HealthHub & NEHR Privacy in Singapore: What You Should Know About Your Medical Data
Understand how your health records are stored, shared, and protected under Singapore's NEHR system. Learn your rights and how to share medical information securely.
HealthHub & NEHR Privacy in Singapore: What You Should Know About Your Medical Data
If you live in Singapore, there is a good chance your medical records are already stored in a centralized government system — whether you realize it or not. With the upcoming Health Information Bill making NEHR data sharing mandatory from early 2027, understanding how your health data moves through the system has never been more important.
What Is NEHR and How Does It Work?
The National Electronic Health Record (NEHR) is Singapore's centralized health record system. Managed by Synapxe (formerly IHiS) under the Ministry of Health, it consolidates patient data from public healthcare institutions into a single digital repository.
What Data Is Stored
| Data Type | Examples |
|---|---|
| Diagnoses | Chronic conditions, past illnesses |
| Medications | Current prescriptions, drug allergies |
| Lab Results | Blood tests, imaging reports |
| Discharge Summaries | Hospital stay records |
| Vaccinations | COVID-19, flu, childhood immunizations |
| Allergies | Drug and food allergies |
This data follows you across all public hospitals, polyclinics, and increasingly, private GPs under the Healthier SG programme.
HealthHub: Your Window Into NEHR
HealthHub is Singapore's national health portal — available as both an app and website. Through HealthHub, you can:
- View your own medical records stored in NEHR
- Check medication history and upcoming appointments
- Access children's health records (for parents)
- View lab results and vaccination records
Think of HealthHub as the front door to your NEHR data. The records exist in NEHR; HealthHub lets you see them.
Who Can Access Your Health Records?
This is where it gets sensitive. Under the NEHR framework:
| Who | Access Level |
|---|---|
| Your treating doctors and nurses | Full access with valid clinical reason |
| Other healthcare professionals | Access based on care context |
| Authorized researchers | De-identified data only |
| You (via HealthHub) | View your own records |
What You Can and Cannot Control
You CAN:
- View your own health records through the HealthHub app
- Request access logs to see who viewed your records
- Restrict access to specific sensitive health records (opt-out for certain records)
You CANNOT:
- Fully opt out of NEHR data contribution (mandatory under the new Health Information Bill)
- Prevent your licensed healthcare provider from uploading records to NEHR
This is a significant shift. Previously, data sharing with NEHR was voluntary. From early 2027, all licensed healthcare providers — including private clinics and GPs — must contribute patient data.
The Privacy Concerns Are Real
The SingHealth Breach
In 2018, Singapore experienced its worst data breach when 1.5 million SingHealth patients' records were compromised. Attackers specifically targeted Prime Minister Lee Hsien Loong's medical records. The breach exposed names, NRIC numbers, addresses, dates of birth, and outpatient dispensed medication records.
Unauthorized Access by Staff
Even without external hackers, there is always the risk of unauthorized access by healthcare staff who might look up records without a valid clinical reason — whether out of curiosity or malicious intent.
The Expanding Data Pool
With Healthier SG connecting polyclinics and GPs, your health data is now shared across a wider network than ever before. More access points mean more potential vulnerabilities.
Legal Protections in Place
Singapore does have safeguards:
| Protection | Details |
|---|---|
| Computer Misuse Act | Up to S$100,000 fine and/or 5 years jail for unauthorized access |
| PDPA | Applies to private healthcare providers handling patient data |
| NEHR Audit Logging | All access to records is logged and traceable |
| Strict Access Controls | Role-based access with authentication requirements |
These are meaningful penalties, but they are reactive — they punish breaches after they happen, not prevent them.
Practical Steps to Protect Your Medical Privacy
1. Regularly Check Your Access Logs
Use HealthHub to review who has accessed your records. If you see unfamiliar names or institutions, raise a complaint immediately.
2. Restrict Sensitive Records
If you have health conditions you consider particularly sensitive — mental health records, HIV status, reproductive health — request that these be restricted in NEHR. This limits which healthcare professionals can view them.
3. Be Careful When Sharing Medical Information
This is where many people create unnecessary risk. Sending medical reports, test results, or specialist referral letters through iMessage, Messenger, or email means that sensitive health information sits in chat histories and email inboxes indefinitely.
A safer approach: Use LOCK.PUB to create a password-protected memo containing your medical information. Share the link with your family member or doctor, and the content is protected by a password that only the intended recipient knows. You can even set it to expire after a certain period.
4. Think Before Sharing with Third Parties
Insurance companies, employers, and wellness programmes may ask for your medical records. Before you share:
- Confirm exactly what data they need
- Share only the minimum required information
- Use secure channels — not email attachments or chat messages
When you need to share a medical report with an insurance agent or employer, LOCK.PUB's password-protected memo lets you control access without the information lingering in someone's inbox.
5. Keep Your SingPass Secure
Since HealthHub access is tied to SingPass, your SingPass credentials are the keys to your medical records. Enable two-factor authentication and never share your SingPass credentials.
The Bigger Picture
Singapore's move toward mandatory NEHR data sharing is well-intentioned — it improves care coordination, reduces redundant tests, and can save lives in emergencies when doctors need your medical history fast.
But centralized health data systems are high-value targets. The more data that flows into NEHR, the more important it becomes for individuals to:
- Stay informed about what data is stored
- Monitor access to their records
- Share medical information through secure channels rather than casual messages
Bottom Line
Your health data in Singapore is increasingly centralized and shared. While legal protections exist, proactive steps — from monitoring access logs to using tools like LOCK.PUB for secure sharing — put you in better control of your most personal information.
The Health Information Bill makes data contribution mandatory. Your response should be to make privacy management intentional.
Keywords
You might also like
Data Breach Notification in Singapore: The 3-Day Rule Explained
Understand Singapore's mandatory data breach notification requirements under the PDPA. Learn the 3-day rule, what makes a breach notifiable, and the steps you must follow.
Digital Undertakers in Korea: The Unique Industry That Erases Your Online Past
Discover Korea's digital undertaker industry — professionals who remove unwanted online content, from defamatory posts to leaked personal data.
DPO Appointment in Singapore: What Every Business Must Know
All organisations in Singapore must appoint a Data Protection Officer. Learn the PDPA requirements, DPO responsibilities, qualifications, and outsourcing options.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free