National Electronic Health Records of Singapore to undergo security review

The National Electronic Health Record (NEHR) system of Singapore will be subjected to a rigorous independent review by third parties to identify any vulnerabilities, before the law that will make all doctors submit data is brought into effect. This step has been taken following a massive cyberattack on the Singapore’s health cluster SingHealth.

The main purpose of NEHR system is to collect and consolidates patients’ health records across various healthcare providers and institutions so that healthcare professionals may have a complete history when treating patients. Photo courtesy: iHiS
The main purpose of NEHR system is to collect and consolidates patients’ health records across various healthcare providers and institutions so that healthcare professionals may have a complete history when treating patients. Photo courtesy: iHiS

Giving this information in Parliament, Gan Kim Yong, Health Minister of Singapore, said, “The Government has engaged the Cyber Security Agency of Singapore – the national agency overseeing cybersecurity – and multinational professional services firm PwC Singapore as the independent third party to identify weaknesses in the NEHR and recommend measures to address them.”

However, the data stored in NEHR was not affected by the cyber-attack on SingHealth’s IT systems.

“We recognise that this is an important national system of significant scale, as it will eventually house key medical records for all patients. We must assure ourselves, users and patients that the necessary safeguards are in place, before we proceed with wider implementation of the NEHR,” said Health Minister.

 Gan Kim Yong, Health Minister of Singapore. Photo courtesy: moh.gov.sg
Gan Kim Yong, Health Minister of Singapore. Photo courtesy: moh.gov.sg

The NEHR system of Singapore was launched in 2013. Its main purpose is to collect and consolidates patients’ health records across various healthcare providers and institutions so that healthcare professionals may have a complete history when treating patients.

The Singaporean government had wanted to table legislation this year to make it compulsory for all doctors to submit data to the NEHR system. However, doctors have expressed concern about the NEHR system and patient confidentiality. The concerns of the medical fraternity were further aggravating due to the recent cyber-attack on SingHealth.

Joan Pereira, Tanjong Pagar GRC Member of Parliament (MP) also raised these concerns in the Parliament.

Though the Health Minister did not provide any timeframe for the independent review of the NEHR, but he said that it is designed differently from the SingHealth systems that were infiltrated, due to the need for it to interface with multiple external partners.

He also stressed that use of technology in healthcare should not be reversed despite cyber security challenges.

“Digitalisation, technology and use of data in healthcare have brought many benefits to patients. We cannot return to the days of paper and pencil,” he said.

“During an emergency situation where a patient is unconscious, access to the patient’s history in the NEHR would help doctors prescribe more effective medication and treatment in a timely manner,” said Gan.

“Beyond receiving care in the hospital, integration of IT systems allows easier referrals across settings and enables better team-based care and effective emergency response,” he added.