Mr Pritam Singh: To ask the Minister for Defence what measures have been undertaken to ensure the security of the medical records of SAF personnel in view of the integration via the internet of the SAF's electronic medical records system (the Patient Care Enhancement System (PACES)) with the National Electronic Health Record system.

Dr Ng Eng Hen: Two main aspects to ensure security of medical records of servicemen were taken into account in the design and implementation of SAF's electronic medical records system. They relate primarily to one, the confidentiality of records and second, measures to guard against unauthorised access and cyber-intrusions. Stringent processes for these two aspects have been put in place, which are aligned with international standards.

First, to ensure confidentiality of records, access to the SAF's electronic medical records system is limited only to medical personnel and selected Human Resource (HR) practitioners on a need-to basis and the list of authorised users is regularly reviewed. Even then, the level of access is also tiered based - medical officers as primary care-givers need to and can access detailed medical information, but medics and HR practitioners can access less information that is relevant to fulfill their functions. Regular audits are conducted to ensure that access and the confidentiality of the medical information have complied with existing policies and regulations and benchmarked to Ministry of Health's practices and standards.

Second, to guard against unauthorised access and cyber-intrusions, PACES is only accessible to authorised users from designated terminals at specific MINDEF/SAF premises. The entire PACES system is also protected by a suite of tools to enhance cyber security. When medical information of SAF personnel is required for continuity of care to be shared with other medical institutions using the National Electronic Health Records (NEHR) system, it is first encrypted and transmitted via a dedicated point-to-point connection with system authentication.

The SAF's electronic medical records system is regularly tested for vulnerabilities to update the system's software. In addition, the system is constantly being monitored for any attempted cyber intrusions.