RSM logo

Health Information Act

 

 

Health Information Act

 

Health Information Act (HIA)

RSM can assist healthcare organisations in Singapore meet MOH’s HIA Cyber and Data Security Guidelines to ensure robust protection and management for both electronic and non-electronic health information. 
 

Our HIA consulting, remediation and managed services supports healthcare leaders with a governance framework for the safe collection, access, use, and sharing of health information across the healthcare ecosystem, to facilitate better continuity and seamless transition of care.

RSM HIA Compliance Advisory and Services

 

How RSM can help with HIA compliance

RSM provides tailored HIA consulting with practical cyber and data protection solutions for continuous IT governance and HIA compliance. 

HIA Assessment 

  • Review of existing cyber and data protection practices and processes
  • Gap analysis with HIA compliance requirements

Risk Remediation 

  • Recommended remediations and enhancements
  • Standard data protection and security policy, data inventory mapping list, accounts inventory and data breach management plan  

Cybersecurity & Data Protection Certification (where applicable)

These are Singapore’s national standards that HIA requirements reference for data protection and cybersecurity management. Grants apply. 

Managed Services for Continuous Governance and Compliance

  • Review and update of policies and procedures
  • Cybersecurity, AI and data risk awareness webinar for employees
  • Phishing campaign
  • Data breach and incident response table-top exercise
  • Managed Detection and Response (MDR) for Endpoints 

FAQ 

> Who needs to comply to HIA?

All licensed healthcare service providers in Singapore, including private clinics, clinical laboratories, radiological services, retail pharmacy licensees and digital health service providers offering telemedicine service. Any healthcare organisation that contributes health information in the NEHR, and data intermediaries.

> What is the National Electronic Health Record (NEHR) system?

The NEHR is the national repository that securely collects, stores and shares patient’s health information across different healthcare providers. This contains important medical history records that healthcare professionals would generally need to make more informed medical decisions and deliver safe and better care.

> What are the benefits of taking the HIA assessment?

It’s a matter of “when” not “if”, a data breach happens. Our HIA assessment helps healthcare leaders proactively identify data security gaps and compliance risks, ensuring alignment with required HIA standards, and reduces the risk of costly PDPA penalties and irreversible reputational damage


RSM’s HIA assessment provides a clear baseline of your organisation’s data security and privacy maturity level, along with actionable recommendations to strengthen safeguards, enhance regulatory compliance, protect sensitive data, and build long-term trust with patients and stakeholders.

> What happens if a healthcare provider encounters a cybersecurity incident or a data breach?

Under the HIA, healthcare providers are required to promptly report all confirmed cybersecurity incidents or data breaches to MOH. 

  • An initial incident report must be provided to MOH within 2 hours
  • Followed by a detailed incident report within 14 days
  • Where the breach is assessed to be notifiable and likely to result in significant harm, healthcare providers must also notify all affected individuals.

Do reach out to RSM if you have more queries or need incident response advisory. 

> What are the penalties for HIA non-compliance?

  • Up to $1m in fines or 10% of the organisation’s annual turnover, whichever is higher, in line with the PDPA
  • HIA also purports to introduce offences to hold individuals accountable for egregiously mishandling the health information controlled by a HIA entity

Get started with our HIA assessment to plug your cyber and data protection gaps and build trust with your patients.

> Why RSM is one of the preferred HIA consultants?

Backed by a team of experienced Governance, Risk and Compliance (GRC) Consultants, RSM is an appointed CSA’s CISOaaS consultant for Cyber Essentials and IMDA’s Data Protection Essentials,  reflecting our strong credentials and trusted standing.


Our end-to-end HIA tailored services go beyond a compliance checkbox approach. RSM delivers practical, risk-based advisory and robust IT and security fundamentals aligned to your organisation’s risk appetite, operational needs, and budget.

 

Complementing this is our IT managed service that provides entreprise-grade security, 24x7 proactive monitoring, and reliable support, without the high cost and complexities of managing multiple vendors.   

Learn more

Five essential measures that Healthcare Providers should ado...

Learn More

Cyber & Data Security Guidebook for Healthcare Providers...

Learn More

Five essential measures that Healthcare Providers should ado...

Learn More

Cyber & Data Security Guidebook for Healthcare Providers...

Learn More

Speak to us to find out more about our HIA service scope and fee 

Learn more about MOH’s Health information Act compliance requirements here

Our Specialists

Hoi Wai Khin


Hoi Wai Khin

Partner

Related services

Digital Trust

Digital Trust

Digital Trust

Learn More
Healthcare

Healthcare

Healthcare

Learn More
Technology Consulting

Technology Consulting

Technology Consulting

Learn More
CISO as a Service CSA Cybersecurity Health Plan

CISO as a Service CSA Cybersecurity Health Plan

CISO as a Service CSA Cybersecurity Health Plan

Learn More
Data Protection Essentials

Data Protection Essentials

Data Protection Essentials

Learn More
Data Protection Trustmark

Data Protection Trustmark

Data Protection Trustmark

Learn More

Contact us

Complete this form and an RSM representative will be in touch.