Protecting Health Information

Protecting Health Information

Cybersecurity and data security standards

HIB sets out the cybersecurity and data security standards that will be imposed on healthcare providers if they contribute to or access NEHR or share data under the HIB.

This ensures the safe and secure handling of health information. HIMS vendors that support healthcare providers to access or contribute data to NEHR will also need to meet cybersecurity and data security standards.

MOH will also conduct audits to ensure that healthcare providers have fulfilled the security measures.

What happens if a healthcare provider encounters a cybersecurity incident or a data breach?

The HIB will require healthcare providers report cybersecurity incidents or data breaches to MOH.

  • An initial report of the confirmed cybersecurity incident or data breach must be provided to MOH within 2 hours.

  • The detailed incident report must be submitted within 14 days.

The mandatory reporting of such incidents enables MOH to coordinate and respond to incidents that may adversely impact patient safety and privacy. It also allows MOH to spot patterns that signal a larger-scale attack and pre-emptively take action to protect the integrity of our healthcare system.

Healthcare providers will also be required to notify the affected individuals in the event of a notifiable data breach that is likely to result in significant harm.

PREVIOUS

Sharing of Health Information