ACCESS RESTRICTIONS OPTION
The Bill will provide individuals the option to place access restrictions on the sharing of their key health information in NEHR.
“This restriction means that no one will be allowed to access the individual’s information within the NEHR, including the individual’s own attending doctor,” said MOH.
MOH warned that with the restrictions, an individual “may experience more inefficient care delivery”.
This may lead to greater inconveniences, such as having to repeat laboratory or radiological investigations, and “potentially even compromise their safety and welfare, as critical information, such as the individual’s allergic reactions to medications, will no longer be made known to healthcare professionals”.
However, this restriction will be overridden in the event of a medical emergency, MOH said.
An example would be when an individual must be medically assessed to be at risk of immediate and significant harm unless medical intervention is given, and is unable to provide consent such as when they are in a coma.
CYBERSECURITY AND DATA SECURITY SAFEGUARDS
With the increase in the contribution, access and sharing of health information across the ecosystem, there is an increasing risk of cyber-attacks and consequences of potential data losses, said MOH.
Therefore, healthcare providers contributing to or accessing NEHR, or care providers participating in data sharing use cases enabled under the Bill will have to meet a “robust unified set of cybersecurity and data security requirements” to protect both electronic and non-electronic health information.
This includes reporting cybersecurity incidents and data breaches such as unauthorised NEHR access that meet the prescribed thresholds to MOH.
These safeguards are necessary in view of the interconnected roles that healthcare and care providers play in the healthcare ecosystem, it added.