Can Insurance Companies Access My Medical Records In Singapore?

Insurance Companies Access Medical Records Header

You’re about to sign a new insurance policy, and you see the health declarations you’re required to make.

Can Police Remotely Access My Phone?
Can Police Remotely Access My Phone?

While you’re making these declarations to the best of your ability, you can’t help but wonder if insurance companies can access your medical records.

While this concern is valid, let’s look at how medical records are stored in Singapore.

Your medical records are stored in the National Electronic Health Records (NEHR). These records are shared among medical professionals.

However, the NEHR has been hotly debated, especially with regards to privacy.

Can insurance companies access my medical records in Singapore?

The Ministry of Health and the Integrated Health Information Systems (IHiS) have come up with some measures to prevent access to your data in the NEHR for purposes other than patient care. As such, insurance companies will not be able to access your NEHR records directly.

Here are 5 safeguards that the NEHR has:

1. Only healthcare professionals can access your data
2. More sensitive information requires a second level of authentication
3. Each access to your records is logged and audited
4. It will be illegal to access your records for non-care uses
5. The NEHR will have strict cybersecurity measures

Only healthcare professionals can access your data

Each healthcare professional is given an account to login to the NEHR.

NEHR Login Corppas
Source: NEHR CorpPass Login

Access to the NEHR is only given to healthcare professionals. Moreover, they have to be directly involved in taking care of patients like yourself. Their access to the NEHR will also have to be approved by the MOH.

Other personnel who are not involved in patient care, such as GP clinic assistants, will not be given an account.

As such, your data can only be accessed by healthcare professionals that are involved in your direct care.

If you are still considering opting out of the NEHR, you can find out more here.

More sensitive information requires a second level of authentication

There are certain sensitive health information (SHI) that are found in your records.

However, MOH and IHiS did not explicitly state what is considered as SHI.

There is an additional authentication required before anyone can access your information.

The person who accesses your SHI will have to state their:

1. NRIC / FIN
2. Reason for accessing this data

NEHR Accessing Sensitive Health Information
Source: MOH

This will ensure that your records are only accessed for the right reasons!

Each access to your records is logged and audited

Whenever someone accesses your records on the NEHR, it will be recorded down.

This access will be audited monthly. IHiS will use analytics to detect if there are any unusual patterns in accessing your records.

There are plans for you to take charge of your data as well.

IHiS plans to have a feature on HealthHub. This will allow you to view a log of who has accessed your data in the NEHR.

HealthHub is actually a different app from Health Buddy, and you can find out what are the differences here.

You will be able to report any suspicious access to your records.

Unfortunately, this feature does not seem to have been rolled out yet.

It will be illegal to access your records for non-care uses

A new Healthcare Services Act will be implemented from late 2021 to 2023.

Under this Act, the MOH will make it compulsory for healthcare providers to upload data to the NEHR.

This means that all of your healthcare data will be uploaded, including those from:

1. Hospitals
2. Polyclinics
3. GP clinics
4. Dental clinics
5. Specialist clinics

If someone gets hold of your data, they could gather your entire medical history!

However, the MOH has also come up with stern action against unauthorised access to your data.

IHiS has made it clear that your data in the NEHR can only be accessed for patient care.

Under this new Act, strong action will be taken against anyone who accesses your data for non-care uses.

Examples of non-care uses include:

1. Employment
2. Insurance

Even if insurance companies ask their doctors to access your records for them, it will be considered as a non-care use.

With this law in place, insurance companies can only access your records with your consent!

The NEHR has strict cybersecurity measures

The SingHealth data breach has raised concerns about the safety of the NEHR.

In view of this cyberattack, MOH has deferred the compulsory contribution of patient data to the NEHR.

They are now focusing on making sure that the NEHR is extra secure.

The system is being tested by 3 different agencies:

1. Cyber Security Agency
2. GovTech
3. PwC (PricewaterhouseCoopers)

A huge emphasis has now been placed on the security of the NEHR. This should help to reassure you that your health records will be safe from future cyberattacks.

Insurance companies require your written consent to access your records

Insurance companies can only access your records when you wish to make an insurance claim.

Even then, they cannot directly access your records. You will have to request for a doctor or the Medical Report Office to complete an insurance form on your behalf.

This report will usually include your:

1. Diagnosis
2. Name of procedure
3. Visit date to the hospital
4. ICD9 / ICD10 codes (classification of your condition)
5. Details of medical condition / treatment given

With the implementation of the NEHR and HealthHub, you might expect the process of requesting your medical records to be easy. However, the process is still very fragmented.

You can only request your record from the hospital that you were admitted in!

Here are 3 ways that you can request for a medical report:

1. Use the HealthHub portal
2. Email the completed application form(s) to the Medical Report Office
3. Apply at the Medical Report Office in person

Use the HealthHub portal

Here’s a step-by-step guide on how to request for a medical report:

#1 Go to the HealthHub website and select ‘Medical Reports / Certificates Request’

You will need to select this option from HealthHub’s website.

HealthHub Request Medical Report
Source: HealthHub

You are unable to access this option via the HealthHub mobile app.

You will then be asked to login via your SingPass.

#2 Select the hospital that you were admitted to

You will need to select the hospital that you wish to access the record from.

HealthHub Request Medical Report From Hospital

There are only 7 hospitals that allow you to request for the report via HealthHub.

#3 Fill up the required details

You will need to fill up the required details of your hospital admission.

HealthHub Request Medical Report Details 1.1
HealthHub Request Medical Report Details 2

Your request will be processed when you pay the required fee.

Email the completed application form(s) to the Medical Report Office

Some hospitals do not allow you to use HealthHub to request for a medical report. Instead, you can email the completed forms to their Medical Report Office.

The specific instructions for each hospital can be found on each website.

You can view their websites in a table that I’ve compiled below.

Apply at the Medical Report Office in person

Most hospitals also allow you to apply for the medical report in person.

You will need to go down to their Medical Report Office to fill up the necessary forms.

For more information, you can refer to each hospital’s website.

Compiled table for each hospital

The methods you can use to request for a medical report differs from hospital to hospital.

Here’s a summary table to show which methods you can apply in each hospital.

You can see the instructions to request the medical report for each hospital on their websites.

HospitalHealthHubEmailIn
Person
TTSH
SGH
NUH
SingHealth
Polyclinic
SKH
CGH
KKH
KTPH
NTFGH
IMH
NCCS
NHCSOnline

There are so many different ways to request for a medical report!

Hopefully when the NEHR is in full force, there will be a standardised way of making a request.

Conclusion

Insurance companies are not allowed to access your records on the NEHR. Only healthcare professionals can access your records, and only for patient care purposes.

Insurance companies also cannot access your hospital records without your consent.

As such, you will need to request for a medical report to be completed by a doctor or the Medical Report Office. Only then will the insurance company be able to see your records.

The methods of requesting a medical report differ from hospital to hospital.

Hopefully, in the future, you can request a medical report from all hospitals using HealthHub.

This will definitely make it easier for everyone!


Untitled design

If you enjoyed this content, do follow us on Telegram!

Want to earn some money while sharing your experiences in Singapore? We’re always looking for writers and you can join our team here!

Gideon

Blogging is my newfound passion, and I want to solve everyday problems you may have with the content I create.

Recent Posts