Doctors: Electronic Medical Records Safe? Look At Singapore Hacking

Singapore’s government health database was hacked, while the UK’s electronic medical record system ended in failure.

KUALA LUMPUR, March 21 — Some doctors expressed concern about confidentiality after the Ministry of Health (MOH) proposed storing patients’ medical information in a shared digital database.

Former Malaysian Medical Association (MMA) president Dr Milton Lum pointed out that personal data in the Singapore government’s health database, including Singaporean Prime Minister Lee Hsien Loong’s, were stolen when the system was hacked last year.

“Only the naive can think that the Malaysian system will not be hacked!” Dr Lum told CodeBlue.

Health Minister Dzulkefly Ahmad reportedly said Tuesday that his ministry would implement an electronic medical record system in 145 hospitals in the next three years, enabling health providers to share information on patients’ medical consultations and prescriptions.

“All patients have a right to privacy of their health information,” said Dr Lum.

“As such, data security is a cardinal issue. Who has access to the data? What are the standard operating procedures in place? What are the oversight mechanisms? Who is liable in the event of a breach?”

He stressed that an electronic medical record system must be regulated by a statutory body that does not include any MOH officials and provides regular reports to Parliament.

“The ‘trust us’ approach of the Health Ministry is unacceptable to patients and providers,” said Dr Lum.

The obstetrician and gynaecologist also proposed storing patients’ medical history electronically in their MyKad or in another card that they can carry around with them, instead of putting everyone’s health information in an external database.

“It will be better if you use a card and the patient is the protector of her health information.”

Britain has tried but failed to set up a single database to store everyone’s medical information, cancelling it in 2016 after it was revealed that patient data on the system could be sold to pharmaceutical and insurance companies.

Guardian Australia reported last January that a similar electronic health record system in Australia faced a “significant” technical glitch that potentially caused missing clinical information and outdated or incorrect data. Over 2.5 million Australians have reportedly opted out of the system.

Singapore’s health authority said in July last year that hackers broke into the government health database and stole personal information from about 1.5 million people, including PM Lee. The data reportedly taken included names, IC numbers, addresses and, in some cases, outpatient dispensed medicines.

Last January, Singapore’s health ministry revealed that the personal data of 14,200 people diagnosed with HIV was stolen from its HIV registry and leaked online.

Dr Chakr Sri Nagara, former president of the Association of Private Hospitals of Malaysia, said electronic health records were a double-edged sword as on one hand, storing life history could benefit patients, the population, and health care providers.

But he pointed out that national health record systems were also prone to hacking, citing Singapore as an example.

“This weakness itself opens the individual and the country to issues of confidentiality and, in some cases, national security,” he told CodeBlue.

Dr Chakr questioned what MOH’s objectives were in using electronic medical records, saying: “You must focus your goals first, then only do what you want, then have firewalls around you so you cannot be hacked so easily.”

He said when he visited Taiwan in the 90s, the Asian country had a national electronic database that stored the medical histories of all citizens so that the government could curb health care costs.

A Taiwanese hospital reportedly launched last September a platform powered by blockchain technology to improve patients’ access to their electronic medical records. The technology reportedly helped combine electronic health records from various hospitals and clinics and included security features of notification and consent.

Dr Chakr, who is with KPJ Ipoh Specialist Hospital, said more and more private hospitals in Malaysia were now using electronic medical records and have computerised other things like prescriptions and lab test results.

But he pointed out that technical glitches happened all “too often”.

“At present, doctors are finding that the old and tested paper record keeping is faster,” he said, noting that not all doctors were fast typists.

Another doctor, however, said electronic health records were the next replacement of paper documents.

“It can be shared by all the relevant people who can have access to one medical record, one file, one folder,” the doctor told CodeBlue on condition of anonymity.

“I think there’s no harm in hospitals keeping the records,” he said. “The important thing is records are there and people who need it will be able to access it.”

You may also like