National Health Database: Should We Throw Caution to the Wind?

Alex Wong

You may have heard by now that it's coming soon to a clinic near you, courtesy of our highest impact factor national journal, the Straits Times.1 An ambitious plan to unify and streamline Singapore's health records, National Electronic Health Record (NEHR) version 2.0 – otherwise fondly known as GP Connect (GPC) – is underway. It is touted to usher in a new age of seamless healthcare for all Singaporeans, which will meet patients' needs more effectively and minimise adverse events such as drug allergies and cross reactions.

But is it all unmitigated good?

It is not without irony that some of my colleagues have noted the similarity between the initials G.P.C. and that of a group of highly toxic bacteria. They have also expressed concern about the possible complications of swallowing GPC whole. Some have even compared uniting our healthcare records under the all-seeing eye of the Ministry of Health (MOH) to the fate of another all-seeing eye in modern fantasy lore, speculating on the possible risk of a pair of misshapen saboteurs bringing the whole thing crashing down by tossing in some things where they don't belong.

The question is, are these colleagues merely dissenters holding up the march of progress? Or perhaps, as an old song goes, these are wise men watching fools rush in? Let's consider some of the issues at hand.

How safe is cloud computing?

We doctors are notoriously paranoid people, and one of our greatest paranoia is the safety of patient information. In this new iteration of NEHR, data will be stored in "the cloud". Arguably, cloud computing has a number of advantages: scalability, accessibility, almost unlimited storage, as well as ease of backup, recovery and deployment, just to name a few. However, most of these advantages are more beneficial for mid- to large-scale organisations (eg, MOH Holdings) than for small organisations (eg, private clinics). We, the common folks, are more concerned about security. Given a choice, we'd probably feel better that our data is locked in a strong box, preferably written on scraps of card, and hidden under our pillows.

We've been assured time and again that "the cloud" is secure, but we also remember that the good folks at Apple Inc. similarly assured Jennifer Lawrence that iCloud was secure. Clinic owners are understandably nervous about being caught with the proverbial "pants down", both ours and that of our patients. Not that we don't, of course, trust that the good IT folks of the "gah-men" have figured this part out. After all, our civil service IT systems did escape the debacle that was the recent flurry of worldwide ransomware cyberattacks. However, they did so by ensuring that a civil-service-wide "air-gap" was implemented – the exact opposite of cloud computing!

At this juncture, I recall a friend who used to sing a little parody of the renowned Les Miserables hit, "Castle on a cloud": "There is a castle on a cloud, clouds don't hold castles up for long. Water vapour isn't strong... no more a castle on a cloud."

Who owns the records?

Even if you assume that security is not an issue, there are still a massive number of "last mile" issues that clinics have to sort out with patients; the most basic of which is the question, "Whose data is this?" As doctors, our patients confide in us about all sorts of things: their hopes and fears, what they dream of when they sleep, how much they sleep, and even who they sleep with. Some of them might not even be aware of NEHR, let alone that there is an opt-out option.

Who is going to explain this to them? Do they necessarily want this data on the national health record? Who is going to take the time to explain to each patient that every deep, dark secret that they whisper to us in the privacy of the consultation room could one day become common knowledge if they lose continence of both their bowels and their mental capacity? And for patients who opt out, how clear is the boundary between the data that a clinic enters into GPC and the data that NEHR extracts from GPC? Who holds the keys and makes the decisions?

Who pays for it?

Hardware, software, technicians and IT support all cost money. Will the Government really pay for everything, or will this return as eventual hidden costs? After taking up GPC, will individual healthcare providers continue to have low-cost access to the system in the future, or will they be at the mercy of some sort of mandated payment or subscription fee later on?

Complying with the implementation of NEHR is time-consuming and exhausting. Clinics are often one- or two-man operations – small, nimble and cost-effective but too poorly resourced to manage the administrative snafu that often comes with the implementation of large systems. Who will compensate the clinic owners for the time spent on troubleshooting? In an age where patients demand stat treatment, how does the individual doctor manage the surfeit of often irrelevant medical information that floods in together with access to NEHR?

A colleague once privately confided in me his concerns that having access to NEHR implied that the doctor was now legally culpable for every single obscure test result that any house officer had ever done for any patient since the beginning of time. Having once been a house officer myself, I am cognisant that this culminates in a lot of investigations to look through before seeing a 75-year-old man for a common cold.

Private vs Public

There's a saying that goes, "if you can't beat 'em, join 'em". Island-wide, clinic owners understand that a nationalised healthcare database is an inevitable reality. The powers-that-be will get what the powers-that-be want. However, what happens if the powers-that-be haven't quite gotten their powers together yet?

Another complaint I have heard of is that there are still some Government institutions that have yet to take up NEHR. Some have signed up but years later are still struggling to upload large amounts of backlogged data. An inevitable question then arises: "Why should I, as a private healthcare provider, offer you my data when your own restructured hospitals won't play ball?"

Only fools rush in?

One might wonder, after reading the deluge of questions above, what my intentions in writing this article are. I must reiterate that I look forward to a healthy public-private partnership and that seamless patient care is a great ideal to work towards. (Also, I am lazy and dislike writing long referral letters.) However, it is my humble opinion that, while the idea of a national health record is an excellent one, the devil, as the saying goes, is always in the details. Let us not in our headlong rush to embrace technology forget that our clinical forebears have already taught us a highly effective and largely foolproof system of patient care that trumps any digital solution: a detailed history and careful physical examination. The NEHR should never be a replacement for this.

It is perhaps appropriate then, that my first memories of NEHR bring me back to a moment in my early, clueless days as a junior medical officer, on call with an even more clueless and newly minted house officer. I have forgotten his name, but will never forget the look of confidence on his face as he proudly declared to me that "the patient has diabetes mellitus, hypertension, dyslipidaemia and ischaemic heart disease, and has suffered a previous stroke, but he is not on any long-term medication."

"Are you quite sure?" I asked incredulously.

"Yes, I'm sure, there was no medication dispensed according to NEHR," came the smug reply.

It transpired, of course, that the patient was indeed a diabetic with ischaemic heart disease on a dozen medications, but he had bought all of them from... Malaysia.


Editor's Note:

SMA is aware that private practitioners may have concerns regarding mandatory participation in the NEHR. We are in contact with MOH on this matter, and had previously given our feedback on the proposed amendments to Private Hospitals and Medical Clinics (PHMC) Act (https://goo.gl/WAvC8e). In addition, the recently concluded SMA FutureMed 2017 conference held on 24 to 26 August served to provide a platform for medical professionals and industry leaders to discuss pertinent topics such as Big Data and cyber security. If you have any comments or opinions on this or other related topics, you are most welcomed to write in to news@sma.org.sg.

Further reading

  1. On track: Plan to have technology pave the way for better, cheaper and faster healthcare by 2021. The Straits Times 30 May 2017. Available at: http://www.straitstimes.com/singapore/health/technology-to-pave-the-way-for-better-cheaper-and-faster-healthcare-by-2021.

Alex Wong is a private practitioner of medicine. He believes that ethical private practice is possible but accepts that he has delusional views at times and writes in an effort to try and distinguish these from reality. Occasionally, these ramblings spill out into actual articles, which should always be read with a large spoonful of salt, 200g of char-grilled beef and a spot of freshly squeezed lime juice.

Tag