Digital Healthcare 2025 Comparisons

Digital health encompasses a range of technologies that apply computing, connectivity, and data analytics to health and medicine. In South Korea these include artificial intelligence (AI) tools, remote consultation (telemedicine/telehealth), mobile health (mHealth) apps, electronic health record (EHR) systems, remote patient monitoring (RPM) devices, and evidence-based software therapies (digital therapeutics, DTx).

Telemedicine/Telehealth

Telemedicine refers to the delivery of clinical healthcare services remotely, typically via video or audio call between a patient and a licensed physician. Telehealth is a broader term that includes telemedicine (remote consultations) as well as non-clinical remote services such as patient education, public health monitoring, and administrative functions (see the International Trade Administration website).

In practice, telemedicine is a subset of telehealth. Telemedicine involves diagnosis, treatment or prescription by phone/video. Telehealth could also include remote health education, data collection, or provider-to-provider consultations without a patient. From a legal perspective, telemedicine would be subject to stricter rules as it is subject to medical licensure and privacy rules.

Mobile Health (mHealth)

Mobile health (mHealth) refers to healthcare and health information services delivered through mobile devices such as smartphones, tablets, and wearables. This includes health and wellness apps, mobile-compatible patient portals, and SMS reminders.

mHealth focuses on patient engagement via personal devices. mHealth differs from telemedicine because it does not require live consultations; it can enable self monitoring, patient education, behaviour change, and data gathering on-the-go. For example, a blood-glucose tracking app or a medication adherence reminder are mHealth tools, even if the patient never directly interacts with a healthcare provider. Also, mHealth may provide only informational or supportive services (like exercise coaching) without diagnosis or prescription, distinguishing it from regulated telemedicine or AI diagnostics.

Electronic Health Records (EHR)

Electronic Health Records (EHRs) are digital systems for storing and managing patient health information (medical history, diagnoses, medications, test results, etc) in a structured format.

EHRs/EMRs (Electronic Medical Records) are typically used internally by hospitals and clinics to replace paper charts. They support data access by doctors and may feed information into HIE (Health Information Exchange) networks. By themselves they do not provide care or monitoring; they underpin other digital services. Unlike mHealth or telemedicine, EHRs are facility-based tools.

Remote Patient Monitoring (RPM)

Remote Patient Monitoring involves using digital sensors and devices to track patients’ health data (heart rate, blood pressure, glucose level, activity, etc) outside of a clinical setting, and transmitting that data to healthcare providers.

RPM differs from telemedicine as it focuses on continuous or periodic monitoring rather than a direct consultation. It is also distinguished from mHealth in that RPM devices are often subject to medical accuracy requirements and clinical oversight. RPM devices collect objective health metrics and usually require regulatory clearance if intended for diagnosis.

Digital Therapeutics (DTx)

Digital therapeutics are evidence-based therapeutic interventions delivered via software (usually mobile or web apps) to prevent, manage or treat medical conditions. They often require clinical trials and regulatory approval similar to medical devices or drugs.

DTx are a subset of mHealth that function as treatment modalities. Unlike EHRs or telemedicine which support care delivery, DTx are the treatment (eg, a cognitive behavioural app for insomnia). and therefore prove efficacy through trials and are integrated with the healthcare system (prescription or physician oversight). In South Korea, DTx are regulated as software medical devices (SaMDs), which is regulated as digital medical devices under the newly legislated Digital Medical Products Act (DMPA).

AI-Based Healthcare

AI-based healthcare uses algorithms (machine learning, deep learning, etc) to analyse medical data and support healthcare tasks – from image interpretation and diagnosis to risk prediction and personalised treatment. Unlike the other types of digital healthcare technologies mentioned above, which are defined by the use case or platform, AI-based healthcare refers to the technology layer embedded in many applications.

AI solutions perform data-driven analysis or decision support; they may be integrated into telemedicine platforms, mobile apps, or monitoring devices, but what makes them “AI-based” is the use of advanced analytics. AI models are typically classified as “digital medical devices” under the DMPA when they provide clinical decision support, which require regulatory approval from the Ministry of Food and Drug Safety (MFDS).

In light of South Korea’s rapidly aging society and rising healthcare costs, digital technologies are increasingly viewed as essential tools for improving chronic disease management, expanding access to care, and controlling national health expenditures. Bolstered by strong government initiatives, advanced IT infrastructure, and a tech-savvy population, a diverse range of digital health solutions is being actively implemented in both clinical settings and everyday healthcare practices.

Telemedicine

South Korea’s policy on telemedicine has been conservative. The Medical Service Act historically banned most doctor-to-patient teleconsultations, only allowing teleconsultation between medical professionals (for second opinions). However, temporary measures during the COVID-19 pandemic (2020–22) and an emergency doctors’ strike (from 2023 to first five months of 2025) prompted the government to ease regulations.

See 2.5 Issue-Specific Legal Framework.

Mobile Health

mHealth adoption is very high in South Korea, with a smartphone penetration rate exceeding 90%. Consumers routinely use apps for exercise, diet tracking, sleep, and chronic disease management. The government and insurers are also promoting mHealth. For instance, South Korea’s National Health Information Portal and the “My HealthWay” system allow patients to download health records to a mobile app.

The MOHW and the National Health Insurance Service (NHIS) have funded pilots of mobile interventions, such as smoking cessation and diabetes coaching apps. Hospitals often prescribe mobile apps to patients; some clinics direct diabetic patients to use CGM-linked smartphone apps. The mHealth market is projected to grow at a CAGR of 20% from 2025 to 2033, driven by the ageing population and demand for remote care.

Electronic Health Records

Adoption of EHR systems is nearly universal in South Korean healthcare. A 2015 survey found 100% of tertiary hospitals and 99% of general hospitals had an EMR system, along with 95.4% of smaller hospitals and 91.9% of clinics (see the National Library of Medicine website). These rates have only increased since then. Hospitals use commercial EHR platforms or in-house software to document patient care.

The government runs an EMR certification programme to ensure baseline functionality and interoperability, facilitating data sharing among healthcare organisations. Clinics often use EHRs linked to the national insurance claims system for billing.

South Korea is also building a nationwide health data exchange. The My HealthWay platform, launched in late 2020, allows patients to view and download their health records consolidated from multiple hospitals. As of September 2023, My HealthWay connects 860 medical institutions (including nine tertiary hospitals, 13 general hospitals, and 838 smaller clinics), providing access to 113 types of health data (see the National Library of Medicine website). By 2025, the platform is expected to link records for over eight million patients.

Another national data system is the Health Insurance Review and Assessment Service (HIRA)/NHIS claims database, which contains de-identified records for nearly all South Koreans and is widely used for reimbursement and research.

Remote Patient Monitoring

RPM is a growing area in South Korea, especially for chronic diseases and elderly care. The government and insurers have a chronic care pilot programme where nurses monitor, remotely, patients’ blood pressure and glucose. Smart wearable devices (like blood pressure cuffs or glucose meters) are frequently used by patients, with remote transmission to clinics.

The COVID-19 experience also spurred the use of at-home monitoring, such as patients uploading pulse oximeter readings via apps. South Korean cities have experimented with IoT monitoring for seniors: Seoul’s “Untact Care” program (since 2020) installs motion and safety sensors in vulnerable elderly homes, with incidents like falls triggering alerts. Similar projects in Jeju Island and rural areas use IoT bracelets or mats to monitor daily health indicators.

Diabetic patients often use continuous glucose monitoring (CGM) systems, which are widely adopted in South Korea. Certain home ECG devices transmits patient ECGs to an AI engine for early heart attack detection (see Vuno’s website).

Digital Therapeutics

Since the MFDS has approved the first DTx under the existing medical device regulatory framework, the DTx market in South Korea has been growing. As of January 2025, five digital therapeutics have been approved by the MFDS.

With support for DTx increasing with the implementation of the DMPA, the MOHW is exploring reimbursement paths, but challenges persist regarding reimbursement, long-term patient adherence, and equitable access, especially for older adults and rural populations. As of late 2024, DTx adoption is highest among younger, urban individuals, and the overall market growth remains in its early stages (see the National Library of Medicine website).

AI-Based Healthcare

AI-powered diagnostic tools are already widely used. Leading South Korean companies have developed AI solutions for medical image analytics in major hospitals. AI is also used for drug discovery, optimising clinical trials, and enabling precision medicine by analysing genetic and molecular data.

The government is investing in data infrastructure, creating platforms to consolidate and share medical data for AI research and commercialisation. Initiatives like Dr. Answer 3.0 focus on post-treatment care and daily health management, with AI-powered services available via smartphones and wearables. The government is also establishing ethical guidelines and investing in workforce training to ensure responsible and effective AI deployment.

Digital healthcare is making significant impacts on the South Korean medical system, benefiting patients, healthcare providers, and the economic framework as well.

Improvement in Patient Experience and Outcomes

Enhanced convenience

The development of telemedicine and remote patient monitoring apps enables patients to receive necessary diagnoses and treatments without physically visiting hospitals. This is particularly beneficial for chronic patients and the elderly who have mobility challenges. Moreover, the automation of appointment scheduling, medication management, and insurance claims reduces administrative burdens and increases overall patient satisfaction.

Personalised prevention and treatment

By analysing patient data, digital healthcare can provide optimised treatment and preventive strategies tailored to each individual. Genomic testing and advanced health informatics contribute to proactive disease prevention and personalised treatment plans. Continuous health status monitoring through wearable devices or mobile applications also facilitates early detection and prevention of various health conditions, thereby significantly improving overall health outcomes.

Improved post-operative care

For patients recovering from chronic conditions, including cancer, maintaining a healthy diet and exercise regimen after surgery and treatment is crucial. Digital healthcare can play a significant role in this area by providing personalised diet and exercise programmes, which promote physical recovery, reduce the risk of recurrence, and ultimately enhance the overall quality of life for patients.

Improvement in Healthcare Workforce Practices

Clinical decision support

AI and big data analytics assist healthcare providers in formulating more accurate diagnoses and treatment plans. For instance, AI-based systems support cancer treatment planning and new drug development.

Increased work efficiency

Electronic Health Records (EHR) allow healthcare professionals to quickly access and share patient information, reducing consultation times and increasing work efficiency. Digital survey tools collect real-time feedback from patients, which is used to improve medical service quality.

Remote collaboration and education

App-based remote collaboration systems strengthen co-operation among health professionals, while digital platforms enable continuous education, helping medical staff keep up with the latest treatment methods and knowledge.

Impact on Medical Costs

Cost reduction

Telemedicine and remote monitoring reduce unnecessary hospital visits, saving on medical expenses. Automated insurance claim systems cut administrative costs and enhance processing speed.

Increased economic effectiveness

Focusing on preventive medicine and efficient data management, digital healthcare lowers healthcare expenditures in the long run, contributing to increased economic effectiveness within South Korea.

Currently, there is no official definition of “digital health” in South Korean law.

However, several digital health-related bills proposed in the National Assembly include definitions of the term. For instance, the proposed Bill on the Promotion of Digital Healthcare and the Facilitation of Healthcare Data Utilization (“Digital Healthcare Promotion Act”) defines “digital healthcare” as a series of activities and tools that contribute to improving public health by utilising intelligent information technology (as defined in Article 2, subparagraph 4 of the Framework Act on Intelligent Informatization) and healthcare information (subparagraph 5 of the same Article) for the prevention, diagnosis, treatment, health management, research and development, and post-treatment care of diseases.

In practice, the term digital health or digital healthcare is generally understood to refer to an industry or technology that integrates information and communication technology (ICT) into the healthcare sector to provide personalised medical or healthcare services tailored to individual health conditions and diseases.

Currently, there is no comprehensive legislation governing the digital healthcare sector, although several bills have been proposed in the National Assembly, including the Bill on the Digital Healthcare Promotion Act, the Bill on the Promotion and Support of the Digital Healthcare Industry, and the Bill on the Utilization of Digital Healthcare and Healthcare Data.

Yet, among the existing relevant laws, the newly minted DMPA represents the government’s major push to legislate a framework to regulate digital medical products. The legislation provides the following key provisions.

• It provides a definition for “digital medical products” as encompassing (i) digital medical devices, (ii) digital convergence drugs, and (iii) digital medical/health support devices. Among them, digital medical devices are defined as medical devices to which advanced technologies such as intelligent information technology, robotics technology, and information and communication technology are applied, and are used for the purpose of diagnosing and treating diseases.
• It tasks the MFDS as an agency responsible for establishing a comprehensive safety management plan and preparing security guidelines to counter new threats like electronic intrusion related to digital medical products.
• It requires that manufacturers or importers of digital medical products must obtain the necessary permits for their business and products from the MFDS, creating a new management system for manufacturers and importers based on product classification.

Since the implementation of the DMPA, the MFDS has issued a series of comprehensive sub-regulations designed to offer clearer guidance on the application of the law.

• Guidelines for Approval and Review of Generative AI Medical Devices (24 January 2025) – this provides guidelines for the approval and review of medical devices using generative artificial intelligence, presenting criteria to evaluate the clinical safety and effectiveness of AI-based medical devices.
• Regulations on Approval, Certification, Reporting, Review, and Evaluation of Digital Medical Products (15 April 2025) – this outlines the necessary procedures for approval, certification, reporting, review, and evaluation before digital medical products can be launched in the market. These processes aim to ensure the safety and efficacy of the products.
• Standards for Manufacturing and Quality Management of Digital Medical Devices (21 April 2025) – this specifies quality management and manufacturing standards for the production of digital medical devices. It is aimed at ensuring the quality of the final products, securing patient safety, and preventing defective products from entering the market.
• Regulations on Approval, Implementation, and Management of Clinical Trial Plans for Digital Medical Devices (24 April 2025) – these regulations define the procedures for planning, approving, conducting, and managing clinical trials of new digital medical devices. This is to verify the safety and efficacy of the devices based on reliable data.
• Regulations on the Classification and Designation of Grades for Digital Medical Products (27 April 2025) – this regulation focuses on classifying digital medical products according to safety and efficacy, and designating grades to ensure proper management and supervision. The level of management needed can vary based on the product’s risk level.
• Digital Medical Device Electronic Intrusion Security Guidelines (29 April 2025) – these guidelines provide security measures to prevent digital medical devices from being vulnerable to electronic intrusions. Data security for medical devices is crucial as it directly relates to the protection of patient information.
• Regulations on Standards for Good Management System Certification (as of the time of writing, the draft has been released but it has yet to be implemented) – this sets out the standards for certifying that manufacturers or service providers of digital medical devices have a good management system.

In addition, although not specific to digital healthcare, the following laws provide general frameworks for medical products and services that also apply to digital health.

• Medical Services Act (MSA) – it establishes a comprehensive regulatory framework for national healthcare. Regarding digital healthcare, it governs areas such as electronic medical records and pilot projects for telemedicine. Additionally, it governs innovative medical technologies and new medical technologies, providing detailed guidelines through subordinate regulations concerning the evaluation, implementation, and management of new medical technologies, as well as the processes and methods for designating innovative medical devices.
• Medical Devices Act (MDA) – it establishes a comprehensive regulatory framework necessary for the manufacture, import, and sale of medical devices. With the implementation of the DMPA, however, the regulation of digital medical products, such as SaMD, is now governed by the DMPA, while other conventional devices that fall outside the scope of the DMPA, including those that host the SaMD, are still regulated under the Medical Devices Act. See 2.5 Issue-Specific Legal Framework.
• In Vitro Diagnostic Medical Devices Act – it establishes a basic regulatory framework for the manufacture, import, and sale of in vitro medical devices. Products with digital technology applications, like in vitro diagnostic software, were previously regulated by this law but are governed by the DMPA.

Meanwhile, the collection, use and provision of personal health information may be subject to the Personal Information and Protection Act (PIPA), the MSA, and the Bioethics and Safety Act (BSA). While the PIPA is a general law governing the processing of personal information, the MSA takes precedence over the PIPA for patient records held by medical institutions, and the BSA takes precedence over the PIPA for research on human subjects including clinical trials. See more details in 2.5 Issue-Specific Legal Framework.

The trends of technological advancements are identified and reflected in legislation through the following research and investigations.

• National Assembly Research Service – the Health, Welfare, and Gender Equality Team of the National Assembly Research Service (NARS) consistently collects and researches information related to the health sector, including pharmaceuticals and medical devices. When necessary, they share their findings through research reports or internal reports. Additionally, to understand the latest technologies, market trends, and academic opinions, they may hold expert discussions or seminars, or commission research projects.

Furthermore, when lawmakers request information on trends in new technologies or foreign legislation to aid in lawmaking, the team conducts research and provides written responses to the respective offices. If needed, they may collaborate with the Science, Media, and Telecommunications Team within the NARS or consult a pool of pre-arranged external experts.

• Office of Expert Advisor of the Health and Welfare Committee – when a member of the National Assembly proposes a bill related to digital health, a legislative researcher from the Office of Expert Advisor of the Health and Welfare Committee conducts targeted research on the bill. If the legislative researcher finds it difficult to understand new technologies or requires supplementary information, they may seek advice from researchers at the NARS or external experts.
• National Assembly Futures Institute (a future strategy think tank affiliated with the National Assembly) – additionally, the Futures Industries Division within the Futures Institute can address the pharmaceutical and medical device sectors as part of their broader research on policies related to new technologies such as digital strategies and AI.

The DMPA does not provide specific technical standards and specifications for individual products or product groups. However, the DMPA mandates that manufacturers and importers of digital medical devices obtain approval or certification from the MFDS. Specifically, Article 24 empowers the MFDS to establish quality management standards for “digital medical device software” (see 2.5 Issue-Specific Legal Framework for a definition) in order to prevent accidents resulting from defects, errors, or malfunctions in digital medical device software in the absence of electronic intrusions. It also stipulates that manufacturers and importers must undergo a conformity assessment from the head of the MFDS to verify compliance with these standards.

Accordingly, on 21 April 2025, the MFDS released the “Standards for Manufacturing and Quality Management of Digital Medical Devices”, which sets forth quality management and manufacturing standards for the production of digital medical devices, including those involving digital medical device software.

• The subjects of examination for conformity assessment include digital medical device software (ie, standalone digital medical device software, and embedded digital medical device software) as well as medical device hardware, including export-only digital medical devices and clinical trial medical device hardware).
• Digital medical device software is divided into two categories based on the inclusion of artificial intelligence and machine learning (AI/ML) functionalities, with tailored review criteria applied accordingly.
• For medical device hardware, the existing “Standards for Manufacture and Quality Management of Medical Devices” or “Standards for Manufacture and Quality Management of In Vitro Diagnostic Medical Devices” are utilised. According to Article 5 of the DMPA, for matters not explicitly addressed within the act, the MDA applies mutatis mutandis.
• The standards aim to ensure the quality of final products, protect patient safety, and prevent defective products from entering the market.

Meanwhile, Article 45 of the DMPA authorises the MFDS to establish a Regulatory Support Center for Digital Medical Products. This Center is tasked with providing regulatory support for the safety and efficacy assessment of digital medical products and developing a standardised framework for information and communications technology used in digital medical products.

Software as a Medical Device (SaMD)

In the DMPA, SaMD is categorised as “digital medical device software”, which is defined as software that either constitutes part of a digital medical device or qualifies as a digital medical device in itself (Article 2). It is broadly classified into three following categories.

• Embedded digital medical device software – this is software installed on or wirelessly/wired connected to a digital medical device, used for the purpose of controlling or operating the device, storing data generated from it, or processing signals/images.
• Standalone digital medical device software – this independent form of software is not integrated with electronic or mechanical devices and functions in a general-purpose computing environment, qualifying as a digital medical device on its own.
• Accessory software – this software is used within a digital medical device system to assist, support, or enhance the intended use of a digital medical device.

Under the law, manufacturers and importers of SaMD must label or attach to the SaMD via optical or electronic methods (Article 22) such information as manufacturer/importer, registration number, a label indicating “digital medical device software”, customer support contact information, and for digital medical devices utilising AI technology, information on training data, expected performance range, and limitations.

However, the law includes transitional provisions allowing digital medical device software manufactured or imported within one year from the enforcement date of the Act to continue using required descriptions under the existing MDA or In Vitro Diagnostic Medical Devices Act.

Selfcare, wellness and fitness IT products, such as IoT and wearables

Wellness products are designed to enhance daily health and reduce the risks of chronic diseases, such as smartwatches that monitor heart rate, body temperature, blood pressure, etc. Traditionally, under the Medical Device Act (MDA), low-risk wellness products are not considered medical devices requiring marketing authorisation. As a result, they are regulated only under soft law, such as the administrative guidelines provided by the MFDS.

However, the recently established DMPA has expanded its regulatory framework to include wellness products under the category of “digital medical/health support devices”. These are defined as tools, machines, devices, software, or similar products that utilise digital technology to support medical care or maintain and improve health. Such devices are used to monitor, measure, collect, and analyse biometric signals or to record and analyse lifestyle habits, thereby providing health management information related to diet and exercise.

While the DMPA does not regulate digital medical/health support devices as digital medical devices under the DMPA, the act allows manufacturers or importers to voluntarily report and certify the performance of these products. While the certification is optional, if certified, they can use a performance certification mark on the packaging, containers, and promotional materials.

Cybersecurity and Data Protection

Cybersecurity

Data security for medical devices is crucial as it directly relates to the protection of patient information. Under Article 13 of the DMPA, manufacturers and importers of digital medical devices must proactively monitor and address vulnerabilities to electronic intrusion, such as hacking, computer viruses, logical or mail bombs, denial-of-service attacks, or high-powered electromagnetic waves that affect the safety, effectiveness, and performance of digital medical devices.

They must also establish and adhere to guidelines regarding physical and technical management systems to respond to electronic intrusion activities. Additionally, if necessary, the MFDS can take measures, such as providing technical support to digital medical device manufacturers, to prevent and contain the spread of electronic intrusion activities (Article 14).

For more specific guidance, the MFDS has adopted the Digital Medical Device Electronic Intrusion Security Guidelines, which provide security measures to prevent digital medical devices from being vulnerable to electronic intrusions, and establish global-level requirements, including:

• end-to-end encryption;
• real-time threat assessments;
• access control protocols; and
• secure communication channels.

Data/privacy protection

Meanwhile, South Korea’s regulation of privacy protection in digital healthcare spans several laws, each applicable depending on the context in which the data is collected or processed. Key laws include the PIPA, the Medical Service Act (MSA), and the Bioethics and Safety Act (BSA).

Personal Information Protection Act (PIPA)

PIPA is South Korea’s general privacy law and applies to all processing of personal information unless another specific law takes precedence. It defines personal information as any information related to a living individual that can identify that individual, either on its own or when combined with other data. Information that can no longer be used to identify an individual, even when combined with other information, is considered “anonymous information” and is not subject to the PIPA.

In general, the PIPA regime requires data processors to obtain consent from data subjects to collect, use and provide their personal information, but it requires additional separate consent to be obtained for the processing of sensitive information, such as health-related information, or for the transfer of information to a third party.

Pseudonymised information, on the other hand, refers to information that cannot identify a specific individual without the use of additional information. Such pseudonymised information is regulated by the PIPA, but unlike other personal information, it may be used for the purpose of compiling statistics, conducting scientific research and preserving records for the public interest, without the consent of the data subject, but it cannot be processed for the purpose of identifying a specific individual.

Accordingly, to promote utilisation of data, the PIPC and the MOHW have jointly published the Guidelines on Utilisation of Healthcare Data to explain the standards, methods and procedures for pseudonymising individual healthcare data. For example, in the case of image information such as endoscopy, X-ray and ultrasound, if identifiers (eg, patient number or name) are deleted or masked and the Digital Imaging and Communications in Medicine (DICOM) header is deleted from the metadata, such information may be considered pseudonymised. Further, in January 2024, the government released an updated version of the Guidelines that expands the scope of pseudonymised information. Unlike the previous Guidelines that only permitted pseudonymisation of structured data (data stored in standardised formats, such as spreadsheets), the updated Guidelines now provide methods to pseudonymise different types of unstructured data, such as genomic data. This means a wider range of data is now available for industrial research and analysis without the need for data subject consent.

Medical Services Act (MSA)

The MSA overrides PIPA when it comes to patient records held by medical institutions. The MSA strictly limits third-party access to medical records, typically requiring patient consent. However, if records are pseudonymised and no longer identifiable, the PIPA (not the MSA) governs their use – opening the door to broader use in digital health applications.

Bioethics and Safety Act (BSA)

The BSA governs research involving human subjects, including clinical trials. Researchers must obtain institutional review board (IRB) approval and written consent from participants to process or share their personal information. When transferring such data to third parties, researchers must either pseudonymise the data or obtain explicit consent.

Artificial Intelligence and Machine Learning

South Korea is actively establishing a comprehensive legal framework to govern the development and deployment of artificial intelligence (AI) and machine learning (ML), particularly in high-stakes sectors like healthcare. A major step is the enactment of the world’s second AI Act, effective 22 January 2025, which covers AI across all sectors, focusing on trustworthiness, ethics, and safety.

Like the EU’s AI Act, South Korea’s AI Act adopts a risk-based classification system. AI systems with direct implications for human life and safety – such as those integrated into medical devices – are designated as “high-risk” and must meet rigorous regulatory requirements for technical robustness, transparency, and compliance with ethical norms. The Act also addresses algorithmic bias, mandating both the government and AI developers to proactively prevent discrimination throughout the entire AI life cycle – from design and development to deployment. To support this, the government must adopt a national framework plan that includes a code of ethics and human rights safeguards.

In the medical device sector, the MFDS released “Guidelines for the Approval and Review of Generative AI Medical Devices” in January 2025. These guidelines cover devices using generative AI for tasks like diagnosis or treatment. Such devices need to meet strict approval criteria, including submitting technical descriptions, performance data, and clinical efficacy evidence as per the DMPA. However, devices that merely summarise or retrieve data without analytical capability do not fall under this category.

Meanwhile, PIPA could apply to the use of personal data to train AI and ML algorithms. Under PIPA, consent is required even for the use of publicly available data if it involves personal information. Data processors must be cautious not to inadvertently collect sensitive data, such as health records, unless they meet enhanced processing conditions. Importantly, the purpose limitation principle under PIPA mandates that personal data – including health information – must be used only for the purpose stated at the time of obtaining consent. If AI training extends beyond this purpose, data must be pseudonymised, and its use is then limited to research, statistics, or public interest archiving.

Lastly, reflecting a shift toward automated decision-making transparency, the amended PIPA introduces a new right for data subjects – similar to Article 22 of the EU’s GDPR – allowing individuals to refuse or demand an explanation of decisions made solely by automated systems that significantly affect them. However, unlike the GDPR (which generally prohibits such decisions unless exceptions apply), the PIPA permits automated decisions by default, subject to specific exceptions, signalling a more innovation-permissive stance.

Environmental, Social and Governance (ESG) Matters

Interest in ESG is growing in South Korea, and digital healthcare technologies hold significant potential to support ESG goals – for example, by improving healthcare access for seniors and people in remote areas. However, there are currently no regulations specifically addressing the ESG aspects of digital healthcare.

Telehealth

Telemedicine is generally prohibited under the MSA in South Korea. However, temporary exceptions were introduced during the COVID-19 pandemic to permit telemedicine for consultations and prescriptions, with coverage under the National Health Insurance (NHI). Initially, the government relied on existing laws – including the Framework Act on Public Health, the MSA, and the Infectious Diseases Prevention Act – to authorise these measures. In December 2020, Article 49(3) was added to the Infectious Diseases Prevention Act, establishing a more permanent legal basis for telemedicine during public health crises by allowing its use when the healthcare crisis level is designated as “severe”.

Following the pandemic, as the healthcare crisis level was downgraded to “alert”, these temporary permissions ended. However, growing public demand prompted the government to launch a limited telemedicine pilot on 1 June 2023. Under this pilot, clinic-level medical institutions were allowed to provide telemedicine services to returning patients who had previously received in-person care.

In February 2024, a national strike by hospital doctors – triggered by the government’s plan to increase medical school admissions by over 50% – led to the healthcare crisis level being elevated back to “severe”. This reinstated broader permissions for telemedicine, allowing all medical institutions, including hospital-level facilities, to offer non-face-to-face care to both returning and first-time patients, provided the attending doctor deemed it safe.

As a result, telemedicine platforms that had been at risk of shutting down after the pandemic were able to resume full operations and marketing efforts. In response to this renewed momentum, legislative efforts have begun to institutionalise telemedicine. In March and April 2025, the ruling People Power Party proposed an amendment to the MSA to formally legalise telemedicine, which is currently under discussion. Additionally, in April 2025, the Democratic Party of Korea identified the legalisation of “non-face-to-face remote medical services” as one of its top seven policy initiatives for small and medium-sized enterprises, raising further expectations for permanent regulatory reform.

Before the enactment of the DMPA, existing legal frameworks like the MDA failed to address the unique characteristics of digital healthcare, leading to significant regulatory gaps. In response to this challenge, the DMPA was enacted in January 2024, marking a substantial advancement in the regulation of digital healthcare.

The DMPA establishes a legal foundation for software-driven digital medical devices, allowing for comprehensive safety management throughout the entire product life cycle. This approach reflects the rapid technological changes that differentiate digital products from traditional medical devices. Additionally, the Act introduced cybersecurity guidelines to combat digital threats such as hacking and email attacks, thus reinforcing corporate accountability.

The legislation also implemented mechanisms for continuous safety evaluation tailored to digital medical devices and mandated the disclosure of training data used in AI-based products to enhance transparency. Despite these advancements, the DMPA does not address the utilisation of health data generated by digital medical devices. This omission is widely recognised as a critical regulatory gap that must be filled to support the growth of the digital health industry.

To address these issues, several legislative proposals have been introduced to facilitate the safe and effective use of medical data and to promote digital healthcare. For instance, the Bill for the Digital Healthcare Promotion Act, proposed in the National Assembly, includes the following key provisions.

• Promotion of healthcare data utilisation – the bill promotes data utilisation by acknowledging the right of individuals to request the transfer of their data to themselves or to third parties.
• Support for the digital healthcare industry – it aims to activate digital-based healthcare services by tasking the government to establish a comprehensive national policy on digital healthcare and providing systematic support for the development of the digital- and bio-health industries.
• Relation to existing healthcare legislation – the bill seeks to define the concepts of digital healthcare and healthcare information, as well as to establish its relationship with related laws in the healthcare sector, such as the MSA, the Pharmaceutical Affairs Act (PAA), and the Bioethics and Safety Act.

Ministry of Health and Welfare (MOHW)

The MOHW is a key stakeholder as the ministry in charge of:

• developing national healthcare policies;
• managing the fiscal sustainability of the National Health Insurance (NHI) system; and
• overseeing policy implementation.

The MOHW has issued guidelines such as the Guidelines on Non-Medical Healthcare Services (which provide guidelines on which healthcare services constitute medical services) and the Guidelines for the Use of Anonymised/Pseudonymised Medical Data, among others.

Health Insurance Review and Assessment Service (HIRA)

The HIRA reviews and assesses healthcare costs and healthcare service quality and supports NHI policies in determining medical fee schedules and drug prices. HIRA is responsible for developing guidelines that apply to the insurance reimbursement listing of digital medical services and devices.

National Health Insurance Service (NHIS)

For drugs determined to be reimbursable, the NHIS and pharmaceutical companies negotiate drug prices after HIRA evaluation. A key factor to be considered by the NHIS is the budget impact of the addition of a new drug.

Ministry of Food and Drug Safety (MFDS)

The MFDS reviews and approves pharmaceuticals and medical devices for safety, efficacy and quality, through technological review and inspection for their manufacturing and distribution. In February 2022, the MFDS established a Digital Healthcare Regulatory Support Division, which aims to manage the review and approval of digital medical devices.

National Evidence-Based Healthcare Collaboration Agency (NECA)

According to the MSA, NECA evaluates new medical technologies and innovative medical technologies, including software-based diagnostic and therapeutic devices, focusing on clinical safety and efficacy. It also supports the early market entry of innovative technologies through temporary permission of the use innovative medical technologies. NECA also facilitates early clinical implementation of digital medical devices by providing assistance for real-world validation projects and establishing the groundwork for health insurance registration.

Several other regulatory agencies are involved in digital healthcare including the following.

Ministry of Trade, Industry and Energy (MOTIE)

As the agency responsible for formulating and implementing industrial policy, MOTIE aims to nurture and develop new industries, including digital healthcare, through initiatives focused on technology development, fostering industrial ecosystems, and providing support to businesses.

Ministry of Science and ICT (MSIT)

The MSIT fosters scientific and technological advancement and innovation, supporting the digital healthcare industry through the application and development of advanced technologies like AI, biotechnology, and information and communication technology (ICT). Additionally, MSIT oversees national AI policy and enforces the AI Act, which took effect in January 2025.

Korea Communications Commission (KCC)

KCC enforces regulations on information and telecommunications services. KCC primarily supports digital healthcare industry through policy establishment and regulatory improvements, by ensuring that new healthcare service models, such as telemedicine and digital therapeutics, operate safely.

Personal Information Protection Commission (PIPC)

PIPC is primarily tasked with enforcing the PIPA. In the context of digital healthcare, the commission addresses issues related to data leakage or misuse of personal healthcare information, which is classified as “sensitive” under PIPA. Through its enforcement actions, PIPC plays a crucial role in balancing privacy protection with promotion of digital health industry through the utilisation of personal information.

The digital healthcare sector is governed by several laws, including the MSA, MDA, PIPA, and DMPA, with various regulatory bodies responsible for ensuring compliance, as detailed in 3.1 Oversight of Digital Healthcare and 3.2 Non-Healthcare Regulatory Bodies. Some notable issues in enforcement actions include the following.

Regulating the Practice of Medicine

The MSA stipulates that only HCPs are permitted to conduct medical services for which they have licences. Providing medical services without a licence is strictly prohibited. However, the current MSA does not define “medical services”, and court precedents have broadly interpreted its meaning (eg, tattooing is considered a medical practice in South Korea).

Therefore, providing some basic diagnostic services to customers (eg, using mobile phone applications) can be deemed as providing medical services. This has been controversial for insurance companies that have been attempting to use big data to provide consumers with a statistical analysis of their health (eg, life expectancy, or chances of being diagnosed with a particular disease).

For reference, in the Guidelines on Non-Medical Healthcare Services, the MOHW states that a service is medical if it meets any of the following three criteria:

• requires medical expertise (basis for the act);
• involves diagnosis, prescription, or treatment based on the condition of the subject (nature of the act); or
• may cause harm to health and hygiene (effects and side effects).

Prohibition of Provision of Economic Benefits to HCPs

Both the PAA and the MDA, which apply to pharmaceutical companies and medical device companies, respectively, explicitly prohibit those companies from providing economic benefits to HCPs to promote sales. As the term “economic benefits” is interpreted broadly, providing meals or drinks (or paying for other forms of entertainment for HCPs) is considered prohibited per the above statutes. However, attendant regulations to the PAA and MDA provide for certain safe harbours regarding the provision of economic benefits to HCPs.

As explained in 2.6 Sufficiency of Legislative Framework, regulatory authorities are working to address the risks associated with the rapid advancement of digital healthcare technologies by issuing guidelines and revamping regulatory frameworks. Notably, South Korea has recently published the world’s first guidelines for the approval and review of generative AI medical devices, which is expected to influence the creation of the standards and methods for evaluating the safety and efficacy of generative AI medical devices.

However, as is the case globally, there are still concerns in South Korea about the growing gap between rapidly advancing digital healthcare technologies and the regulations that govern them. Particularly, as previously discussed, although several legislative proposals such as the Digital Healthcare Promotion Act have been introduced, there is no overarching law or regulatory authority for the digital healthcare sector, resulting in some gaps in the regulatory framework (see 2.6 Sufficiency of Legislative Framework).

For important compliance and enforcement legal issues in digital healthcare, refer to 2.5 Issue-Specific Legal Framework and 3.3 Enforcement.

A significant liability issue in digital healthcare involves harm or legal violations resulting from AI and machine learning technologies. To operate effectively, these technologies must be trained on large datasets that often contain sensitive information, such as patients’ medical records or health data. This raises substantial concerns regarding potential privacy breaches. Furthermore, if AI-based medical decisions cause harm due to inaccurate or biased algorithmic outputs, tort liability may arise. Consequently, questions about responsibility – whether it lies with the physician, the developer, or the provider – remain unresolved. These uncertainties complicate risk management and could hinder trust and the adoption of digital health tools.

Under current laws both in South Korea and abroad, AI systems cannot be recognised as legal entities that can hold intellectual property rights or bear legal responsibility. Consequently, it remains unclear whether liability should rest with the physician using the technology, the developer who created it, or the service provider that deployed it.

The recently enacted AI Act offers valuable guidance on the liability framework involving AI. The Act classifies AI systems with serious effects on human life, physical safety, or basic human rights – like those using medical data – as “high-impact” AI, and requires that businesses providing services using high-impact AI clearly disclose their use of AI through measures such as watermarks. Furthermore, AI systems trained with cumulative computational power exceeding standards set by presidential decree must meet specific safety obligations. However, the application of these regulations in the healthcare sector remains uncertain, as detailed guidelines for high-impact AI are still in development and are expected to be released in late 2025.

In practice, in the healthcare field, liability involving AI is generally determined based on existing laws such as the Product Liability Act, MDA or other relevant healthcare regulations, with responsibility generally assigned to human actors or legal entities involved in the deployment and use of AI. Accordingly, in the context of medical services involving healthcare professionals, such as physicians, the impact of the AI Act on liability issues may be somewhat limited. Additionally, sector-specific laws such as the DMPA and MDA continue to govern the approval, monitoring, and post-market surveillance of AI-based medical devices and software in healthcare.

In the meantime, formal mechanisms for redress – such as civil litigation and regulatory enforcement – remain available under the existing legal framework.

Companies can be exempt from liability if they can prove the presence of a robust compliance system, and show any wrongdoing by an individual within the company was an isolated event. Such compliance measures include:

• strict internal regulations;
• rigorous oversight by the legal/compliance teams;
• emphasis on compliance by management; and
• severe disciplinary sanctions against employees/executives who engage in wrongdoing.

Thus far, however, the South Korean government has been strict in exempting companies from liability based solely on the existence of strong compliance systems.

In cases where the Product Liability Act (PLA) applies, companies may be exempt from liability if they can prove that they took all possible measures to detect defects within the scientific and technological standards at the time, or that they complied with all standards prescribed by relevant laws and regulations at the time of supplying the product. Therefore, companies can defend themselves with these facts.

Meanwhile, whether a company sufficiently notified about related risks at the time of product supply and obtained sufficient consent from users regarding the purchase and use of the product can also be considered when determining the company’s liability. Thus, it is necessary to provide users with adequate notice and explanations about the risks related to product use and obtain their consent in advance.

South Korea’s digital healthcare sector faces ongoing legal challenges as it seeks to balance technological innovation with the protection of sensitive personal health information.

A key emerging issue is the regulatory treatment of AI in healthcare, particularly generative AI. In this regard, the MFDS’s introduction of the Guidelines for Approval and Review of Generative Artificial Intelligence Medical Devices marks a pioneering approach, setting early global precedents for the registration and evaluation of such technologies. See 2.5 Issue-Specific Legal Framework for more details.

Another significant issue involves the cybersecurity and privacy risks associated with the increased use of health data, especially in light of the growing reliance on digital medical devices. As a response, the government has published the Digital Medical Device Electronic Intrusion Security Guidelines, which mandate robust technical safeguards such as encryption, access controls, and real-time risk assessments. See 2.5 Issue-Specific Legal Framework for more details.

Simultaneously, data governance continues to be a focal concern, particularly in respect of the right to request third-party transmission of medical data, which is widely considered as a bottleneck that hinders the industry’s development. Several bills are currently pending in the National Assembly, the most notable being the Digital Healthcare Promotion Act. This proposed legislation explicitly introduces both the right for individuals to access and transfer their own medical data, as well as the right to request its transmission to designated third parties. The goal is to create a more dynamic digital healthcare ecosystem where individuals can actively share and utilise their health information for purposes such as research and co-ordinated care.

However, there are ongoing debates regarding the scope of data covered, the responsibilities and obligations of medical institutions, and the need for clear government guidelines to ensure privacy and security. The proposed legislation also includes provisions for pseudonymised data processing, regulatory sandboxes, and the establishment of oversight committees, but as of April 2025, these bills remain under consideration and have not yet been enacted.

South Korea has recently enacted significant regulatory reforms in digital healthcare. The policy basis for these changes is to accelerate innovation, ensure patient safety, and support the integration of digital health technologies into the healthcare system, key updates include the following.

National Bio Committee

On 23 January 2025, South Korea launched the National Bio Committee, a presidential advisory body aimed at fostering the bio industry as a key driver of national economic growth. The committee integrates cross-ministerial policies spanning science, health, and industry while promoting public–private collaboration to enhance capabilities across all areas of biotechnology. Comprising 24 civilian experts and 12 government officials, the committee set an ambitious goal to position South Korea among the top five global bio powers by 2035. Key initiatives include establishing a “Korean-style bio cluster”, accelerating AI-driven drug discovery, and creating a public–private fund worth KRW1 trillion. This strategic governance framework seeks to drive innovation and growth in the bio sector, laying the foundation for South Korea’s future economic leadership.

Integrated Review and Assessment System

South Korea’s Integrated Review and Assessment System (IRAS) for innovative digital medical devices, launched in October 2022, streamlines the evaluation process by conducting concurrent reviews for device designation, reimbursement eligibility, and technological innovation, reducing the review period from up to 390 days to as little as 80 days. Under this system, digital and AI-based medical devices designated as innovative can receive temporary health insurance coverage for up to three years, even before full clinical evidence is established. This provisional reimbursement allows the devices to be used in clinical settings and accumulate real-world evidence, after which a formal evaluation determines their eligibility for permanent health insurance registration. The system aims to accelerate patient access to cutting-edge diagnostic and therapeutic technologies while supporting industry innovation and evidence generation.

Promoting the Market Entry and Reimbursement of Digital Therapeutics (DTx)

South Korea has taken major steps to promote the market entry and reimbursement of digital therapeutics (DTx), due to the Integrated Review and Assessment system launched in October 2022. In August 2023, revised health insurance guidelines enabled DTx to receive temporary reimbursement for up to three years, allowing coverage by national health insurance before full clinical evidence is established. This temporary status supports early clinical use and real-world evidence collection, with the potential for formal reimbursement upon proven effectiveness. Despite this progress, the DTx market in South Korea is still early stage and faces challenges such as unclear long-term reimbursement pathways, regulatory uncertainties, and low awareness among providers and patients, underscoring the need for continued policy support and regulatory clarity.