Parliament passes Health Information Bill amid data security and privacy concerns
Singapore’s Health Information Bill was passed after MPs debated privacy, cybersecurity, and clinicians’ duties. Senior Minister of State Tan Kiat How said safeguards, penalties, and patient controls will protect data while improving continuity of care.
- The Health Information Bill was passed after debate over data security, privacy, and clinicians’ responsibilities.
- Senior Minister of State Tan Kiat How said data-sharing via the NEHR ensures continuity of care with safeguards and penalties.
- MPs broadly supported the Bill’s intent but called for clearer guidance, stronger cybersecurity, and public assurance.
The Health Information Bill was passed in Parliament following an extended debate that focused on patient privacy, cybersecurity risks, and the responsibilities placed on healthcare professionals under a more centralised health data system.
Closing the debate, Senior Minister of State for Digital Development and Information and Health Tan Kiat How said the Bill would enable continuity of care by allowing patient data to be shared across healthcare institutions, regardless of where treatment is sought.
According to Mr Tan, the National Electronic Health Record (NEHR) already includes multiple safeguards to prevent unauthorised access and to flag suspicious activity, addressing concerns raised by several MPs during the debate.
He thanked Dr Hamid Razak and Nominated MP Haresh Singaraju, two of the nine NMPs making their parliamentary debuts, for raising questions on clinicians’ use of health data and medico-legal responsibilities.
Mr Tan said patients are able to view which parties have accessed their health records over the past 12 months through the HealthHub application and can report suspected unauthorised access to the authorities.
He added that punitive measures are in place for unauthorised access to the NEHR. First-time offenders face a maximum fine of S$50,000, up to two years’ imprisonment, or both.
Penalties are doubled for repeat offenders, while healthcare professionals found guilty are likely to be referred to their respective professional boards or councils for further disciplinary action.
Acknowledging persistent public concerns over privacy, Mr Tan said patients may restrict healthcare providers from accessing their NEHR data, although the Government does not encourage this option.
From the second half of 2026, patients will be able to choose which healthcare providers can view their records. The Ministry of Health (MOH) will work with institutions to set up physical touchpoints to assist those needing help.
Even where access is restricted, patients’ data will continue to be included in the NEHR. Mr Tan said this prevents gaps in records should individuals later opt back in, citing lessons learned from other jurisdictions.
He reiterated that NEHR data cannot be accessed for employment or insurance-related checks, addressing fears that sensitive information could be misused beyond healthcare settings.
On concerns that statutory medical examinations could serve as a backdoor for employers, Mr Tan said such examinations are tightly scoped, with no plans to expand them beyond what is necessary for public and individual health.
Mr Tan also addressed cybersecurity risks and said support would be provided to healthcare providers, including smaller clinics, to help them comply with the new law’s requirements.
His speech exceeded the allotted time, but Parliament voted to extend it, allowing him to complete his response.
Earlier, Mr Tan addressed comments by Workers’ Party MP Kenneth Tiong regarding Synapxe, the public agency managing the NEHR. Mr Tiong suggested splitting the agency into separate public and private entities.
Mr Tan responded that the issue did not pertain directly to the Bill and suggested it be raised separately, while reaffirming Synapxe’s role in supporting MOH’s digital health services.
Several MPs stressed the need for clearer guidance for clinicians. Dr Hamid Razak said doctors, particularly in smaller practices, were concerned about how the Bill affects their medico-legal obligations.
He said clinicians want to act in patients’ best interests without fear of inadvertent non-compliance, and called for practical guidelines to support decision-making.
Dr Haresh Singaraju echoed these concerns, asking how “reasonable care and professional judgment” should be exercised when clinicians have limited consultation time but extensive historical records to review.
Other MPs raised broader system-level concerns. Workers’ Party MPs Dennis Tan, Louis Chua, Fadli Fawzi and Kenneth Tiong said centralising health data increases privacy and cybersecurity risks across the ecosystem.
Mr Dennis Tan described the Bill as transformative but warned that the national system would only be as secure as its smallest operators, potentially burdening smaller healthcare providers.
Mr Fadli Fawzi called for assurances that neither employers nor law enforcement agencies would have inappropriate access to health records, emphasising patient expectations of confidentiality.
Labour MP Wan Rizal Wan Zakariah and MP Yip Hon Weng highlighted fears that stigma linked to mental health, HIV, genetic conditions or substance-use treatment could deter people from seeking care.
Ms Mariam Jaafar said fragmented care was not the answer to privacy fears, arguing instead for stronger rules ensuring access is purposeful, proportionate and auditable, with higher authorisation for sensitive data.
