve “data available but invisible”

1. Equal Emphasis on Efficiency Improvement and Compliance
   : The improvement of Meinian Health’s AI report review efficiency (reviewing 390,000 reports with an accuracy rate of over 90%) reflects the application value of AI technology in the medical field, but this efficiency improvement must be based on strict compliance.

2. Increasingly Improved Legal Framework
   : The Personal Information Protection Law, Data Security Law, etc., constitute the basic framework for medical data compliance, and principles such as classification hierarchical management, informed consent, minimal necessity, and desensitization processing provide clear guidance for AI applications.

3. Increasingly Mature Technical Means
   : Technical means such as de-identification, anonymization, and trusted data spaces provide technical support for the compliant use of medical data.

4. Dynamically Evolving Compliance Requirements
   : With the development of AI technology, compliance requirements are constantly updated, and the importance of AI governance frameworks such as ISO 42001 is increasingly prominent.

The definition of boundaries for compliant use of medical data is a dynamic evolutionary process that requires collaborative promotion by technology, institutional, and ethical parties. While protecting personal privacy rights, it is necessary to fully leverage the value of medical data to promote the healthy development of the AI medical industry.

[1] Southwest Securities Research Report - Meinian Health (002044): Deeply Engaged in AI Health Management to Strengthen Preventive Medicine Barriers, Leading Advantages in the Physical Examination Industry (https://pdf.dfcfw.com/pdf/H3_AP202506191693758706_1.pdf)

[2] Pharmcube ByDrug - Meinian Health (002044): Deeply Engaged in AI Health Management to Strengthen Preventive Medicine Barriers (https://bydrug.pharmcube.com/news/detail/32488bf46fb3b43841b8dc0efb3eb8ae)

[3] King & Wood Mallesons - Research on Legal Issues Related to AI Native Applications: AI+Healthcare (https://www.kwm.com/cn/zh/insights/latest-thinking/ai-application-legal-issues-in-ai-plus-health-and-medical-treatment.html)

[4] Kangda Law Firm - Case-Based Analysis of Data Compliance and Personal Information Protection in Medical Institution Scenarios (https://www.kangdalawyers.com/newsdetail_2178.html)

[5] Compliance Management of Medical Data Assets and Personal Information Protection (https://imatrixlaw.com/newsdetail?id=292)

[6] Product School - Security and Compliance of AI Medical Data (https://www.woshipm.com/ai/6283687.html)

[7] Fangda Partners - Analysis of the Implementation Rules of the “New U.S. Rules Restricting Cross-Border Data Flow” (https://www.fangdalaw.com/content/details32_8735.html)