Skip to main content
Ministry of Health
  1. Home
  2. Newsroom
  3. NEHR access and security
Parliamentary QA

NEHR access and security

6 February 2018

This article has been migrated from an earlier version of the site and may display formatting inconsistencies.

Name and Constituency of Member of Parliament

Dr Lim Wee Kiak
MP for Sembawang GRC

Question No. 1740

To ask the Minister for Health with the introduction of the National Health Electronic Record (NEHR) (a) how will the Ministry safeguard the confidentiality of the records as data leaks can affect a person’s employability and career prospects; (b) what security measures will be put in place to ensure that not every employee in a clinic has access to the records; and (c) what measures are put in place to prevent data breaches.

Oral Reply

1        Mr Speaker, data security and protection are key considerations in the design and operation of the National Electronic Health Record (NEHR) system.  This is achieved through a combination of legislative measures, data management policies, system features and public education.

2        All access to the NEHR system will be governed and authorised by MOH. For example, when a General Practitioner applies for an account to the NEHR, the application will be subjected to MOH’s review and approval before access is granted.  Access to individual health records through the NEHR is meant for purposes of direct patient care. And beyond that, any access to individual health records, such as for purposes of coroner’s investigation, will only be granted if it is enabled by the relevant legislation.  NEHR information will not be revealed to third parties like insurers and employers.

3        To deter unauthorised access, a two-factor authentication system has been incorporated together with features to detect suspicious access and usage.  In addition, all access to the NEHR is captured in audit logs and patients will be able to view a record of accesses made to their NEHR records so that they can report unauthorised access.

4        When suspicious access is detected or reported, we will carry out investigations and those found to have misused the system will be dealt with under the law, in accordance to the penalties under the Cybersecurity and Computer Misuse Act and the proposed Healthcare Services Act. 

5        Mr Speaker, to protect against cyber-attacks, the NEHR system has a multi-layered cyber security defence.   Security penetration tests and independent cyber security audits are conducted regularly.

6        While measures have been put in place, we need to continue to remain vigilant. 

Back to top