So many things have happened in the medical landscape in the past weeks – so much that I cannot decide which to comment on. After serving on the SMA Council for more than ten years, I know that few readers grasp the spectrum of matters that we (as volunteers, mind you) grapple with. But recent events have left even "old-timers" shaking their heads in disbelief.
This issue was originally intended as a call to arms, to join in the waging of the "War on Diabetes". Though still important, this has been overshadowed by the shocking cyberattack on Singapore Health Services' (SingHealth) database that has left 1.5 million patients (me included) personally affected.
I have long been a supporter of the National Electronic Health Record (NEHR). Those of us in the restructured hospitals find it very useful for tracing patients' results from years ago or from other institutions. In preparation for a compulsory nationwide implementation of the NEHR, the Ministry of Health has held meetings in recent months to seek the opinions of the professional bodies, including SMA. Three recurring concerns I heard raised were of: surrendering personal control of individual privacy; replacing patient confidentiality with generic "authorised access"; and an instinctive feel that no security system, however comprehensively designed, can be invulnerable. Speaking only of those meetings I attended, I do not recall anybody claiming the system's security would be invincible. I also do not recall anybody elaborating on the consequence of a successful hack – ie, that when (not "should") one happens, all exposed content would be open to reading, copying or alteration. In retrospect, this raises an interesting point about the NEHR: If security can never be immortal, surely a patient should surrender his/her current rights to privacy and confidentiality of his/her personal data, only after a process of informed consent meeting the Montgomery test standards.
Back to the present. The official reaction to the loss of personal data was short and brief. The SMS notification said: "Your name, IC, race and birthdate were accessed but not altered... No action needed." This reassurance seems different from an independent website that advised that my name, IC and birthdate are all that is necessary to steal (or clone) my identity. This point was not dismissed upon direct enquiry, but neither was any advice offered on how to reduce the risk. Talking to learned friends, and a quick online search, produced some useful advice which I have implemented. If you had been affected by the SingHealth database hack, I hope you have taken steps to protect yourself too.
I want to end by saying: I am just a simple doctor. I am here to look after patients. I need support from trained non-medical colleagues to concentrate on my job. I can't do it well if I have to simultaneously worry about IT, financial, legal and other non-medical problems as well. A heartfelt appeal to the authorities: It helps tremendously when we know that you listen, and that you take our points to heart when we voice our concerns. It matters hugely that you do not dismiss us so casually. Please, listen. And thank you for doing so.
PS: Due to the time constraints in producing this newsletter, we were not able to cover more aspects of telemedicine in this issue. We do have one in the works, so keep a lookout for it in the coming months – a young entrepreneur is developing an app for personal medical records, which allows each individual to limit the access as he/she wishes. I'm sure this would be of great interest to doctors and patients.