The first reading of the Health Information Bill (HIB) has just been completed earlier last week in Parliament. The bulk of the Bill deals with how the National Electronic Health Record (NEHR) will be introduced nationwide. Currently submission of data to NEHR is only limited to the public sector. After this Bill is passed and the Health Information Act comes into force, all licensed healthcare establishments and pharmacies will be required to submit data to NEHR.
The Bill comes with many provisions that protect the public so that there is no unauthorised access, collection and disclosure of health information that is stored in the NEHR. The Bill, together with the attached annexes and explanatory statement, runs for 186 pages1. It is a massive document. For some strange reason, what all doctors had known for years as the “NEHR” is now known as the “National Electronic Records System”, the word “health” has been omitted. No matter.
It is very noteworthy that in Pages 16 and 17 of the Bill under Section 6 of “Part 2, National Electronic Records System”, it is stated the following:
“excluded purpose”, in relation to the access or collection of accessible health information about an individual (P), means any of the following purposes:
(f) deciding whether to insure P or any other individual, or to continue or renew the insurance (whether on the same or different terms) of P or any other individual;
(g) making a claim on the insurance of P or any other individual, or processing a claim made on the insurance of P or any other individual;“
In other words, information stored in the NEHR is NOT to be used for insurance purposes. The NEHR information also cannot be used for assessing if a person is suitable for any kind of employment or as a platform worker.
The following guidelines2, while still a draft was released sometime in December 23 and could be found in the MOH website under the “healthinfo.gov.sg” section. We reproduce the relevant section here.
DRAFT GUIDELINES ON APPROPRIATE USE AND ACCESS TO NATIONAL ELECTRONIC HEALTH RECORD (NEHR)
Page 9: 3.1.2.2 Authorised and Unauthorised Access to NEHR:
“Healthcare professionals should ensure that they regulations/circulars/directives issued by MOH regarding purposes for accessing NEHR.
Institutions should establish policies and procedures and provide appropriate training to ensure that NEHR is only accessed for authorised purposes. Unless specified by legislation or prior approval from MOH has been obtained, healthcare professionals should not access NEHR for non-patient care related purposes. This includes accessing NEHR to obtain information for employment, insurance, education, training, audit or research purposes, even when the patient has provided consent.
In the event that such information was previously transcribed from NEHR into the patient’s clinical notes, it would be treated as part and parcel of the medical record belonging to the healthcare institution. In this regard, the healthcare professional could use this information in the clinical notes for non-patient care related purposes, including the ones listed above”.
So far so good.
However, it recently has come to this hobbit’s attention that panel doctors of a certain Integrated Plan (IP) insurer were made to sign a new contract with this insurer because apparently, they have gotten rid of the third party administrator (TPA) that was previously managing these panel doctors and hence, a new contract is needed.
One of the clauses in this contract read,
“Inspection And Right To Audit”
The Treatment Provider shall keep complete and accurate records of all of his/her work and expenses in providing the treatment and medical services to the Policyholders during the entire term of the Agreement. In order to verify its compliance with this Clause 7 and the terms of this Agreement, the Treatment Provider shall, upon reasonable notice, allow GEL, its management, its agent(s), its internal and/or external auditors (“Authorised Personnel”), the opportunity of inspecting, examining and auditing the Treatment Provider’s operations and the medical records (including but not limited to patient case sheet, treatment plan and/or dispensing record) which are relevant to the treatment and medical services provided to the Policyholders. The Treatment Provider shall cooperate fully with the Authorised Personnel to ensure a prompt and accurate audit.
Apparently, this IP insurer may not be the only party that has such clauses. Other insurers and TPAs may likewise incorporate similar clauses into their contracts.
Whether you are a doctor or a policyholder, you should be very concerned that such clauses exist. This hobbit would like to point out three possible ramifications of such “inspection and right to audit” clauses in the context of the HIB and draft NEHR Guidelines.
Firstly, this clause does not state whether access to the patient case sheets, treatment plan and dispensing records by the insurer is limited to those incidents or aspects that are covered and reimbursable by the insurer. Ideally, the insurer has no business poking its nose into stuff that its policies do not cover.
But in truth and as we all know, medical records of the policyholder are NOT divided into IP-covered portions and non IP-covered portions. They are all more or less combined or integrated to facilitate better care, usually arranged in chronological order.
Let us take the hypothetical example of a policyholder who was admitted for a laparoscopic cholecystectomy for gallstones and an inflamed gall bladder. After the operation, a claim dispute arose and the insurer wants to now audit the “medical records”.
Since it is an abdominal surgery, the surgeon had previously accessed the NEHR to look for records of previous procedures performed on the abdominal and pelvic regions. In the process, he noted that the patient has had one missed abortion, 2 IVF cycles done, an appendicectomy and a Caesarean Section. In addition, the patient had a previous episode of post-natal depression as well as tummy-tuck (liposuction) surgery. All these findings from the NEHR were duly noted in his case sheets, both in his clinic records as well as in the hospital records when the patient was admitted to the private hospital for the surgery.
The next question we need to ask is, does the patient or policyholder want the insurer to know she has had the missed abortion, IVF procedures, Caesarean Section, post-natal depression and breast augmentation done? To the surgeon, all previous abdominal procedures are relevant, because he needs to know what to expect when he enters the abdominal cavity, e.g. peritoneal adhesions etc. But does the insurer need to know all this? Does the policyholder want the insurer to know all this?
What is more, under the draft NEHR Guidelines, such information transcribed from the NEHR is now considered “as part and parcel of the medical record belonging to the healthcare institution. In this regard, the healthcare professional could use this information in the clinical notes for “non-patient care related purposes, including the ones listed above”.
In other words, it could perhaps be used for insurance-related decisions, which the HIB has expressly stated the information in the NEHR should not be used for.
While the HIB and draft NEHR Guidelines are well-intended, the co-existence of such “inspection and right to audit” clauses may well mean that NEHR information can be used to achieve the “excluded purpose” of deciding whether a person should be insured or not, or to have a claim reimbursed or not” as long as they had been previously transcribed into the medical records. This is a loophole that a smart insurance executive can easily exploit by citing the “Inspection and right to audit” clause.
It would also not be inconceivable that the insurer has signed similar contracts or clauses with private hospitals that enable it to inspect and audit the hospital’s medical records. The incentive for the hospital to accept such a clause could be that the hospital can be a preferred hospital provider with the insurer. After all, for the insurer to know and satisfy itself that the care given was appropriate and reimbursable or not, it would have to have access to both the doctor’s and the hospital’s records. Inspecting only the doctor’s records in the clinics would not be sufficient in many instances if the intent of inspection and audit is to satisfied.
The second point to be made is that of informed consent. Of course the default position insurers will adopt is that if the patient or policyholder gives consent, then why can’t an insurer inspect and audit the medical records?
We do not know the details of consent that was given and if the policyholder knows the scope of consent he has given. It is reasonable for a policyholder to think that he has given consent for the insurer to know enough to decide on what and how much should be reimbursed.
For example, the diagnosis, procedures, investigations, medications, treatments and charges for these items should of course be given to the insurer. But does the insurer need to know that certain family members of the policyholder visited the policyholder in the ward and subsequently they had an argument (as recorded in the nursing notes) in which hospital security had to be called in to escort the family members away? Or out of anxiety and frustration, a patient cried a few times, and nurses and doctors had to console the patient? Did the policyholder really consent to giving the insurer unfettered access to his full medical records? We need to ask ourselves honestly, how many of us really know the scope and details of what we consented to when we bought any insurance policy?
Thirdly, in Singapore, the patient himself does NOT have full access to his own medical records. Unlike in certain other countries, the patient in Singapore cannot ask for a copy of his hospital or medical records to be made available to the patient. He can ask for a medical report in which key points are summarised. So if the patient himself does not have full access to the medical records, why should the insurer have such access? In this era of smartphones, it is all too easy for every page of the medical records to be photographed as well. Can a patient consent to giving access to an insurer the medical records (and possibly copies of the medical records be made as well) that even the patient himself does not have?
As doctors, we are trained and used to relying on Evidence-based Medicine (EBM) and our Ethical Code and Ethical Guidelines (ECEG) to illuminate us on the path of good medical practice. But increasingly for private sector doctors, EBM and ECEG have to contend with a third and possibly far more compelling force that now dominates the landscape – Insurance-based Medicine (IBM). Unlike EBM and ECEG, IBM answers to no one but the insurance companies.
1 https://sso.agc.gov.sg/Bills-Supp/20-2025/Published/20251105?DocDate=20251105
hobbitsma 