MOH committed to better protect ‘sensitive’ health data, plans to comply with new security measures
SINGAPORE: The Ministry of Health (MOH) is committed to better protecting health data and plans to fully adopt new recommendations to improve data security, the Public Sector Data Security Review Committee said in a report on Wednesday (Nov 27).
The committee also noted that MOH will issue an instruction manual to guide public healthcare institutions on common policies and standards on data governance and security.
This comes as the Government on Wednesday accepted the committee’s five key recommendations, ranging from technical measures like masking data to people-focused measures like better training.
“These recommendations will be implemented on top of the existing and planned safeguards that MOH is currently working on,” the committee wrote in its report.
During its review of data practices across Singapore’s public sector, the committee had paid particular attention to the handling and security of health data.
“Health data within the public healthcare sector should be well-protected, given its sensitive nature,” the committee wrote.
This follows several data breaches in the public healthcare sector, with the most serious occurring in July 2018 when 1.5 million SingHealth patients’ records were accessed and copied.
The committee recommended that the proposed measures be fully adopted for data used in healthcare policy, research and analytics, as well as administrative functions.
However, it pointed out that measures for patient care systems should be contextualised and implemented in a manner that upholds patient safety and enables better delivery of clinical care.
“In particular, healthcare professionals need access to accurate and relevant information about a patient in order to identify the right patient, make the right diagnosis and deliver the appropriate treatment,” the committee wrote.
“Access to patient data must also be timely, particularly during emergencies.”
READ: Government accepts 5 measures to improve data security, to set up single contact for public to report breaches
The committee acknowledged that not all of its recommendations would then be “appropriate and relevant” for adoption, highlighting that masking patients’ medical records could for instance hinder the ability to make sound treatment decisions.
The committee also noted that Singapore’s public healthcare system, like other healthcare systems in most countries, already uses specially developed commercial-off-the-shelf systems by vendors.
“The data security in these systems corresponds to the best of class currently available for healthcare systems globally,” the committee stated.
“MOH is working with system vendors to further upgrade their data security and cybersecurity standards to meet new and emerging threats, and will adopt these best of class practices as they become available.”