Doctors to have access only to own patients' data

Doctors will have access to only National Electronic Health Record (NEHR) data of the patients they are treating, say the authorities.

They will not be able to look up the data of other people who are not directly under their care.

In addition, said Associate Professor Low Cheng Ooi, who is chief clinical informatics officer at the Integrated Health Information Systems, anyone who wants to access a person's records for reasons other than his medical care will need the latter's consent.

This includes, for example, doctors who have been hired to review someone's health records as part of a pre-employment check or for insurance purposes.

"As long as it is not for patient care, you would need to have explicit consent from the patient," said Prof Low, who is also chief medical informatics officer at the Health Ministry.

However, Jurong GRC MP Tan Wu Meng, who is a medical doctor, pointed out that safeguards may be needed to prevent insurers from taking a "disproportionate view of past medical history".

He gave the example of how an insurance company told a young man that his foot would not be covered following a stress fracture - even if a future foot condition was unrelated to the fracture.

Cyber-security measures taken to protect patients' data in the NEHR system will be similar to those used by government agencies which deal with confidential information, said Mr Bruce Liang, chief executive of the Integrated Health Information Systems.

"The methods we use are very similar to how the Inland Revenue Authority of Singapore, for example, protects its tax database when it collects information from thousands of companies," he said.

Mr Nick Savvides, who is a security advocate with Symantec Asia-Pacific and Japan, said it has seen many attacks on overseas medical clinics, which may not have dedicated IT staff and rely on external vendors to manage their electronic systems.

"In such scenarios, it is critical that good security hygiene is implemented with strong endpoint security, such as e-mail security and gateway security with multifactor authentication," he said.

Linette Lai

A version of this article appeared in the print edition of The Straits Times on November 09, 2017, with the headline 'Doctors to have access only to own patients' data'. Print Edition | Subscribe