Ministry of Health Actions taken over HIV data breach
The HIV data breach occupied a large part of five pages in our mainstream English newspaper. It showed how the minister for health Gan Kim Hong agonized over the need to be transparent with the public and safeguard the interest of the patients affected by the breach.

Let me say a few words to help him to find a solution to avoid a further agony of this nature in the future.

I am aware that it is difficult to totally prevent a breach of the data, in spite of the expensive and extensive safeguards in cyber security that are implemented by govt agencies. Money has never been an issue to them on matters that they consider to be important.

In this case, the breach was caused primarily by a doctor who was trusted to look after the HIV register and has full access to the database. This kind of risk is certainly very difficult to manage.

To find a solution, we need first to identify what is critical and what is not. 

In the case of the hacking of 1.5 million patient records in SingHealth, the stolen data is not critical. I am one of the patients where my data was stolen. I do not care if the thief knows my date of birth, NRIC and address or even the treatment and medication that I have received. So what?

I am not suggesting that we should not take steps to stop the theft of private data. I am only suggesting that we should not over-react to the breach of the database.

However, in the case of the theft of the HIV patient data, the damage could be most severe to the patients and their families.

We should not allow this exposure in the first place.

What can be done about managing this risk? Here is my suggested approach:

a) Patients with sensitive data can request that their data be kept offline. The ministry can set guidelines on what are sensitive data. The HIV data could clearly pass this test.

b) However, there is a need to protect the safety of the health care professionals who are called to manage this high risk patients. The computer record can store a secret code to alert the professionals to check the offline database for the additional information. This should be kept to a small number of patients.

c) For access to the central medical record, which is kept in the computer database, the patient can ask to receive a SMS alert whenever their patient record are being accessed. This alert will tell the date, time. doctor and the reason for access. This kind of alert is already sent for transactions involving bank accounts. It should be easily implemented with the central medical record system.

I am aware that the offline database of sensitive data can also be stolen by a trusted doctor or staff who has accessed to the records. However, it would be difficult for them to take out a few thousand records in paper form.

I hope that my suggestions will help the minister to avoid suffering the same agony, which must have stretched over a few years, in the future. He has my sympathy, in spite of the fact that he draws a high salary for this difficult job.

Tan Kin Lian

Add Comment

---