National e-records system to undergo ‘rigorous’ security review before proceeding with mandatory contribution
In the wake of the massive cyber attack on healthcare cluster SingHealth, the National Electronic Health Record (NEHR) system will undergo a “rigorous independent review” by third parties to identify any vulnerabilities,
before the Government compels all doctors to submit data.
The Government has engaged the Cyber Security Agency of Singapore – the national agency overseeing cybersecurity – and multinational professional services firm PwC Singapore as the independent third party to identify weaknesses in the NEHR and recommend measures to address them, said Health Minister Gan Kim Yong in Parliament on Monday (Aug 6).
The NEHR was not affected by the cyber attack on SingHealth’s IT systems.
“Nevertheless, we recognise that this is an important national system of significant scale, as it will eventually house key medical records for all patients,” said Mr Gan. “We must assure ourselves, users and patients that the necessary safeguards are in place, before we proceed with wider implementation of the NEHR.”
Last year, the Government had wanted to table legislation this year to make it compulsory for all doctors to submit data to the NEHR system.
The database would make visits to the doctor safer and more efficient but as of last year – six years after the NEHR was started – only 3 per cent of doctors in private practice were contributing data, resulting in a huge gap in records.