KUALA LUMPUR, March 26 — The Ministry of Health (MOH) said today it followed cybersecurity legislation and guidelines in its planned database containing patients’ electronic medical records (EMR).
Health Minister Dzulkefly Ahmad also clarified that EMR was the collection of primary patient data, whereas the Malaysian Health Data Warehouse only gathered secondary data.
“Health records are personal to each and [every] one of us,” Dzulkefly said in a statement.
“Good data governance and mitigation strategies must be in place in order to protect our nation from cybercriminals. MOH complies to Cybersecurity Act and guidelines by lead agencies such as MAMPU (Malaysian Administrative Modernisation and Management Planning Unit), National Cyber Security Agency (NACSA) and Chief Government Security Office (CGSO),” he added.
Dzulkefly was responding to an article written by CodeBlue columnist Boo Su-Lyn, who questioned the safety of Malaysia’s EMR system due to health data breaches in Singapore that affected even Singaporean Prime Minister Lee Hsien Loong.
Dzulkefly also told Parliament today that a quarter of 145 MOH hospitals currently used EMRs, as he expressed plans to fully implement the system in clinics and hospitals throughout the country in three years’ time.
“EMR is needed to ease the process of sharing and transferring patient information in the continuum of care, where the information moves with the patients so that hospitals do not operate in silos,” he said.
When asked about how the government planned to protect patients’ health records, Dzulkefly acknowledged that cybersecurity was very important, but said the EMR system must be completed first.
“And, God willing, we will follow up with the question of cybersecurity and we will protect it as best as we can,” the Amanah lawmaker told Tampin MP Hasan Bahrom during Ministers’ Question Time at Parliament.
Doctors have told CodeBlue their concerns about confidentiality in the EMR system, as they questioned MOH about oversight mechanisms and access to patients’ health information.
The UK’s NHS cancelled in 2016 an electronic database that stored everyone’s medical information after it was revealed that patient data on the system could be sold to pharmaceutical and insurance companies.