Abstract: During the period of epidemic prevention and control, the processing of personal health information presents a trend of normalization. Personal health information contains more personality elements than other information, so there is no lack of legitimate reasons to strengthen its protection.The promulgation of the Civil Code provides the basis of private law protection for personal health information. In the case of legitimate processing, the processing of health information must adhere to high standard consent rules, should give the necessary protection to the public health information, and must correctly use the information reasonable processing rules to safeguard other interests. According to the particularity of personal health information, tort liability should be more flexible under the traditional four elements system. In the context of information sharing, the proof of injurious act can be applied to the system of common dangerous behavior. The elements of damage result should absorb risk damage as a new type of damage. The subjective fault elements can be identified objectively and indirectly according to the performance of the legal obligations of the processors. The identification of causation elements should be dynamically adjusted according to the number of processors.