Policies and Guidelines for Handling Sensitive Health Data of Patients in Public and Private Sectors

33 Prof Fatimah Lateef asked the Minister for Health (a) whether the Ministry has overarching policies, guidelines and oversight for handling sensitive health data and records of patients in both the public and private healthcare sectors; and (b) if so, whether there are audits and checks scheduled and conducted that are over and above that which individual institutions may have.

Mr Gan Kim Yong: Healthcare entities in the public and private sectors are licensed under the Private Hospitals and Medical Clinics Act. They are required to have in place adequate safeguards to maintain and protect their medical records against loss, or unauthorised modification, destruction, access, disclosure, copying or use. They are also subject to requirements under the Personal Data Protection Act, which imposes obligations to protect personal data.

For selected clinical conditions, additional safeguards are required due to the sensitivity of such conditions. Some are protected by legislations such as the Termination of Pregnancy Act and the Human Organ Transplant Act. Other sensitive medical conditions are subject to additional technical controls to restrict access to records, in line with the Advisory Guidelines issued by the Personal Data Protection Commission for the Healthcare Sector in 2014.

MOH regularly inspects and audits healthcare institutions for compliance, to ensure that licensees have taken reasonable actions to implement appropriate and adequate safeguards for the integrity and confidentiality of patients’ medical records. If licensees are found to be non-compliant, they may be subject to penalties under the relevant Acts.