Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Risk Management and Strategy We recognize the importance of safeguarding the security of our computer systems, software, networks, and other technology assets. We have implemented various cybersecurity measures and protocols for assessing, identifying, and managing material risks from cybersecurity threats, which are integrated into our overall risk management framework. Our cybersecurity risk management processes share common methodologies, reporting channels and governance processes with our broader risk management processes. By embedding cybersecurity risk management into and aligning it with our broader risk management processes, we aim to ensure a comprehensive and proactive approach to safeguarding our assets and operations. In specific, our patient information security management mainly ensures the safe storage and usage of patient information, including personal information and medical records. Our self-owned medical institutions use information technology systems to manage their patient’s personal information and medical records. We maintain comprehensive data privacy and security internal control policies and procedures specifically for our hospital business operations, which stipulate the details of data classification, data access control, data retention, data privacy and data security measures. We have also established related data privacy and security internal control policies and procedures to ensure our compliance with the relevant laws and regulations on cybersecurity, and to ensure the data that we have accumulated in our hospital business will not be misappropriated or misused. For instance, we specify medical record retention periods for both outpatients and inpatients in our policies which are strictly followed by our medical institutions. To ensure confidentiality, we store and transmit sensitive information in an encrypted manner. We have also developed strict internal control and data accessing mechanisms and detailed approval and operation procedures regarding data processing. Under such mechanisms and procedures, any operation violating information security regulations will result in internal disciplinary action. Our staff are expected to undertake training on patient information security, which we organize regularly. We also have assigned our IT department head to keep track of all the latest laws and regulations on cybersecurity, and update the policy and procedures as needed to ensure our compliance with the latest legal and regulation on cybersecurity. Furthermore, we have policies and processes to govern third-party access and reduce the risks associated with such access. For example, all third-party access must be authorized and have a legitimate business need. In addition, all authorized third-party access must be limited, monitored and controlled as appropriate. We engage external third-party consultants, auditors, and other third-party specialists to enhance the effectiveness of our cybersecurity processes, augment our internal capabilities, validate our controls, and stay abreast of evolving cybersecurity risks to improve our practices. In 2024, we did not detect any cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. Although risks from cybersecurity threats have not to date materially affected, and we do not believe they are reasonably likely to materially affect, us, our business strategy, results of operations or financial condition, we may, from time to time, experience threats to and security incidents related to our data and systems. See “Item 3. Key Information—D. Risk Factors—Risks Related to Our Business and Industry—Security breaches and attacks against our systems and network, and any potential resultant breach or failure to otherwise protect confidential and proprietary information, could damage our reputation and adversely affect our business, results of operation and financial condition.”
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We have implemented various cybersecurity measures and protocols for assessing, identifying, and managing material risks from cybersecurity threats, which are integrated into our overall risk management framework. Our cybersecurity risk management processes share common methodologies, reporting channels and governance processes with our broader risk management processes.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	As part of our board of directors risk management process, our board of directors has responsibility for oversight of cybersecurity risk management. Our board of directors has delegated to the deputy general manager of our risk management and internal control audit department oversight of our cybersecurity risk management program, which includes reviewing our cybersecurity and other information technology risks, controls and procedures, including our plans to mitigate cybersecurity risks and to respond to data breaches. In the event of a cybersecurity incident, we have implemented a process in which the delegated manager would report such incident to our board of directors if the incident is determined to present critical risk to us.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	board of directors
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	In the event of a cybersecurity incident, we have implemented a process in which the delegated manager would report such incident to our board of directors if the incident is determined to present critical risk to us.
Cybersecurity Risk Role of Management [Text Block]	Under the ultimate direction of the medical information security leadership groups in our medical institutions, the head of our IT department has primary responsibility for day-to-day management of our cybersecurity risk management program, including leading a dedicated team of technology professionals to monitor cybersecurity risks on behalf of our Company. The IT department is responsible for assessing potential vulnerabilities and exposures to cybersecurity threats, implementing controls and measures designed to mitigate these risks, and regularly monitoring and updating these measures as appropriate to adapt to evolving cybersecurity threats. Our cybersecurity strategy was developed by the IT department and approved by senior management. Our current head of IT possesses years of experience with information technology, and cybersecurity risk management programs. Management teams of our medical institutions supervise cybersecurity and data privacy activity that are specific to such institutions, and are required to report on activity, including breaches, to our management on a regular basis.The delegated manager receives periodic reports and presentations on cybersecurity risks from the IT department, including regarding recent incidents or breaches (if any), vulnerabilities, mitigation strategies and the overall effectiveness of our cybersecurity program. These reports highlight significant or emerging cybersecurity threats, their potential impact on the organization, ongoing initiatives to mitigate risks and any proposed actions or investments required to enhance our cybersecurity posture
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	head of our IT department has primary responsibility for day-to-day management of our cybersecurity risk management program, including leading a dedicated team of technology professionals to monitor cybersecurity risks on behalf of our Company.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our current head of IT possesses years of experience with information technology, and cybersecurity risk management programs.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Management teams of our medical institutions supervise cybersecurity and data privacy activity that are specific to such institutions, and are required to report on activity, including breaches, to our management on a regular basis.The delegated manager receives periodic reports and presentations on cybersecurity risks from the IT department, including regarding recent incidents or breaches (if any), vulnerabilities, mitigation strategies and the overall effectiveness of our cybersecurity program. These reports highlight significant or emerging cybersecurity threats, their potential impact on the organization, ongoing initiatives to mitigate risks and any proposed actions or investments required to enhance our cybersecurity posture.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

We recognize the importance of safeguarding the security of our computer systems, software, networks, and other technology assets. We have implemented various cybersecurity measures and protocols for assessing, identifying, and managing material risks from cybersecurity threats, which are integrated into our overall risk management framework. Our cybersecurity risk management processes share common methodologies, reporting channels and governance processes with our broader risk management processes. By embedding cybersecurity risk management into and aligning it with our broader risk management processes, we aim to ensure a comprehensive and proactive approach to safeguarding our assets and operations.

In specific, our patient information security management mainly ensures the safe storage and usage of patient information, including personal information and medical records. Our self-owned medical institutions use information technology systems to manage their patient’s personal information and medical records. We maintain comprehensive data privacy and security internal control policies and procedures specifically for our hospital business operations, which stipulate the details of data classification, data access control, data retention, data privacy and data security measures. We have also established related data privacy and security internal control policies and procedures to ensure our compliance with the relevant laws and regulations on cybersecurity, and to ensure the data that we have accumulated in our hospital business will not be misappropriated or misused. For instance, we specify medical record retention periods for both outpatients and inpatients in our policies which are strictly followed by our medical institutions. To ensure confidentiality, we store and transmit sensitive information in an encrypted manner. We have also developed strict internal control and data accessing mechanisms and detailed approval and operation procedures regarding data processing. Under such mechanisms and procedures, any operation violating information security regulations will result in internal disciplinary action. Our staff are expected to undertake training on patient information security, which we organize regularly. We also have assigned our IT department head to keep track of all the latest laws and regulations on cybersecurity, and update the policy and procedures as needed to ensure our compliance with the latest legal and regulation on cybersecurity. Furthermore, we have policies and processes to govern third-party access and reduce the risks associated with such access. For example, all third-party access must be authorized and have a legitimate business need. In addition, all authorized third-party access must be limited, monitored and controlled as appropriate.

We engage external third-party consultants, auditors, and other third-party specialists to enhance the effectiveness of our cybersecurity processes, augment our internal capabilities, validate our controls, and stay abreast of evolving cybersecurity risks to improve our practices. In 2024, we did not detect any cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition.

Although risks from cybersecurity threats have not to date materially affected, and we do not believe they are reasonably likely to materially affect, us, our business strategy, results of operations or financial condition, we may, from time to time, experience threats to and security incidents related to our data and systems. See “Item 3. Key Information—D. Risk Factors—Risks Related to Our Business and Industry—Security breaches and attacks against our systems and network, and any potential resultant breach or failure to otherwise protect confidential and proprietary information, could damage our reputation and adversely affect our business, results of operation and financial condition.”

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

We have implemented various cybersecurity measures and protocols for assessing, identifying, and managing material risks from cybersecurity threats, which are integrated into our overall risk management framework. Our cybersecurity risk management processes share common methodologies, reporting channels and governance processes with our broader risk management processes.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

As part of our board of directors risk management process, our board of directors has responsibility for oversight of cybersecurity risk management. Our board of directors has delegated to the deputy general manager of our risk management and internal control audit department oversight of our cybersecurity risk management program, which includes reviewing our cybersecurity and other information technology risks, controls and procedures, including our plans to mitigate cybersecurity risks and to respond to data breaches. In the event of a cybersecurity incident, we have implemented a process in which the delegated manager would report such incident to our board of directors if the incident is determined to present critical risk to us.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

board of directors

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

In the event of a cybersecurity incident, we have implemented a process in which the delegated manager would report such incident to our board of directors if the incident is determined to present critical risk to us.

Cybersecurity Risk Role of Management [Text Block]

Under the ultimate direction of the medical information security leadership groups in our medical institutions, the head of our IT department has primary responsibility for day-to-day management of our cybersecurity risk management program, including leading a dedicated team of technology professionals to monitor cybersecurity risks on behalf of our Company. The IT department is responsible for assessing potential vulnerabilities and exposures to cybersecurity threats, implementing controls and measures designed to mitigate these risks, and regularly monitoring and updating these measures as appropriate to adapt to evolving cybersecurity threats. Our cybersecurity strategy was developed by the IT department and approved by senior management. Our current head of IT possesses years of experience with information technology, and cybersecurity risk management programs. Management teams of our medical institutions supervise cybersecurity and data privacy activity that are specific to such institutions, and are required to report on activity, including breaches, to our management on a regular basis.The delegated manager receives periodic reports and presentations on cybersecurity risks from the IT department, including regarding recent incidents or breaches (if any), vulnerabilities, mitigation strategies and the overall effectiveness of our cybersecurity program. These reports highlight significant or emerging cybersecurity threats, their potential impact on the organization, ongoing initiatives to mitigate risks and any proposed actions or investments required to enhance our cybersecurity posture

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

head of our IT department has primary responsibility for day-to-day management of our cybersecurity risk management program, including leading a dedicated team of technology professionals to monitor cybersecurity risks on behalf of our Company.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our current head of IT possesses years of experience with information technology, and cybersecurity risk management programs.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Management teams of our medical institutions supervise cybersecurity and data privacy activity that are specific to such institutions, and are required to report on activity, including breaches, to our management on a regular basis.The delegated manager receives periodic reports and presentations on cybersecurity risks from the IT department, including regarding recent incidents or breaches (if any), vulnerabilities, mitigation strategies and the overall effectiveness of our cybersecurity program. These reports highlight significant or emerging cybersecurity threats, their potential impact on the organization, ongoing initiatives to mitigate risks and any proposed actions or investments required to enhance our cybersecurity posture.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true