THE HEALTH Information Bill (HIB) will help Singaporeans access more efficient treatment, and greater peace of mind, when using healthcare services. It lets healthcare providers share a patient’s information across different institutions, while limiting access to healthcare professionals involved in the patient’s care.
Presently, patient records across Singapore’s healthcare system are fragmented, hindering the continuity of patient care — patients often use multiple healthcare providers over time.
“When patients move between healthcare providers, such as from private specialist clinics to their GPs, their key health records are often not accessible across providers,” said Senior Minister of State for Health Tan Kiat How in Parliament this week (12 Jan). “Such gaps can risk medication errors, delayed treatment, and duplicate test procedures.”
When the HIB takes effect in early 2027, healthcare providers must ensure the safety of patient health information data as it is collected, used and shared within the sector.
The HIB consolidates a patient’s key information into his or her file in the National Electronic Health Record (NEHR) system. This includes data that is crucial for continuity of care such as allergies, vaccinations, diagnoses, medications, x-rays and laboratory test results.
MPs welcomed the passage of the Bill, which will bring relief to senior citizens, who will not have to repeat their medical histories to different doctors. Similarly, doctors treating an emergency will have prompt access to the patient’s medical data.
Source: Tan Kiat How / Facebook
“Patients will also benefit from better coordinated care, enhanced quality of care and lower costs,” said SMS Tan. “Patients moving between private and public healthcare providers, or acute and community settings, will similarly benefit.”
Patients who have privacy concerns may restrict access to their information to select healthcare providers, similar to the Access Restriction regime already in place across Singapore’s healthcare system.
A patient’s personal health data will remain secure, emphasised SMS Tan.
Technical safeguards include system-level controls to curb unauthorised access, such as limiting the number of patient records which can be accessed within a timeframe, to prevent data breaches.
Singaporeans can also monitor access of their NEHR information through their HealthHub account and can report suspicious activities to MOH for investigations.
Legal safeguards include restricting NEHR access from individuals who only perform a corporate or administrative role in a patient’s care.
“In short, access to NEHR is restricted to healthcare professionals for the purpose of providing care to their patients,” said SMS Tan, listing “doctors, nurses, pharmacists and allied health professionals” as examples.
“Accessing NEHR for purposes relating to employment or insurance will be strictly prohibited,” he clarified. “This means healthcare professionals will not be allowed to access NEHR for purposes such as filling out medical reports required for insurance claims or pre-employment medical screening forms.”
The GPC for Health asks hard questions on data security, employee privacy and supporting small healthcare providers
Source: MDDI Singapore / YouTube
PAP MPs from the Government Parliamentary Committee (GPC) for Health raised questions about the HIB, particularly for access control to data, employment and insurance use as well as support for smaller healthcare providers.
“The Health GPC supports the direction of this Bill. Because the status quo — fragmented information and disjointed care — is not good enough for our citizens,” said GPC Chairperson Mariam Jaafar, who is also MP for Sembawang GRC.
“But our support comes with a responsibility to ensure continuity of care is delivered in practice, that safeguards are real, professional guidance is clear and that community-based providers are not left behind.”
Given the large number of healthcare providers in Singapore, MP Alex Yeo (Potong Pasir SMC) asked for more details about how the Government will conduct audits to ensure that only authorised people access a patient’s data.
“Synapxe, the NEHR system operator, conducts regular audits and ongoing monitoring to detect suspicious behaviour or atypical patterns, including in response to patient alerts. For example, accessing the NEHR information of a patient who has not recently visited any healthcare provider is a flag,” replied SMS Tan.
“Patients can monitor which healthcare providers have accessed their NEHR information and flag any unauthorised access to the authorities for investigation,” he added.
MP Wan Rizal (Jalan Besar GRC) asked for assurances that NEHR access will not expand to general pre-employment screenings. “Furthermore, while healthcare providers can override an individual’s ‘Access Restriction’ during a medical emergency, the law must remain clear: that data can still never be used for employment purposes,” he emphasised.
SMS Tan replied only authorised healthcare professionals can access the types of health information required for their specific patient care role — and that the HIB enhances the legislative safeguards and financial penalties for unauthorised NEHR access.
“First-time offences of unauthorised access of NEHR are punishable with a maximum fine of $50,000 and/or up to 2 years imprisonment upon conviction. And the penalty is doubled for repeat offenders,” he said. “And healthcare professionals who access NEHR in an unauthorised manner could also be referred to the relevant professional Boards or Councils for further action.”
For supporting smaller healthcare providers, MP Joan Pereira (Tanjong Pagar GRC), as well as GPC for Health MPs Yip Hon Weng (Yio Chu Kang SMC) and Choo Pei Ling (Chua Chu Kang GRC), spoke up on supporting general practitioners (GPs), which can have limited manpower and IT resources.
“Small GP clinics often lack administrative staff dedicated solely to data management. I propose that MOH explore whether small clinics jointly hiring and sharing data-entry staff through collaborative arrangements, or tap on some form of shared resources,” said MP Pereira.
“This is a good idea for smaller clinics to explore. Currently, clinics can already join the Primary Care Networks (or PCNs),” said SMS Tan. “They …offer administrative assistance through the PCN headquarters.”
“For smaller clinics that may require more time to digitalise, we will make available an alternative contribution channel so that these clinics will be able to start contributing data when required,” he added.
Protecting healthcare professionals and maintaining cybersecurity
Source: MDDI Singapore / YouTube
The GPC for Health’s PAP MPs further asked how the HIB protects healthcare professionals, and about the HIB’s cybersecurity measures.
MPs Hamid Razak (West Coast-Jurong West GRC) and Choo Pei Ling (Chua Chu Kang GRC) asked how the Ministry of Health will support healthcare professionals, who have increased liability from the HIB.
MOH will publish a set of guidelines to support healthcare professionals’ appropriate access and use of NEHR information, responded SMS Tan.
“MOH will work with the respective professional bodies to disseminate these guidelines to our healthcare professionals,” he added. “We will also support professional bodies in ensuring their members’ compliance with the Bill.”
As for the HIB’s cybersecurity measures, MP Yip Hon Weng asked for more details about keeping the NEHR system up during a crisis. “When systems are down, patients are at risk. What resilience standards will apply to NEHR access?”
SMS Tan responded that the NEHR database has several lines of intrusion detection and defence, as well as regular security patches.
“NEHR will need to comply with the relevant resilience and security requirements for government systems,” he added. “NEHR is subject to security and resilience audits, with vulnerability scans, penetration tests and exercises carried out regularly to ensure that systems are secure and backup systems are operational in the event of a downtime.”
