Managing Confidentiality of COVID-19 Patients' Identifying Particulars

36 Ms Sylvia Lim asked the Minister for Health whether the identifying particulars of COVID-19 patients are considered confidential under the Infectious Diseases Act or other written laws and, if so, how is such confidentiality managed.

Mr Ong Ye Kung: The personal data of COVID-19 patients is treated as sensitive personal data and is protected accordingly.

The management and protection of personal data held by public sector agencies, including those of COVID-19 patients, is governed under the Public Sector (Governance) Act (PSGA) and the Government Instruction Manuals. The Infectious Diseases Act (IDA) imposes additional requirements for the protection of patient information. This includes the limited grounds on which disclosure of such information may be made, such as to prevent the spread or possible outbreak of infectious diseases. Non-government entities receiving such information for delivery of public services and care to COVID-19 patients are obliged to comply with the IDA restrictions, as well as the Personal Data Protection Act (PDPA) and further data protection safeguards stipulated in Government contracts.

Data that has been anonymised can be disclosed without breaching confidentiality restrictions over personal data. There are safeguards in the PSGA, IDA and PDPA which make it an offence for authorised individuals who re-identify anonymised information in a knowing or reckless manner. These safeguards are a further layer of protection to maintain the confidentiality of patients’ personal data.