Confidentiality, Privacy and Electronic Records

Wong Tien Hua

I have been practising as a GP in Sengkang since 2002, and it was only recently that I converted to using full electronic medical records (EMR). Like many GPs, I was using a paper card system to record clinical notes, together with a clinic management system to manage the patient queue, dispensing of medication, and the inventory, billing and payment processes.

Paper records are extremely flexible and easy to use, and it is a wonderful medium for record-keeping. You can write in your own style, use different colours to highlight points, and, for the artistically inclined, draw what you observe – family tree diagrams, skin lesions and anatomically accurate body parts to indicate sites of pain and injury. You can slot laboratory results in the cards, stick vaccine labels on the dates that they were given, attach photographs and ECG recordings, and staple the patient's business card when he or she presents it to you. You position the records on the table in front of the patient, and scribble along as you conduct the consultation, reducing the need to break eye contact and thereby maintaining an intimate doctor-patient relationship.

However, as time passes, these records start to increase in size and thickness as more and more information are added on, reaching encyclopaedia-sized proportions and presenting you with the perennial challenge of physical records – storage space, or the lack thereof. The problems associated with paper records are too numerous to list, but they include the concerns with cost and storage, limited accessibility of records where it is only available in one location and can be lost if filed wrongly, and quality issues such as poor handwriting and lack of consistency across records.

Digitising records

EMR can overcome all these limitations of paper records and much more. Once you have the system set up, it is practically cost-free to enter as much information as you want without incurring extra storage space. You can finally say goodbye to the rows of metal filing cabinets in the clinic, as well as to the stash of old records in the storeroom which, in itself, is a fire hazard. Electronic records are easily retrievable, are searchable and the typed records are (finally) readable. I found the switch to full EMR to be quite liberating, although I initially had some issues with typing speed. One thing I observed thus far is that while my handwriting deteriorated over time, my typing skill improved over time – which is a plus with EMR.

The true power of EMR is that once the data is stored electronically, it can be accessed anywhere with Internet connectivity, thereby enabling the sharing of patient records and important information such as drug allergies and investigation results – more on this later.

EMR does not come without its own problems though. Once you go electronic, you will become completely reliant on the computer and therefore, be at its mercy if the system breaks down. And let me assure you that the system will break down, very often at the most crucial time of the day which is when you boot up the system in the morning, just before your patients start filing in. The breaking down of any component of the system, be it the processor, the power supply, the router to connect the computers, or the label printers, can cripple the operations of your clinic. Nowadays, records can be stored in the "cloud" for added security, but this introduces another added component – the Internet connection, which of course can break down as well. All of these problems can be mitigated with a good IT technician on hand, which, if you are a GP or clinic owner, refers to you.

I recently had the unfortunate experience of being locked out of my computer system on a critical post long-weekend morning, yet there was nothing wrong with the system. It turned out that my Windows 10 operating system had gotten stuck in an update when we powered up the computer and took a good 45 minutes to complete, which felt like an eternity when the clinic needed to be up and running! (I have since learnt that you can change Windows update settings to allow it to update overnight. It seems that the "IT technician" in me is also still updating.)

An ideal EMR should be robust enough to never break down and be able to continue to function even without an Internet connection. This suddenly sounds a lot like the old paper records, doesn't it? The fact is that there are pros and cons to both manual and electronic records.

National Electronic Health Record

Plans for the National Electronic Health Record (NEHR) has been gathering momentum, with a recent front-page article in the Straits Times reporting that the Ministry of Health (MOH) is thinking of making participation in the NEHR a licensing requirement in the future, when the existing Private Hospitals and Medical Clinics Act is revised (https://goo.gl/vFSomr).

As I had mentioned earlier, the power of EMR is in its capability to share a patient's medical data across different IT platforms and across healthcare institutions. The advantages are many, with patient safety being the most important because critical information, such as drug allergy and the patient's current medication can be accessed. In an emergency, such data can make the difference for effective and early intervention. The second big advantage is cost savings with reduction of wasteful duplication of tests and investigations. The data that is collected by the NEHR system can be used for public health purposes; for example, to analyse disease trends and help anticipate infectious disease outbreaks.

The SMA has provided our feedback to MOH regarding the proposal for mandatory NEHR. We agree that the NEHR is the right way forward, but our concern is that some healthcare institutions, especially those in the private sector, will need more assistance to make the switch. Clinics that are currently using manual records are likely to be doing fine, and may feel that EMR does not provide any advantage to their workflow. One therefore has to understand the resistance of some clinics to switch to EMR, and convince this group that the EMR platforms on offer are as robust as paper records.

Confidentiality, privacy and data security

SMA has also highlighted that even though the NEHR proposal allows for patients to opt out of the system, the medical records and data remain within the NEHR, only that access is denied to healthcare professionals. We have written to MOH regarding this and the letter was published in the June 2017 issue of SMA News (https://goo.gl/dNzyqN).

The ethical issue at hand is the difference between confidentiality and privacy.

Patient confidentiality refers to the obligation of healthcare professionals who have access to patient records and data to hold that information in confidence. As doctors, we cannot share patient information to third parties without the expressed consent of the patient. This is a fundamental pillar of medical ethics and forms the basis of trust between the doctor and the patient, allowing patients to freely share information about themselves so that the doctor can arrive at an accurate diagnosis, and recommend the most appropriate treatment.

Privacy as distinct from confidentiality, is about the concept of respecting patient autonomy, and therefore the right of the individual to be left alone and to decide how their personal information is shared. Patients have the right to control the use of information pertaining to them, and should be able to have a say on who, when and how sensitive information about themselves are disclosed. Like it or not, there are members of the public who do not wish for their health data to be made available on the NEHR regardless of what assurances they are given in that access can be locked.

This brings me to the final point that privacy is a choice that the patient makes, and that data security is not patient privacy. In other words, there is no system that can ensure patient privacy. A system such as the NEHR can only ensure data security by strictly guarding access. Once the data is keyed into the NEHR, the patient's choice for privacy is no longer valid.

The SMA therefore hopes that the patients' desire for privacy of information can be respected and that options are provided for patients to forbid his or her information from being entered into the NEHR.


Wong Tien Hua is President of the 58th SMA Council. He is a family medicine physician practising in Sengkang. Dr Wong has an interest in primary care, patient communication and medical ethics.

Tag