Under Singapore’s newly passed Health Information Act, doctors and healthcare providers will soon be required to seek explicit patient consent before any of a patient’s health data can be shared with private insurers, a major development in medical privacy and patient rights.
What’s Changed
The Health Information Act, expected to take effect in early 2027, establishes a clear requirement that patients must be notified and their consent obtained, before their health details are shared with insurers for purposes such as underwriting or claims assessment. Only necessary and relevant information may be shared for those purposes and insurers themselves are not permitted to directly access the National Electronic Health Record (NEHR) to obtain data.
Previously, ambiguity around how health data could be used for insurance meant patients and clinicians were often unclear about rights and privacy protections. This move aims to bring greater transparency, accountability, and trust in how sensitive health information travels beyond clinical care.
Why This Matters
Protecting patient data has become a central issue in digital health. With electronic records housed in Singapore’s National Electronic Health Record (NEHR) system, there are strict limitations on who can view and use that data. Under the new framework:
- Only clinicians directly involved in care can access relevant medical records.
- Health information cannot be accessed by insurers or employers through NEHR.
- Any sharing of information with insurers must be explicitly consented to by the patient.
Healthcare professionals who improperly access or share NEHR information for non-care purposes, such as insurance underwriting, may face substantial penalties, including fines or imprisonment.
Patient Rights and Clinical Care
The Act reinforces patients’ control over their personal health information. Experts say that requiring consent upholds patient autonomy and aligns with international standards of health privacy and data governance. At the same time, standard care information such as allergies, medications and immunisation records will still flow through NEHR to ensure continuous, coordinated treatment between providers.
Patients will also be able to set access restrictions on their NEHR data through My HealthHub, but healthcare providers may still access critical information in emergencies to ensure safe clinical care.
Why this is relevant for you
As health technology evolves and electronic records become ever more integral to care delivery, digital privacy and patient consent are increasingly important topics. This new policy not only strengthens protection for individuals’ health data but also reflects Singapore’s commitment to maintaining a balance between coordinated care and personal privacy.
Stay tuned for further updates as the implementation timeline for the Health Information Act nears, including detailed insights on how this may affect patient rights, digital healthcare tools and health insurance processing.
Sources:
Reviewed by: Dr Cheryl Yeo
Bio: Dr Cheryl Yeo is the founder of iAM Health. She has a PhD in food science and nutrition, dedicating more than a decade to research on metabolic disorders and weight management, functional food ingredients, and the science behind metabolism-focused supplements and microbiome-driven health therapies. Her work deepened her understanding of how targeted nutrition, including probiotics and digestive support, can influence long-term wellbeing.
Connect with Dr Cheryl Yeo: cheryl@iamhealth.sg