Governance Mechanisms and Data Protection in Smart-Healthcare Data: An Institutional Analysis
DOI:
https://doi.org/10.71222/03dxss72Keywords:
smart healthcare, data governance, institutional theory, GDPR, HIPAA, PIPLAbstract
The rapid expansion of smart-healthcare systems, integrating electronic health records, IoT devices, and AI-driven platforms, has created unprecedented opportunities for personalized medicine and predictive analytics. However, this evolution also intensifies concerns regarding privacy, accountability, and regulatory fragmentation. Existing studies largely emphasize either technical safeguards or compliance with legal frameworks, leaving the institutional dynamics of governance underexplored. To address this gap, the present study employs an institutional analysis, focusing on coercive, normative, and mimetic pressures that shape organizational responses. A qualitative comparative case study approach is applied across three regulatory contexts: the European Union's GDPR, the United States' HIPAA, and China's PIPL. Document analysis and historical interpretation reveal that while GDPR enforces strong rights-based protection, HIPAA balances legal mandates with professional ethics, and PIPL combines state authority with organizational imitation. Findings highlight the trade-offs between innovation and protection and demonstrate the emergence of hybrid governance practices that integrate legal, ethical, and imitative mechanisms. This research advances academic debates by bridging institutional theory with digital health governance and offers practical insights for policymakers, healthcare providers, and technology developers seeking adaptive and interoperable frameworks.
References
1. K. T. Putra, A. Z. Arrayyan, N. Hayati, C. Damarjati, A. Bakar, and H. C. Chen, "A review on the application of internet of medical things in wearable personal health monitoring: A cloud-edge artificial intelligence approach," IEEE Access, vol. 12, pp. 21437-21452, 2024.
2. T. K. Alhasan, "Managing legal risks in health information exchanges: A comprehensive approach to privacy, consent, and liability," Journal of Healthcare Risk Management, vol. 44, no. 4, pp. 12-24, 2025. doi: 10.1002/jhrm.70002
3. J. Babikian, "Securing Rights: Legal Frameworks for Privacy and Data Protection in the Digital Era," Law Research Journal, vol. 1, no. 2, pp. 91-101, 2023.
4. S. S. Bharti, and S. K. Aryal, "The right to privacy and an implication of the EU General Data Protection Regulation (GDPR) in Europe: Challenges to the companies," Journal of Contemporary European Studies, vol. 31, no. 4, pp. 1391-1402, 2023. doi: 10.1080/14782804.2022.2130193
5. P. Edemekong, P. Annamaraju, M. Afzal, and M. Haydel, "Health insurance portability and accountability act (HIPAA) compliance," StatPearls, 2024.
6. T. Beridze, and G. Lomidze, "The Strategic Application of Data Analytics in Developing Smarter Healthcare Systems: Enhancing Diagnostic Precision and Personalized Treatment Pathways," International Journal of Advanced Computational Methodologies and Emerging Technologies, vol. 15, no. 5, pp. 1-10, 2025.
7. G. Mishra, "A comprehensive review of smart healthcare systems: Architecture, applications, challenges, and future directions," International Journal of Innovative Research in Technology and Science, vol. 12, no. 2, pp. 210-218, 2024.
8. D. Patterson, "Human Rights-based Approaches and the Right to Health: A Systematic Literature Review," Journal of Human Rights Practice, vol. 16, no. 2, pp. 603-623, 2024. doi: 10.1093/jhuman/huad063
9. R. Guo, "Governing Through Participation: A Case Study of China's State-Led Data Economy," Available at SSRN 5376419, 2025. doi: 10.2139/ssrn.5376419
10. A. Housawi, and M. D. Lytras, "Data governance in healthcare organizations," In Next Generation eHealth, 2025, pp. 13-32. doi: 10.1016/b978-0-443-13619-1.00002-7
11. M. Cosa, "How Institutional Pressures Drive Learning and Memory in Organizations," In Impacts of Innovation and Cognition in Management, 2025, pp. 231-262. doi: 10.4018/979-8-3693-5777-4.ch010
12. A. M. Esteves, "A Code of Ethics for the social performance profession," The Extractive Industries and Society, vol. 20, p. 101573, 2024. doi: 10.1016/j.exis.2024.101573
13. J. Sarabdeen, and M. M. Mohamed Ishak, "A comparative analysis: health data protection laws in Malaysia, Saudi Arabia and EU General Data Protection Regulation (GDPR)," International Journal of Law and Management, vol. 67, no. 1, pp. 99-119, 2025. doi: 10.1108/ijlma-01-2024-0025
14. K. K. Maguluri, V. K. A. T. Ganti, and T. N. Subhash, "Advancing Patient Privacy in the Era of Artificial Intelligence: A Deep Learning Approach to Ensuring Compliance with HIPAA and Addressing Ethical Challenges in Healthcare Data Security," International Journal of Medical Toxicology & Legal Medicine, vol. 27, no. 5, 2024.
15. B. Verri, "The Chinese frontiers of data protection: the personal information protection law (PIPL)," In Quo Vadis, Sovereignty? New Conceptual and Regulatory Boundaries in the Age of Digital China, 2023, pp. 181-197. doi: 10.1007/978-3-031-41566-1_11
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Zhangzhi Yang (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
