Recent parliamentary debate surrounding a new Health Information Bill has highlighted concerns about patient privacy, support for smaller healthcare providers, and lessons learned from a significant data breach. Members of Parliament raised questions about access to sensitive health information and the cybersecurity capabilities of clinics across Singapore.
Privacy Concerns and Data Access
While welcoming the safeguards included in the Bill, MPs stressed the importance of maintaining patient trust. Specific concerns were raised regarding access to mental health and reproductive health records, with Ms Mariam Jaafar (PAP-Sembawang) advocating for higher-level authorisation for accessing such sensitive data. Dr Wan Rizal (PAP-Jalan Besar) cautioned that even the perception of potential misuse of health records – for example, in employment decisions – could discourage individuals from seeking necessary care.
Mr Louis Chua (WP-Sengkang) urged the Ministry of Health (MOH) to move away from a “collect first, tell later” approach to data sharing with the National Electronic Health Record (NEHR). He suggested patients should have more control, potentially blocking access to specific records rather than relying on blanket approvals or restrictions. Concerns were also raised about potential loopholes in insurance contracts, where insurers may seek access to full medical records.
Support for Smaller Clinics
MPs from both sides of the House voiced support for smaller clinics, acknowledging the challenges they may face in meeting the Bill’s cybersecurity requirements. Mr Dennis Tan (WP-Hougang) stated the Bill “changes the rules of the game,” mandating data contribution from all clinics wishing to remain operational. Suggestions were made to provide shared IT services and staffing arrangements to assist smaller clinics lacking dedicated IT departments.
Clinical Judgment and the NEHR
Discussion also centered on the role of the NEHR in clinical practice. Dr Hamid Razak (PAP-West Coast-Jurong West) sought clarification that the NEHR should serve as a “supplementary clinical tool” and not a mandatory step, to avoid potential liability for clinicians who rely on their own assessments. Dr Haresh Singaraju, a family physician, noted a “grey zone” regarding when consulting the NEHR is considered “reasonable care.”
Addressing Past Breaches
The 2018 SingHealth data breach was a recurring theme in the debate. Mr Kenneth Tiong (WP-Aljunied) pointed out that Synapxe, the agency currently operating the NEHR, was rebranded from Integrated Health Information Systems (IHiS), the entity responsible for the breach. He emphasized the need to rebuild trust and sought assurance regarding the NEHR’s technical architecture and security measures.
While acknowledging the breach resulted from human lapses, Mr Tiong also questioned the adequacy of the S$1 million fine levied against SingHealth and IHiS, suggesting a per-person fine might better reflect the value placed on patient privacy. Mr Tan responded that the government takes a “supportive” approach to cybersecurity, prioritizing collaboration with healthcare providers.
Frequently Asked Questions
What specific concerns were raised about insurance companies and patient data?
Mr Kenneth Tiong (WP-Aljunied) raised concerns that integrated plan insurers are increasingly requiring doctors to sign contracts with inspection and right to audit clauses, granting them the right to inspect full medical records to verify claims.
What support was suggested for smaller clinics?
Mr Dennis Tan, Ms Joan Pereira, Mr David Hoe, and Nominated MP Haresh Singaraju suggested providing shared IT services or staffing arrangements to support smaller clinics.
What was the outcome of the 2018 SingHealth data breach investigation?
The investigation found the breach was a result of human lapses, including a lack of cybersecurity awareness among IHiS staff. SingHealth and IHiS were collectively fined S$1 million.
As the Health Information Bill progresses, it remains to be seen how the government will address these concerns and balance the benefits of a national health record system with the need to protect patient privacy and ensure equitable access to resources for all healthcare providers.
