Out-Law News 3 min. read
24 Jun 2013, 11:03 am
Earlier this month, Singapore's Minister for Communications and Information, Dr Yaacob Ibrahim, announced that doctors in the country would soon be able to "monitor patients’ health conditions without requiring them to travel to clinics for routine checks".
Ibrahim said that "remote monitoring of chronic disease patients" would be possible through a system that uses "wireless devices". He said that the technology "pave[s] the way for timely intervention and treatment, improving the way healthcare services are delivered in Singapore".
According to a report by The Straits Times, data will be sent from the devices over the internet and will be able to be accessed by doctors via an online portal. The pilot project is to launch in October, with between 800 and 1,000 patients expected to be involved.
Data protection law expert Rosemary Lee of Pinsent Masons MPillay, the Singapore joint law venture partner of Pinsent Masons, the law firm behind Out-Law.com, said that Singapore, together with Australia, is among the forerunners in the Asia-Pacific region in adopting electronic health (e-health) records systems.
Lee said that Singapore had been developing its National Electronic Health Record (NEHR) system as part of Singapore’s National Health Informatics Strategy, to develop more effective health policies and lower healthcare costs. Phase one of the NEHR has been operational since 2011 and is now supporting clinical care throughout Singapore. The system provides a common access point for medical information of the Singapore population and is now in the process of being rolled out for use by GPs and community hospitals.
The NEHR system currently has its own privacy and security capabilities including role-based access and data sensitivity classification. However, the legal framework governing data privacy and has yet to come into force, whilst additional detailed guidelines on data security have yet to be set out, she said.
"The general data security and privacy obligations under the Personal Data Protection Act (PDPA) should apply, once these come into force on 2 July 2014," Lee said. "In view of the new PDPA regime, organisations in Singapore generally and not just in the healthcare sector, are conducting reviews of their processes and practices, particularly in relation to identifying the data flows and data retention practices."
"Singapore public healthcare clusters such as NHG and SingHealth are not listed as public agencies exempted from PDPA obligations, but may be able to avail themselves to exceptions available under the PDPA for collection and use of personal data without consent, for example use of personal data to respond to an emergency which threatens an individual’s health or life," she said.
"Of course the concept of data privacy is new in Singapore and there remains a cultural shift to be made during this transition to the data privacy regime. Understandably, there exists a certain tension between ensuring PDPA compliance and the data flow and sharing of electronic personal data necessary in the e-health space," she added.
"Currently the PDPA does not specify the type of security controls required. It is anticipated that the PDPA Advisory Guidelines will be issued in the third quarter of 2014, and stakeholders will be looking to these guidelines to provide further guidance on security requirements. To ensure correct deployment of e-health systems, and more importantly to ensure data integrity and accuracy, appropriate contractual warranties need to be built into the services contract when commissioning the system, to apply through implementation, the 'go-live' and completion stages, particularly where the development of the system is phased. Healthcare providers should seek contractual guarantees from the system operators following each phase," Lee said.
Technology law expert Bryan Tan of Pinsent Masons MPillay said that an ageing population, increasing health costs and capacity issues driven by an increased population has driven mobile health (m-health) initiatives in Singapore.
"These factors have resulted in a need to increase utilisation of existing hospital facilities and to lower costs while increasing healthcare standards," Tan said. "Hence the development of several initiatives such as step-down care, home care, m-health, and pre and post surgery counselling. While m-health in Singapore may see the same concerns as the experiences in other countries, in Singapore’s case, there could be several unique points."
"Some patients are beginning to settle into retirement villages outside Singapore, so the delivery of medical services over borders now arises. Some portion of Singapore’s medical insurance plans may be used in Malaysian hospitals but that involves payment of Malaysian doctors' bills," Tan added.
"Also, it is conceivable that some IT services may be outsourced – the radiolologist reading the monitor for example – leading to the question of whether medicine is practiced at the patient’s location or where the physician is located," he said.
