National e-records system to undergo ‘rigorous’ security review before proceeding with mandatory contribution

SINGAPORE — In the wake of the massive cyber attack on healthcare cluster SingHealth, the National Electronic Health Record (NEHR) system will undergo a “rigorous independent review” by third parties to identify any vulnerabilities, before the Government compels all doctors to submit data.

The Government has engaged the Cyber Security Agency of Singapore – the national agency overseeing cybersecurity – and multinational professional services firm PwC Singapore as the independent third party to identify weaknesses in the NEHR  and recommend measures to address them, said Health Minister Gan Kim Yong in Parliament on Monday (Aug 6).

The NEHR was not affected by the cyber attack on SingHealth’s IT systems.

“Nevertheless, we recognise that this is an important national system of significant scale, as it will eventually house key medical records for all patients,” said Mr Gan. “We must assure ourselves, users and patients that the necessary safeguards are in place, before we proceed with wider implementation of the NEHR.”

Last year, the Government had wanted to table legislation this year to make it compulsory for all doctors to submit data to the NEHR system. The database would make visits to the doctor safer and more efficient but as of last year – six years after the NEHR was started – only 3 per cent of doctors in private practice were contributing data, resulting in a huge gap in records.

In an earlier report by TODAY, doctors had expressed concerns about the NEHR system and patient confidentiality, among other issues.

These concerns were also raised by Tanjong Pagar GRC Member of Parliament (MP) Joan Pereira on Monday.

Mr Gan did not provide any timeframe for the independent review of the NEHR. But he said it is designed differently from the SingHealth systems that were infiltrated, due to the need for it to interface with multiple external partners.

Despite cyber security challenges, Mr Gan stressed that the use of technology in healthcare should not be reversed.

“Digitalisation, technology and use of data in healthcare have brought many benefits to patients. We cannot return to the days of paper and pencil,” he said.

For instance, Mr Gan added, during an emergency situation where a patient is unconscious, access to the patient’s history in the NEHR would help doctors prescribe more effective medication and treatment in a timely manner.

Beyond receiving care in the hospital, integration of IT systems allows easier referrals across settings and enables better team-based care and effective emergency response.

“These have to be matched with efforts to continually improve our ability to secure patients’ data, and the increasing robustness of the systems to deal with a constantly evolving cybersecurity threat,” said Mr Gan.