Since the Fourth Plenary Session of the 19th Central Committee of the Communist Party of China first included "data" in the category of new production factors, promoting the healthy development of the digital economy has become a strategic choice for China to seize new opportunities in the new round of technological revolution and industrial transformation. In fact, whether it is the "Opinions of the Central Committee of the Communist Party of China and the State Council on Building a Data Infrastructure System to Better Play the Role of Data Elements" (i.e. the "20 Articles on Data") issued in December 2022, or the "Three Year Action Plan for Data Elements X" (2024-2026) jointly issued by the National Data Administration and 17 other departments in December 2023, both aim to maximize the value of data elements, promote the development and utilization of data elements in key industries and fields, and better serve the high-quality development of the economy and society. The "medical and health" industry, which is listed as a key action area, is an important component of human production and life, and was one of the early industries to layout digital transformation. In recent years, with the continuous promotion of medical and health information construction, medical and health data has been accumulating and rapidly expanding in scale. The emergence of cutting-edge technologies such as big data, cloud computing, and artificial intelligence has unleashed the immeasurable value potential of personal medical and health data in disease prevention, health management, assisted diagnosis and treatment, precision medicine, drug development, medical research, and other areas. However, the uniqueness of personal medical and health data lies in its high value and accompanying high risk. Personal medical and health data contains a large amount of personal medical and health information that is both private and sensitive, and usually falls under the protection of privacy rights. Once this information is leaked or illegally used, it can easily cause harm to personal dignity and even threaten personal and property safety. The current personal information protection rules, as a general protection rule, have not fully paid attention to the particularity of medical and health data processing scenarios, and in the specific application process, they inevitably fall into the dilemma of being cut to fit. On the one hand, when medical institutions use personal medical and health data for unidentifiable purposes, the overly rigid requirement of "anonymization" set up to maximize the protection of information subject privacy and personal information rights is incompatible with medical and health data processing practices; On the other hand, when it comes to the identifiable use of personal medical and health data, it originated from the empowerment rules centered on "notification consent" in traditional doctor-patient relationships. In the face of more complex data processing practices, due to the lack of complete autonomy of information subjects constrained by medical and health data processors, it often becomes a formality in practice, and even becomes a risk transfer tool for medical parties. The huge gap between facts and norms has triggered distrust among information subjects towards personal medical and health data processors, objectively restricting the sharing and utilization of medical and health data. Empirical studies have shown that patients' concerns about privacy breaches are the primary reason for their unintentional sharing of medical and health data. In order to bridge the gap between the two and reshape the trust relationship between personal medical and health data processors and information subjects in the digital economy era, it is urgent to re-examine the legal basis behind the current personal information protection rules. Modern civil law, influenced by the Enlightenment philosophy represented by Kant, regards humans as fully rational beings. By separating the body and mind of a person, the essence of "inequality" between individuals is extracted, transforming concrete and real people into abstract and equal individuals. In such a rational world, in order to achieve comprehensive control over the objective world, various private rights of individuals have emerged and formed a human centered system of rights. In fact, whether it is the overly rigid anonymization rules formed for the absolute protection of individual personality interests or the informed consent rules in personal information protection created to strengthen individual self-determination, they are all influenced by the inertia of modern civil law's formal rationalist justice view. However, the complexity of modern society requires a re examination of the abstract equality of civil subjects. The continuous refinement of division of labor in modern society has exacerbated inequality between individuals, and formal equality and interchangeability are facing enormous challenges in the digital society. It cannot be denied that the disciplinary relationship between medical institutions and patients based on the construction of knowledge systems has a long history. When patients' lives and health require the help of medical professionals, doctors with medical expertise and experience are given the power to make decisions and intervene. Under the influence of the second relationship between data processors and information subjects, medical institutions have further expanded their "excess" power over patients, and the power gap between the two sides continues to widen. At this point, it is the duty of modern private law to acknowledge the imperfections of information subjects in medical and health data processing scenarios, abandon the form of justice centered on individuals, and seek a better path to substantive justice. The rule of trustworthiness in private law is a good way to deal with significant and persistent unequal relationships between civil subjects. It is necessary and legitimate to introduce fiduciary rules between healthcare data processors and information subjects. On the one hand, the processing of personal medical and health data involves conflicting interests and information asymmetry between the information subject and the data processor, which can easily lead to a crisis of trust. When it is difficult to maintain a trust relationship between both parties through contractual paths, social norms, and market standards, it is necessary to supplement it with fiduciary rules. Trustworthiness rules can set specific standards and boundaries for the behavior of data processors, motivating them to act in a trustworthy manner; On the other hand, the trust rules, which are imported from the Anglo American legal system, have already taken root in China. Although there are significant differences in the specific trust rules between trusts and companies, it is an undeniable fact that both belong to a trust relationship in terms of interpretation. This is also the reason why China's legislative body applies the fiduciary rules in trust relationships to the relationships between companies and directors and executives. In the context of medical and health data processing, there is a significant similarity between data processors and information subjects in terms of trust relationships and the relationship between directors and executives in corporate governance, such as "authorization by the principal due to trust", "power obtained by the trustee based on authorization", "weak position of the principal", and "risk of abuse of power by the trustee". Personal medical and health information processors should be regarded as recipients of personal medical and health information, and their behavior should be constrained by fiduciary rules to maximize the protection of the privacy and personal information rights of information subjects. When constructing the fiduciary rules between personal medical and health data processors and information subjects, referring to the provisions of China's Trust Law and Company Law, the fiduciary obligations of personal medical and health data processors should be divided into two specific contents: the duty of loyalty and the duty of care. Specifically, as the core norm that constrains fiduciary relationships, the duty of loyalty should include two types of negative rules: "prohibiting conflicts of interest" and "prohibiting conflicts of obligations", as well as positive rules that supplement the negative rules. The establishment of the duty of loyalty should flexibly run through the entire life cycle of medical and health data processing according to the authorized scope of the information subject, and establish a full life cycle protection system for privacy and personal information rights of the information subject at a macro level. It requires medical institutions to develop corresponding behavioral norms in advance based on the different processing purposes, processing methods, types of personal information involved, the impact on patients' personal rights and interests, and possible security risks of medical and health data, in order to achieve a comprehensive understanding of risks as much as possible and prevent them to the greatest extent possible. The duty of care is an operational standard set for the specific performance of the fiduciary based on the construction of an information subject protection system based on the duty of loyalty, reflecting a strong altruistic nature. The focus is on whether the means of protection chosen by the believer can be maintained within reasonable limits to achieve the intended purpose. In conclusion, it is necessary to differentiate the effectiveness of medical and health data with different levels of risk and data processors' security measures based on specific application scenarios, and give medical institutions dynamic differentiation and proportional attention obligations when processing different types of medical and health data. In this way, it can effectively resolve the many obstacles in the current personal information protection system under the influence of formal rationalism, reshape the trust between personal medical and health data processors and information subjects, and further promote the resource utilization of medical and health data, helping to achieve the development goals of Chinese style innovation. (New Society)