Health minister insists cybersecurity laws cover electronic medical record system

Health Minister Datuk Seri Dzulkefly Ahmad speaks to reporters at the Parliament lobby in Kuala Lumpur March 14, 2019. — Picture by Ahmad Zamzahuri
Health Minister Datuk Seri Dzulkefly Ahmad speaks to reporters at the Parliament lobby in Kuala Lumpur March 14, 2019. — Picture by Ahmad Zamzahuri

KUALA LUMPUR, March 26 — Health Minister Dzulkefly Ahmad insisted today that his ministry’s electronic medical record (EMR) system was protected by cybersecurity laws and guidelines.

Dzulkefly was responding to Malay Mail assistant news editor Boo Su-Lyn’s op-ed, which questioned how the Health Ministry planned to protect patients’ medical records in the shared database in lieu of Singapore’s recent health data breaches.

“Good data governance and mitigation strategies must be in place in order to protect our nation from cybercriminals.

“MOH (Ministry of Health) complies with the Cybersecurity Act and guidelines by lead agencies such as MAMPU (Malaysian Administrative Modernisation and Management Planning Unit), National Cyber Security Agency (NACSA) & Chief Government Security Office (CGSO),” Dzulkefly said in a statement.

He also explained that EMR referred to the collection of primary patient data, while the Malaysian Health Data Warehouse (MyHDW) launched in 2017 only collected secondary data for planning purposes.

Dr Md Khadzir Sheikh Ahmad, head of the Health Informatics Centre at the Health Ministry who is managing MyHDW, told Malay Mail earlier this month that MyHDW was not an EMR system, as MyHDW only gathered data on people’s visits to health care facilities.

“MOH is looking to develop a patient-centric model that empowers every Malaysian to own their personal health record,” said Dzulkefly today.

The minister from Parti Amanah Negara (Amanah) also said in a written parliamentary reply that 25 per cent of MOH hospitals used the EMR system.

“The Health Ministry plans to expand EMR strategically in hospitals and clinics throughout the country in phases.”

Singapore had suffered two breaches of its government health database, with hackers stealing the personal data of 1.5 million people last year, including Singaporean Prime Minister Lee Hsien Loong’s.

The UK was also forced to scrap in 2016 a national database containing patients’ medical records after the media reported that health information in the digital system could be sold to insurance and pharmaceutical companies.

Related Articles