Doctors raise concerns again over national e-records system after data breach at SingHealth

SINGAPORE — With some doctors already apprehensive about legislation that will make it compulsory for them to submit their patients’ data towards a national e-records system, the recent SingHealth cyber attack has sparked more unease among the medical fraternity.

They want greater reassurances — such as answers to what made SingHealth’s IT system vulnerable such that the data breach affected 1.5 million patients — and what concrete steps will be taken to avert an incident of similar magnitude in future.

Apologising for the cyber attack last Friday (July 20), Health Minister Gan Kim Yong said that the National Electronic Health Record (NEHR) project would “have to take a pause” for a while, so that the authorities can look into strengthening the cyber-security measures behind the system before moving on.

A Committee of Inquiry chaired by retired judge Richard Magnus has been convened to get to the bottom of the SingHealth cyber attack.

The NEHR is still available for access in the meantime.

Commenting on the SingHealth data breach, Prime Minister Lee Hsien Loong — whose personal particulars and outpatient medication data were targeted repeatedly and specifically by the attackers — said last Friday that when SingHealth digitised its medical records, he had asked for his to be included so that doctors could administer treatments more effectively. He was confident that patient information would be protected. He also said that there was no going back to “paper records and files” as Singapore seeks to become a smart nation.

However, Dr Desmond Wai Chun Tao, a gastroenterologist and hepatologist in private practice, is one of those healthcare professionals who still have doubts about how secure the IT systems supporting patient databases will be, especially for the NEHR.

“Now seeing that even the prime minister's data can be hacked (in the SingHealth incident)… I would like the Health Ministry to reassure me that they are smarter than the hackers before I have full faith in the system,” he said on Monday (July 23).

Dr Wai made known his reservations last November in a commentary published by TODAY, questioning if the NEHR would be secure enough to brace off cyber attacks — after the changes were announced by Health Minister Gan. Such an ambitious database containing the records of all citizens would be a “very tempting” target for hackers, Dr Wai wrote then.

On Monday, he painted a scenario of how hackers may change patients’ data stealthily and without detection. “Imagine if you see a doctor, and the doctor (seeing the records) thinks you have certain problems when you don’t? (Altered) medical records will bring great chaos.”

Dr Wai, who is holding onto the records of about 6,000 patients, added: “I want to be told what happened (with the SingHealth data breach). I want to know what will be implemented to ensure such attacks will be extremely difficult to perform in the future before we put all data into this big basket, the NEHR.”

Dr Ong Kian Chung, a respiratory physician at Mount Elizabeth Medical Centre, has seen some 13,000 patients during his 13 years of practice. He said that doctors are uptight about the security of the NEHR system because they see it as part of their duty to protect what cuts to the core of their profession: The trust between doctors and patients.

“Patients want to know what they tell us is going to be restricted to the two of us… If confidentiality is not assured, they might not want to release so much information (which would hamper) treatment and patient management,” he said.

Other doctors agreed, citing as examples medical information such as a pregnancy, which can be sensitive when leaked.

‘A GOOD WAKE-UP CALL’

Dr Wong Tien Hua, first vice-president of the Singapore Medical Association, told TODAY that the SingHealth episode is a “good wake-up call” for all stakeholders on the threat of unauthorised access to a patient's medical records.

He noted though, that electronic medical records cannot be expected to have “a foolproof secure system”, and it is not possible to guarantee that such attacks will not happen again.

“The nature of electronic healthcare records is that it should be ‘share-able’, (such that) critical information (is) available to healthcare professionals,” he said, adding that there will therefore always be many access points to medical records and hackers will go after “the weakest link”, which tends to be “human factors at a front station” that enable the attackers to penetrate the system.

“As it is often a trade-off between security and convenience for the user, a system that is too secure will render it user-unfriendly.”

Dr Wong suggested that the authorities should consider giving patients the choice to opt out any information that they feel is too sensitive to be recorded.

Dr Alvina Nam Min Fern of private clinic Clinic@Costa in the Upper East Coast area, who has seen 10,000 to 15,000 patients over eight years, is glad that the authorities now look to be more cognisant of the potential impact of a breach.

She had thought that an “extra safeguard” is needed for the NEHR system even before the SingHealth incident happened. Among her peers, there were discussions about how cyber security would be an issue of “paramount importance”, she said, but these eased after the authorities’ statements of reassurance.

After what happened at SingHealth, Dr Nam said that “many (doctors) are a little bit shaken” in their confidence that the Government’s system may truly keep data safe.

“We are still not too sure how it happened (at SingHealth). Was it due to a slip-up among employees? Or was it that all the safeguards were up, but some foreign group managed to infiltrate through their sophisticated programmes? That would be a bit more of a concern,” she added.

NEHR A ‘DIFFERENT SYSTEM’ FROM SINGHEALTH’S

The Integrated Health Information Systems — which manages the NEHR — said that the design and security safeguards for this database are in line with industry practices, and the safeguards are also tested and audited regularly. 

Mr Sean Koh, its director of programme delivery-care integration, told TODAY: “The NEHR is a different system from the SingHealth patient database system. Nonetheless, in view of the cyberattack on SingHealth, we will be conducting a review to enhance our ability to prevent, detect and respond to emerging cyber threats in the NEHR and other key systems. 

“While we conduct this review, we will take a pause on our earlier plan and schedule to pass legislation to mandate NEHR contribution among licensed healthcare providers.”

Ms Tin Pei Ling, Member of Parliament for MacPherson who sits on the Government Parliamentary Committee for Health, said that the doctors’ concerns are “valid” and the implications of the SingHealth cyber attack “must not be taken lightly”. Noting that the NEHR is not compulsory yet, she said the cyber attack on SingHealth provides a chance for the authorities to "draw lessons from this unfortunate incident”.

She stressed that a balance has to be struck because the move towards digitised systems “cannot be quite rolled back or reversed”.

“We also need to consider the strategic objective and merits of the NEHR, (which is) timely exchange of critical medical information of a patient should they seek treatment in different settings (which could include life-and-death situations)… In this case, I think the pros will outweigh the cons.”

PROPOSED CHANGES TO THE NEHR

The National Electronic Health Record (NEHR) system, launched in 2013, collects and consolidates patients’ health records across various healthcare providers and institutions so that healthcare professionals may have a complete history when treating patients.

It has been voluntary for all authorised private healthcare providers to contribute records, but the Government is planning to make data contribution mandatory for all licensed healthcare providers and institutions, including clinical laboratories, through a Healthcare Services Bill to be enacted in the later half of this year.

As of last December, the records of seven million patients contributed by 142 institutions are stored in the NEHR system, and this number is expected to grow substantially if the Bill is passed. The Bill will make mandatory the submission of data such as patients’ number of visits, diagnoses and allergy records.

During the Health Ministry’s public consultation in January and February this year, the Integrated Health Information Systems said that the system is built with “stringent access control features and multi-layered security defences to provide resilience and defence in depth against cyber attacks”. These security measures are subjected to regular independent audits, including security penetration tests, it added.

Sign up for TODAY's WhatsApp service. Click here:

Sign Up