Abstract The amended articles of Personal Information Protection Act (hereinafter referred to as “PIPA”) were passed through the third reading in Legislative Yuan on December 25, 2015, to officially list medical records as special personal information. In the future, the medical records, medical status, genes, sex life, and health check related to medical information shall be included in special personal information of PIPA to strengthen protection. After implementation of the amended PIPA, how medical institutions should protect the patient’s medical privacy, and formulate safety and maintenance measures are necessary for exploration and clarification. 　　In this thesis, the protection basis of privacy on the Constitution, the evolution of the content of privacy, and international norms on privacy protection are first presented, to explore the specificity of medical privacy, why which is listed as personal information in PIPA, and given a higher density of protection. And then, the national health database is taken as example to indicate how to harmonize the conflict happened between medical privacy and public interest. Next, the international norms on privacy protection are discussed, such as OECD Guidelines on the Protection of Privacy and Trans-Border Flows of Personal Data, APEC Privacy Framework, The Directive on the Protection of Personal Data (95/46/EC), and Safe Harbor Framework. In addition, Taiwan’s norms related to protection of medical privacy, and related concepts of PIPA and its application are described. 　　 Further discussion on this thesis is about how medical institutions should build what kind of system in the application of PIPA. First, the standard systems related to personal information protection are introduced, for example, the ccertification system as Japan Industrial Standards (JIS Q15001), British Standards (BS 10012), Chinese National Standards (CNS 2910), and Taiwan Personal Information Protection and Administration System (TPIPAS). Finally, the chapters of this thesis are integrated, in addition to proposing specific methods against how medical institutions should build security and maintenance measures in accordance with Article 12 of Enforcement Rules of the Personal Information Protection Act, after organization, amendments and suggestions are made to PIPA. Key words: medical privacy, Personal Information Protection Act, sensitive information, Safe Harbor Framework, CNS 29100, TPIPAS, BS 10012, JISQ15001