KUALA LUMPUR, April 27 — Concerned about ethical and legal implications related to patient confidentiality, a Malaysian Medical Council (MMC) member called for statutory oversight of the Health Ministry’s (MOH) patient health records system.

Dr Milton Lum also questioned how much the MoH consulted with stakeholders before the recent launch of the Malaysian Health Data Warehouse (MyHDW), pointing out that the MMC’s views were not solicited.

“How is [the data] going to be kept confidential? Nobody knows,” Dr Lum told Malay Mail Online. “There has to be oversight by a body that’s independent of the Ministry of Health.”

“The Personal Data Protection Act (PDPA) should be amended to apply to the public sector,” he added. “What is the difference between patients in the public and private sector? Doesn't mean that when you go from the private to public sector, you lose your rights to confidentiality.”


The MOH launched last week the MyHDW that plans to synchronise the medical records of patients from public and private clinics and hospitals with data from the National Registration Department (NRD), and to use big data analytics to help make better policies and research.

Health director-general Datuk Dr Noor Hisham Abdullah reportedly said the MyHDW would not contain any personal information like the patient’s name, and the data would not be shared with third parties such as insurance companies.

Dr Lum was not convinced, however, and said the inability to assure medical patients of their confidentiality might affect their care because they could decide to withhold certain information from their doctors.


The former Malaysian Medical Association (MMA) president also highlighted potential discrimination in the workplace, noting that employers may not want to employ sick people.

“There are implications for the patient, implications for doctors and nurses, because they give us the information on the basis that it won't be revealed. Indirectly, you are going to cause that breach of confidentiality and the doctor might be held accountable for it,” said Dr Lum.

He pointed out that, for example, patients who go to a government hospital may refuse to have their data released even for research purposes.

“If somebody takes the information without the doctor's knowledge, the patient can accuse the doctor of breaching confidentiality,” said Dr Lum.

He also said some personally identifiable information would be needed for data mining in healthcare.

“For example, diabetes. What are the age groups of diabetics? So I need year of birth, person's gender, person's ethnic origin. Otherwise it's useless. So what assurance do you have to the public that this will not be misused?” Dr Lum questioned. “We all know that the IC is personally identifiable.”

He also stressed the need for consultations with stakeholders, especially patients and doctors, noting that MOH’s public statements on MyHDW have been “very scanty”.

IHH Healthcare Berhad chairman Tan Sri Dr Abu Bakar Suleiman noted that the Private Healthcare Facilities and Services Act 1998 has a provision that protects hospitals from lawsuits when using patient data for the purposes of “managing quality”.

“However the data should be anonymised when used for analysis in quality management,” he told Malay Mail Online.

Klang MP Charles Santiago from the DAP said he was considering a legal challenge against the MOH for not informing the public prior to implementing the MyHDW.

The Opposition MP said despite the ministry's assurances that personal information would not be a part of the data warehouse, it still posed a potential threat.

"The fact the database has already started without people's knowledge is bad news. Government action without consulting people invites a legal challenge.

"I will be looking at this closely and consulting with lawyers with a view to undertake a legal challenge," he told Malay Mail Online when contacted.

The Klang MP added that "access to personal information is big money" around the world that would tempt unscrupulous parties to misuse the data warehouse if there is no proper enforcement.

MMA president Dr John Chew pointed out that while Mimos Bhd, a technology provider under the Ministry of Science, Technology and Innovation (Mosti), provided security protection for MyHDW, but public assurance from time to time is key to prevent doubts over the technology being explored for personal gains.  

"Of course the public must be reassured all the time, as technology as well as hackers, some driven by commercial gains to sell health data are diligently working to break through the wall," he told Malay Mail Online when contacted.

The MyHDW system, currently at Phase One, has already collected data from 2.5 million inpatients from all government and public hospitals, military hospitals and daycare unit services.

Phase Two aims to collect 70 million outpatient medical record data from other healthcare facilities such as health and specialist clinics.

The use of MyHDW has raised concerns as to whether there are privacy issues and who has access to confidential patient data.