The doctor whose boyfriend leaked the details of 14,200 people with HIV, and another 2,400 of their contacts - including sexual partners and drug users who could also be at risk of infection - is still on the Register of Medical Practitioners.
But he no longer has a certificate to practise medicine in Singapore.
Ler Teck Siang, 36, also does not have access to the confidential information of patients in the National Electronic Health Records (NEHR), which includes all public-sector patients.
The Ministry of Health (MOH) said: "Ler remains registered as a doctor, but he currently does not have access to MOH and public healthcare IT systems with patient records. In particular, he has had no access to the NEHR system since January 2014. He will not be permitted access to any of these systems."
When asked why he has not been taken off the Register of Medical Practitioners, Singapore Medical Council (SMC) Registrar Benjamin Ong said the council has to follow due process.
Associate Professor Ong, who is also director of medical services at MOH, said Ler has appealed against his conviction and 24-month jail sentence - for abetment of cheating and for giving a false statement to a public servant - and the appeal will be heard in March.
Ler had given a sample of his blood in place of that of his HIV-positive boyfriend, Mikhy Farrera-Brochez, so that the American could pass medical tests to work in Singapore.
Now, he faces another charge of mishandling information under the Official Secrets Act (OSA) while he was head of the National Public Health Unit.
That resulted in the details of all 14,200 people diagnosed with HIV here since 1985 - until 2013 for locals and 2011 for foreigners - landing in the hands of Farrera-Brochez. The American also has the personal details of 2,400 people who were their contacts.
Farrera-Brochez, 33, recently released these details online.
Meanwhile, the charge against Ler under the OSA is pending his appeal on the earlier charges. Historically, the SMC does not take action against a doctor until any legal appeal has been disposed of.
MOH'S DECISION TO ANNOUNCE THE LEAK
Mr Chan Heng Kee, Permanent Secretary at MOH, said several factors are considered in deciding whether to go public with such incidents.
The key consideration is patients' interest and well-being.
He said: "From there, we consider factors (such as) whether the information was secured. Whether the information was publicly disclosed. Whether there is a continuing risk of the information being exposed even if we were able to secure.
"And also the concerns that individuals might have, should the incident be made public."
In this case, the information has been disclosed online.
He added: "Certainly in the case where the information has been contained, we would take a more conservative approach."
The other reason is that more than half those affected are foreigners, and it will be difficult for the ministry to contact them.
Going public may get those with concerns to contact MOH.
CONFIDENTIAL INFORMATION COULD RESURFACE IN FUTURE
The authorities have blocked online access to the details put out by Farrera-Brochez. But they were not able to retrieve the information from him as they have not been able to get in touch with him since he is no longer in Singapore.
Mr Chan said: "(Since) he is still in possession of the information, it is possible that it could still be publicly disclosed."
It is also possible that others have got copies of the information now that he has put it online, or because it was given to them by him.
MOH HAS NO STATUTORY IMMUNITY
MOH "has no statutory immunity" and, hence, cannot "rule out the possibility of lawsuits" as a result of this breach. Mr Chan said that a lot would depend on what the police uncover in their investigation.
However, MOH is doing everything possible to help those affected, including providing a hotline and counsellors. Many of those contacted were anxious, distressed and concerned, he said. As at 4pm yesterday, over 1,000 had been contacted.
STEPS TAKEN TO PREVENT LEAKS
Associate Professor Vernon Lee, director of the communicable diseases division at the ministry, said safeguards against such a breach had been rolled out since 2016.
Now, two people must give approval before the information can be downloaded and decrypted. This has to be done at a designated workstation that is "specifically configured and locked down" to prevent the unauthorised removal of information.
