Debate on ministries’ budgets: Health

Parliament: Feature to let patients report suspicious access to their medical data

Rei Kurohi
Tech Correspondent
Updated
Mar 07, 2019, 11:38 PM
Published
Mar 07, 2019, 05:00 AM

Integrated Health Information Systems (IHiS), the IT vendor for Singapore's healthcare sector, is working to roll out a feature that lets patients view the access logs of their own National Electronic Health Record (NEHR) data, Health Minister Gan Kim Yong said yesterday in Parliament.

This will allow patients to report any suspicious access themselves, he said.

The feature is among the enhancements under way to strengthen the security of electronic health records and systems.

Responding to MPs' questions in the debate on his ministry's budget, Mr Gan said there are three broad levels of safeguards protecting the NEHR: hardening protection against cyber attacks and unauthorised access; putting in place effective measures to detect and respond to security breaches; and, deterring breaches from happening.

These measures follow last year's cyber attack on SingHealth that resulted in the theft of 1.5 million patients' personal particulars.

Mr Gan also said regular security audits are conducted on the NEHR database, with the most recent penetration test carried out last October.

"In addition, there are ongoing robustness tests conducted by the Cyber Security Agency, GovTech and an independent third party, PwC," he said.

PwC is professional services provider PricewaterhouseCoopers.

"At the user level, the NEHR should only be used for direct patient care. Other uses, including for research, are not allowed," he said.

"There are strict controls to protect against unauthorised access. The system also does not allow users to download records onto workstations," Mr Gan added.

More On This Topic
Singapore's privacy watchdog fines IHiS $750,000 and SingHealth $250,000 for data breach
SingHealth cyber attack: How it unfolded
Staff may get tiered model of Internet access: Gan Kim Yong

The new feature planned by IHiS will help to detect and respond to breaches.

In addition, all access to the NEHR is logged and subjected to monthly audits using analytics to detect unusual usage patterns, he said.

In terms of deterrence, he said stern action would be taken against anyone responsible for breaches, including staff who have failed in their duties. He added that other enhancements have been made to Singapore's cyber-security safeguards since the attack.

Join ST's WhatsApp Channel and get the latest news and must-reads.

A version of this article appeared in the print edition of The Straits Times on March 07, 2019, with the headline Feature to let patients report suspicious access to their medical data. Subscribe

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top