New law proposed to mandate sharing patients’ info among healthcare providers

A new Bill which paves the way to mandate the sharing of patients’ health information among healthcare providers was introduced in Parliament on Nov 5 after two years of delay.

Under the Health Information Bill (HIB), sharing of these details will mostly be done through a central repository called the National Electronic Health Record (NEHR) system.

The aim is to reduce the repeating of medical tests or giving of wrong prescriptions, for the benefit of all patients here, and to ensure health information is kept updated, accurate and accessible by healthcare providers.

Since 2011, NEHR has stored the health data of patients of public hospitals and polyclinics, including diagnoses, medication, allergies and laboratory reports.

If passed, the Bill will require all healthcare service providers licensed under the Healthcare Services Act – including general practitioner (GP) clinics and all nine private hospitals – to also contribute data to the NEHR.

Care providers approved by the Ministry of Health (MOH), such as community pharmacies, will also need to contribute data to the NEHR.

Only authorised healthcare professionals who are directly providing care to the patient, or performing specific medical, dental, psychiatric or psychological examinations of the patient, can access the patient’s NEHR records.

Under the Bill, healthcare providers must also have measures to protect patients’ health information through timely updates of their systems and software, and they must equip staff to safeguard cyber security.

Hospitals and clinics will need to report cyber-security incidents and data breaches.

If a breach involves the data of at least 500 individuals, and could cause significant harm to an affected individual, the healthcare provider will be required to notify the affected individuals.

Protections are already in place under the Healthcare Services, Personal Data Protection and Cybersecurity Acts governing the use and protection of health information.

In addition, MOH has worked with the Personal Data Protection Commission and the Cyber Security Agency of Singapore to identify areas where safeguards would need to be strengthened, and also consulted healthcare professionals, patients and information technology vendors on data privacy and sharing issues.

Seven out of the nine private hospitals in Singapore told The Straits Times in September that they are on track to contributing their patients’ health records to the NEHR by the end of 2025.

Citing challenges in organising the databases in their current electronic medical record systems to align with the formats of the NEHR, Thomson Medical and Mount Alvernia Hospital will face delays in contributing their records.

The HIB specifies what kind of sharing can take place through the NEHR. For instance, data sharing will be limited to authorised parties involved in the direct care of a patient.

Proper storage, reproduction and transmission of data will also be mandatory.

Health information in the HIB refers to an individual’s administrative and clinical data.

Administrative data includes the patient’s personal information such as name, address, contact details and other demographic data. Such data is considered to be health information when used in the provision of healthcare.

It could be used to assess an individual’s eligibility for financial schemes and allow community service providers to reach out to targeted population segments to provide services, such as befriending services that support seniors.

On the other hand, clinical data includes information related to the physical and mental health of the individual.

Genetic data is considered such information, as well as diagnoses, prescriptions, investigation reports, procedures and discharge summaries.

HIB prohibits direct access of the NEHR for the purposes of determining a person’s suitability or eligibility for employment, including promotion or removal from employment.

Health information also cannot be accessed for matters related to insurance, such as processing a claim.

There will be additional safeguards when users attempt to access information considered to be more sensitive, such as that which is related to pregnancy termination or sexually transmitted diseases.

Patients can choose to restrict the sharing of data among the healthcare providers that they seek care from.

Health Minister Ong Ye Kung previously said that while this may not be an ideal arrangement and may undermine quality of care for the patient, making such a choice available addresses fears and instils confidence.

For those who choose to restrict access, healthcare professionals will be blocked from accessing their NEHR records.

However, the background contribution of selected health information to NEHR will continue, to ensure there will be no gaps in the records if the individual chooses to remove the access restriction in future.

Since 2011, more than 2,300 patients have opted out of NEHR, though more than 180 have opted back in after being counselled on its benefits.

HIB provides for instances when a healthcare professional can choose to override the access restriction, such as to provide life-saving treatment during a medical emergency.

MOH will audit such cases, and those who inappropriately override the restrictions may face legal penalties under the HIB, as well as disciplinary action from their respective professional bodies, such as the Singapore Medical Council.

Individuals would be able to view in their HealthHub account which healthcare institutions have accessed their health records, and to set notifications when records are accessed.

HIB also provides for the sharing of health information outside NEHR, such as a hospital’s own electronic medical records, for specific purposes, like ensuring continuity of care, assessing eligibility of financing schemes, and for outreach under national healthcare initiatives.

Announced in 2022, the HIB was initially scheduled to be introduced in Parliament in the second half of 2023.

The Bill is expected to be debated at the next Parliament sitting.

Source: The Straits Times © SPH Media Limited. Permission required for reproduction.

Company directors to face heavier penalties if they fail to act in the best interest of firms Two lawyers rapped over ‘entirely fictitious’ AI-generated citations submitted to court