Regulate health screenings by non-medical entities

I refer to the letters by Mr Low Swee Heng and NTUC Income on patient confidentiality and health screenings (Can agencies circumvent PDPA?, Sept 28; and Consent for use of personal data for marketing purposes not necessary for health screenings, Oct 8).

Medical-record confidentiality is tightly upheld by the Singapore Medical Council (SMC) and the Ministry of Health (MOH).

All medical practitioners are required by SMC to keep patients' medical records safely and securely, and to ensure that records are not at risk of unauthorised access.

Under the Private Hospitals and Medical Clinics Act, all medical clinics and hospitals are required to keep medical records confidentially for a required period of time.

Patients who visit a qualified doctor or medical clinic for a health screening or medical consultation need not worry about the confidentiality of their records.

Nor would they be asked to waive their Personal Data Protection Act (PDPA) rights.

Medical doctors or clinics will not share patients' data with any commercial organisations.

However, private non-medical entities, which are not under the jurisdiction of either the SMC or MOH, may try to take advantage of, or even monetise, patients' medical records. Currently, many such entities conduct health screenings for the general public.

They could, for example, sell the information of a list of patients with back pain to merchants of massage chairs or mattresses, or a list of patients with myopia to optical shops.

Mr Low did the wise thing of turning down requests to waive his PDPA rights for his health screening at such an unregulated entity. It is time that health screenings by non-medical entities were regulated so as to protect patients' confidentiality.

Desmond Wai (Dr)

A version of this article appeared in the print edition of The Straits Times on October 15, 2018, with the headline 'Regulate health screenings by non-medical entities'. Print Edition | Subscribe