Article 1The purpose of this Act is to facilitate advanced research and development and the creation of new industry-centered activities in health and medicine (meaning advanced research and development and the creation of new industry-centered activities in health and medicine as prescribed in Article 1 of the Health and Medical Strategy Advancement Act (Act No. 48 of 2014); the same applies in Article 3) by making provisions for anonymized medical data that are meant to contribute to research and development in the medical field, regarding things such as the responsibilities of the State, the formulation of a basic policy, the certification of persons in the business of producing anonymized medical data, and regulations on the handling of medical and related information and anonymized medical data; and thereby to contribute to the formation of a healthy and long-lived society (meaning a healthy and long-lived society as prescribed in Article 1 of that Act).

Article 2(1)The term "medical information" as used in this Act means information regarding the medical history of a specific individual or the mental or physical condition thereof; which constitutes information concerning an individual that includes a description or account (meaning all particulars (excluding an individual identification code (meaning an individual identification code as prescribed in Article 2, paragraph 2 of the Act on the Protection of Personal Information (Act No. 57 of 2003); the same applies hereinafter)) that have been stated or recorded or expressed using voice, movement, or any other means in a written document, drawing, or electronic or magnetic record (meaning a record that is created in electronic or magnetic form (meaning electronic form, magnetic form, or any other form that cannot be perceived with the human senses); the same applies hereinafter); the same applies hereinafter) specified by Cabinet Order as something whose handling requires particular consideration so that the individual or descendants thereof are not subjected to undue differentiation, prejudice, or any other disadvantage based on that mental or physical condition; and which falls under one of the following items:

(2)The term "principal" as used in relation to medical information in this Act means the specific individual that the relevant medical information is used to identify.

(3)The term "anonymized medical data" as used in this Act means data concerning an individual that result when the relevant person takes a measure that one of the following items specifies for the category of medical information set forth in that item to process medical information in such a way that the specific individual cannot be identified, and that the relevant person has prepared in such a way that the medical information cannot be restored:

(4)The term "the business of producing anonymized medical data" as used in this Act means the business of organizing medical information and processing it to produce anonymized medical data (limited to data that make up a database or similar collection of anonymized medical data (meaning a collection of information containing anonymized medical data which has been systematically organized so as to enable a person to search for specific anonymized medical data using a computer or which is specified by Cabinet Order as having been systematically organized so as to enable a person to readily search for specific anonymized medical data; the same applies in Article 18, paragraph (3)); the same applies hereinafter), so as to contribute to research and development in the medical field.

(5)The term "enterprise handling medical information" as used in this Act means a person that has a collection of information containing medical information which has been systematically organized so as to enable a person to search for specific medical information using a computer or which is specified by Cabinet Order as having been systematically organized so as to enable a person to readily search for specific medical information (referred to as a "database or similar collection of medical information" in Article 44) for use in its business.

Article 3The State has the responsibility to implement the necessary initiatives for anonymized medical data that are meant to contribute to research and development in the medical field as a part of the initiatives for advanced research and development and the creation of new industry-centered activities in health and medicine.

Article 30(1)If an enterprise handling medical information has decided that it will stop providing medical information that identifies the principal to certified producers of anonymized medical data upon receipt of a request, pursuant to Order of the competent ministries, from the principal or a surviving family member thereof (meaning a deceased principal's child, grandchild, or other person specified by Cabinet Order; the same applies hereinafter) regarding medical information that is provided to certified producers of anonymized medical data, but the enterprise handling medical information notifies the principal of the following particulars as well as filing a notification regarding them with the competent ministers in advance pursuant to Order of the competent ministries, it may provide that medical information to a certified producer of anonymized medical data:

(2)Before changing a particular as set forth in item (ii), (iii), or (v) of the preceding paragraph, an enterprise handling medical information must notify the principal of the substance of the change and file a notification of this with the competent ministers, in advance and pursuant to the provisions of Order of the competent ministries.

(3)When a notification under paragraph (1) has been filed, the competent ministers must issue a public announcement of the particulars to which the notification pertains pursuant to the provisions of Order of the competent ministries. The same applies when a notification under the preceding paragraph has been filed.

Article 31(1)Having been requested by a principal or a surviving family member thereof that has been notified as under the preceding Article, paragraph (1) to stop providing certified producers of anonymized medical data with medical information that identifies the principal, an enterprise handling medical information must deliver a document indicating that the request has been made and giving other particulars specified by Order of the competent ministries to the person making the request without delay, pursuant to the provisions of Order of the competent ministries.

(2)In lieu of delivering a document as under the provisions of the preceding paragraph, an enterprise handling medical information may provide an electronic or magnetic record giving the particulars that are required to be stated in that document after having first obtained the consent of the person that has made the request prescribed in that paragraph. In such a case, the enterprise handling medical information is deemed to have delivered the document as under that paragraph.

(3)An enterprise handling medical information that has delivered a document as under the provisions of paragraph (1) or that has provided an electronic or magnetic record pursuant to the provisions of the preceding paragraph must preserve a copy of the document or the electronic or magnetic record pursuant to the provisions of Order of the competent ministries.

Article 32(1)Having provided medical information to a certified producer of anonymized medical data pursuant to the provisions of Article 30, paragraph (1), an enterprise handling medical information must create a record of the date on which it provided the medical information, the name and address of the certified producer of anonymized medical data, and other particulars specified by Order of the competent ministries, pursuant to the provisions of Order of the competent ministries.

(2)An enterprise handling medical information must preserve the record referred to in the preceding paragraph for the period specified by Order of the competent ministries after the date on which it has created that record.

Article 33(1)At the time it receives medical information from an enterprise handling medical information pursuant to the provisions of Article 30, paragraph (1), a certified producer of anonymized medical data must confirm the following particulars pursuant to the provisions of Order of the competent ministries:

(2)When a certified producer of anonymized medical data undertakes a confirmation as under the provisions of the preceding paragraph, the enterprise handling medical information referred to in that paragraph must not deceive that certified producer of anonymized medical data regarding a particular subject to the confirmation.

(3)Having undertaken a confirmation under the provisions of paragraph (1), a certified producer of anonymized medical data must create a record of the date on which it was provided with the medical information, the particulars subject to that confirmation, and other particulars specified by Order of the competent ministries, pursuant to the provisions of Order of the competent ministries.

(4)A certified producer of anonymized medical data must preserve the record referred to in the preceding paragraph for the period specified by Order of the competent ministries after the date of producing the record.

Article 34Unless it is based on laws and regulations, a certified producer of anonymized medical data must not be provided with the following medical information by an enterprise handling medical information:

Article 35(1)To the extent necessary for the enforcement of this Act, the competent ministers may require a certified producer of anonymized medical data or enterprise certified for entrustment with handling medical and related information and anonymized medical data (excluding those that are foreign handlers) or an enterprise handling anonymized medical data or enterprise handling medical information to report the necessary information, and may have the relevant officials enter its office or any other place of business, inspect its books, documents, or other items, and ask persons concerned questions.

(2)An official who performs an on-site inspection under the preceding paragraph must carry identification and present it if requested by a person concerned.

(3)The authority for an on-site inspection under paragraph (1) must not be construed as being granted for criminal investigation purposes.

(4)Before requiring a report or conducting an on-site inspection under paragraph (1), the competent ministers must first consult with the Personal Information Protection Commission.

Article 36The competent ministers are to provide a certified producer of anonymized medical data or an enterprise certified for entrustment with handling medical and related information and anonymized medical data with the necessary guidance and advice to properly carry out the business to which the certification referred to in Article 8, paragraph (1) or Article 28 pertains.

Article 37(1)Upon finding that a certified producer of anonymized medical data (excluding a foreign handler) is in violation of the provisions of Article 17, paragraph (1), Article 18, paragraph (1) or (2), Articles 19 through 21, Article 23, paragraph (1), Article 24, Article 25, paragraph (1), Article 26, paragraph (1), Article 27, Article 33 (excluding paragraph (2)), or Article 34, the competent ministers may order the person to take the necessary measures to rectify the violation.

(2)Upon finding that an enterprise certified for entrustment with handling medical and related information and anonymized medical data (excluding a foreign handler) is in violation of the provisions of Article 23, paragraph (2), or the provisions of Article 17, paragraph (1), Article 18, paragraph (1) or (2), Articles 19 through 21, Article 24, Article 26, paragraph (1) or Article 27, as applied mutatis mutandis pursuant to Article 29, the competent ministers may order the person to take the necessary measures to rectify the violation.

(3)The provisions of the preceding two paragraphs apply mutatis mutandis to certified producers of anonymized medical data and enterprises certified for entrustment with handling medical and related information and anonymized medical data (limited to those that are foreign handlers). In such a case, the term "order" in these provisions is deemed to be replaced with "request".

(4)Upon finding that an enterprise handling anonymized medical data is in violation of the provisions of Article 18, paragraph (3), the competent ministers may order the person to take the necessary measures to rectify the violation.

(5)Upon finding that an enterprise handling medical information is in violation of the provisions of Article 30, paragraph (1) or (2), Article 31, paragraph (1) or (3), or Article 32, the competent ministers may order the person to take the necessary measures to rectify the violation.

(6)Before giving an order under paragraph (1), (2), (4) or the preceding paragraph, or making a request under paragraph (1) or (2), as applied mutatis mutandis pursuant to paragraph (3) following a deemed replacement of terms, the competent ministers must first consult with the Personal Information Protection Commission.

Article 38In enforcing this Act, the competent ministers, the Personal Information Protection Commission, and the Minister for Internal Affairs and Communications must closely communicate and cooperate with one another about particulars that concern the proper handling of medical and related information and anonymized medical data.

Article 39(1)The competent ministers as referred to in this Act are the Prime Minister; the Minister of Education, Culture, Sports, Science and Technology; the Minister of Health, Labour and Welfare; and the Minister of Economy Trade and Industry.

(2)Order of the competent ministries as referred to in this Act means the order issued by the competent ministers.

(3)Before establishing or altering the Order of the competent ministries, the competent ministers must first consult with the Personal Information Protection Commission.

Article 40The head of a local government may handle an administrative function that is part of the authority of the competent ministers prescribed in Article 35, paragraph (1) (limited to administrative functions concerning enterprises handling medical information handling), pursuant to the provisions of Cabinet Order.

Article 41Part of the authority of the competent ministers prescribed in this Act may be delegated to the head of a local branch bureau, pursuant to the provisions of Cabinet Order.

Article 42Beyond what is provided for in this Act, Order of the competent ministries prescribes procedures for implementing this Act and other necessary particulars connected with the entry into effect of this Act.

Article 43When an order is enacted, amended, or repealed based on the provisions of this Act, that order may provide for the required transitional measures (including those concerning penal provisions) to the extent considered reasonably necessary in association with the enactment, amendment, or repeal.

Article 44If a person who is or was an officer or worker of a certified producer of anonymized medical data or an enterprise certified for entrustment with handling medical and related information and anonymized medical data has provided, without a legitimate grounds, a database or similar collection of medical information (including all or part of a reproduced or processed database or similar collection of medical information) containing any confidential information about an individual that the person has handled in the course of duties for doing so, that person is subject to imprisonment for not more than two years, a fine of not more than one million yen, or both.

Article 45If a person as prescribed in the preceding Article has provided a person with or misappropriated medical and related information or anonymized medical data that the person has acquired in the course of duties for the purpose of that person's own or a third party's unlawful benefit, that person is subject to imprisonment for not more than one year, a fine of not more than one million yen, or both.

Article 46A person falling under any of the following items is subject to imprisonment for not more than one year, a fine of not more than five hundred thousand yen, or both:

Article 47A person falling under one of the following items is subject to a fine of mot more than five hundred thousand yen:

Article 48Provisions on the crimes referred to in Article 44, Article 45, Article 46 (limited to the part pertaining to items (iii) and (v) (limited to the part pertaining to Article 37, paragraph (1) (excluding the part pertaining to Article 33, paragraphs (1), (3) and (4), and Article 34) and paragraph (2))) and the preceding Article (limited to the part pertaining to item (ii)) also apply to a person committing a crime as referred to in one of those Articles outside Japan.

Article 49(1)If the representative of a corporation (including an organization that is not a corporation but that has specified a representative or administrator; hereinafter the same applies in this paragraph), or the agent, employee, or other worker of a corporation or individual commits a violation referred to in Articles 44 through 47 in connection with the business of the corporation or individual, in addition to the offender being subject to punishment, the corporation or individual is subject to the fine referred to in the relevant Article.

(2)If the provisions of the preceding paragraph apply to an organization that is not a corporation, its representative or administrator represents the organization that is not a corporation as regards its procedural act, and the provisions of laws on criminal proceedings in which a corporation is the accused or a suspect apply mutatis mutandis.

Article 50A person falling under one of the following items is subject to a civil fine of not more than 100,000 yen: