Ensuring data confidentiality key in NRD Bi

31 Jul 2007, Today

Question

Name of the Person: Goh Kian Huat

Prevent gaps in disease registry

Clear guidelines needed for disease reporting; exclude medical tourists

I REFER to the report, "Killers: A crucial key" (July 24), which said the Ministry of Health is holding a public consultation on the National Registry of Diseases (NRD) Bill until Sept 3.

Cancer will be classified as a reportable disease if the proposed Bill kicks in. Managers of healthcare establishments are legally responsible for reporting the disease to the NRD. Failing this, they may be subject to a fine not exceeding $2,000.

When a person is diagnosed with cancer, especially at the end stage, it is possible that the patient has gone through several clinics, hospitals and laboratories to seek different opinions and alternative treatments.

Thus, it is possible the NRD may receive the same information from multiple sources. While it is good that the registry can do a match to prevent double-counting, issues will arise if some agencies do not report the disease as required.

Take, for example, a cancer patient who is first diagnosed and admitted to hospital A before being transferred to hospital B.

If hospital A fails to notify NRD and hospital B also neglects to do so, thinking the former had already done so, would both hospitals be liable for the offence? Or if hospital B submits the data but hospital A does not, will the latter be penalised?

Therefore, there is a need to have clear guidelines to define the responsibilities of clinics, hospitals and laboratories.

On another note, since the information gathered is used to develop public health programmes for Singaporeans and residents, tourists seeking treatment should be excluded from compulsory reporting.

With Singapore being developed as a medical hub, the number of such medical tourists should be significant. The proposed exemption will ease the administrative workload of healthcare institutions.

While it is reassuring that data stored in the registry will not be released to other parties such as employers and insurance companies, any breach of confidentiality of data remains a concern as it will be difficult for patients to establish and prove the source of such leakage, since more people would have access to the information.

Reply

Reply from MOH 

Ensuring data confidentiality key in NRD Bill

In "Prevent gaps in disease registry" (TDY, 25 Jul 07), Mr Goh Kian Huat asked for clearer reporting guidelines for diseases under the National Registry of Diseases (NRD) Bill, and the need to protect collected data from improper disclosure.

The proposed NRD Bill is to enable the Ministry to collect relevant medical information in formulating effective public health policies on disease prevention and control. Ensuring data confidentiality is key and the Bill lays down specific rules as to whom and for what purpose and in what form, the information can or cannot be released.

Mr Goh rightly points out that the reporting process should not be onerous to healthcare institutions. To minimise repeated reporting, each healthcare institution will need to notify the NRD only once for every new, confirmed case of cancer. They can streamline the reporting process using their existing electronic systems from key sites such as the laboratory. We will however require both the medical clinic and laboratory to notify NRD separately if a medical clinic sends a patient's tissue sample to a laboratory under a separate management, and the tests confirm the patient has cancer. This is to ensure that we do not miss the case.

However, medical clinics do not need to notify NRD if:

a. They refer patients suspected of cancer to another healthcare establishment (e.g. hospital) for confirmatory tests and further treatment. The onus will be on the hospital to notify NRD if the test confirms the diagnosis of cancer.

b. They accept new patients who already have a known history of cancer.

The Ministry has already sent all doctors a circular to inform them of the notification requirements.

We will also like to reassure Mr Goh that stringent administrative and technical safeguards have been put in place to ensure data confidentiality. For example, the data is stored in encrypted form under strict security and controlled access, and there is an electronic audit trail to pick up any unauthorised access. In addition, identifiable personal information will be released only when public health planning cannot proceed with aggregated or anonymised information. Patient consent will also have to be sought for purposes of medical treatment or research. Such data will not be released to other parties such as employers and insurance companies. Offenders who breach confidentiality are liable to a fine of up to $10,000, imprisonment up to 12 months, or both.

We welcome the public to give their feedback on the proposed NRD Bill at the MOH website from now until 3 September 2007.