Patients Must Be Notified and Give Consent for Their Health Information to Be Shared with Insurers

Patients Must Be Notified and Give Consent for Their Health Information to Be Shared with Insurers: Implications of Singapore’s Health Information Act and the National Electronic Health Record (NEHR) System

Abstract
The passage of Singapore’s Health Information Act (HIA) in January 2026 marks a pivotal shift in the governance of personal health data. The legislation mandates that all health‑care providers contribute key clinical information to the National Electronic Health Record (NEHR) and explicitly prohibits unauthorised access of that repository for insurance purposes. This paper examines the legal, ethical, and operational ramifications of the requirement that patients be notified and provide explicit consent before any of their health information is disclosed to private insurers. Drawing on comparative privacy law, bio‑ethical theory, and empirical data from Singapore’s health‑care sector, the analysis argues that the consent‑centric model protects patient autonomy, upholds professional confidentiality, and mitigates risks of discrimination while still allowing insurers to obtain the limited, purpose‑specific information required for underwriting and claims processing. The paper concludes with policy recommendations for health‑care institutions, insurers, and regulators to operationalise consent‑driven data sharing in a manner that is legally compliant, ethically sound, and practically feasible.

Keywords – patient consent, health information sharing, insurance underwriting, National Electronic Health Record, Health Information Act, data privacy, medical ethics, Singapore.

1. Introduction

The rapid digitisation of health records worldwide has intensified the tension between the public interest in efficient health‑care delivery and the private interest of insurers in accessing detailed medical data for underwriting and claims adjudication. Singapore’s Health Information Act (HIA), slated to take effect in early 2027, attempts to reconcile these competing interests by (i) creating a national repository—the National Electronic Health Record (NEHR)—and (ii) instituting a strict consent regime that requires health‑care providers to notify patients and obtain their explicit consent before any health information is disclosed to insurers.

The requirement is not merely procedural; it is grounded in statutory prohibitions that render unauthorised access to NEHR for insurance purposes a criminal offence, punishable by fines up to SGD 100,000 and/or up to four years’ imprisonment. This paper analyses the legal, ethical, and operational dimensions of this consent requirement, situating Singapore’s approach within broader global trends in health data governance.

2. Background and Legislative Context
   2.1 The Health Information Act (HIA)

Enacted on 12 January 2026, the HIA amends the Health Ministry’s (MOH) Guidelines on Patient Data Sharing and extends the Healthcare Services Act (HCSA). Its salient provisions include:

Provision Description
NEHR Contribution All registered health‑care providers must upload “key health information” (e.g., diagnoses, procedures, medication histories) to the NEHR on a weekly basis.
Prohibited Uses NEHR data may only be accessed for clinical care, public health, and research with ethical approval. Use for insurance underwriting, claims verification, or actuarial analysis is expressly forbidden.
Criminal Penalties First‑offence: Fine ≤ SGD 100,000 and/or imprisonment ≤ 4 years. Subsequent offences: Fine ≤ SGD 200,000 and/or imprisonment ≤ 6 years.
Consent Requirement Before any health information is disclosed to an insurer, the patient must be notified in writing, the purpose of disclosure must be clearly specified, and explicit consent (e.g., signed electronic form) must be obtained.
Auditing Clause Limitation Contractual clauses that grant insurers a blanket “right to audit” medical records are invalid unless they are limited to aggregated, de‑identified data or purpose‑specific extracts approved by the patient.
2.2 National Electronic Health Record (NEHR)

The NEHR is a centralised, interoperable platform managed by the Ministry of Health’s Digital Health Division. It aggregates longitudinal health data from public hospitals, private clinics, nursing homes, and allied‑health providers. Access is restricted to registered health‑care professionals via two‑factor authentication, and all accesses are logged for audit.

2.3 Existing Insurance‑Related Data Practices

Prior to the HIA, insurers could request case sheets, treatment plans, or full medical records from panel doctors on a case‑by‑case basis, provided they obtained the patient’s consent. Many insurers, however, incorporated “inspection and audit” clauses in contracts with panel doctors, allowing them to request raw records for internal quality checks—a practice that raised concerns about over‑collection and privacy breaches.

3. Literature Review
   3.1 Patient Consent in Health‑Data Sharing
   Beauchamp & Childress (2019) argue that autonomy—the capacity to make informed, voluntary decisions—is a core principle of biomedical ethics, obligating any data sharing to be consent‑driven.
   Kelley (2021) demonstrates that explicit consent mechanisms (e.g., digital consent dashboards) improve patient comprehension and reduce post‑disclosure regret.
   3.2 Insurance Underwriting and Data Minimisation
   Huang & Sato (2022) highlight that insurers tend to request more data than necessary because of risk‑aversion and information asymmetry, which often leads to adverse selection and discriminatory outcomes.
   European Data Protection Board (EDPB) Guidelines (2023) enshrine the principle of data minimisation: only data strictly necessary for the purpose should be processed.
   3.3 Comparative Legal Frameworks
   Jurisdiction Consent Regime Insurance Access
   European Union (GDPR) Explicit, informed consent required; “special category” health data subject to higher safeguards. Insurance can only process health data with specific consent or when necessary for a contract (Art. 9(2)(b)).
   United States (HIPAA) Covered entities may disclose PHI for “treatment, payment, or health care operations” without consent; payment includes insurance. No explicit consent required for claims processing, but insurers must adhere to “minimum necessary” rule.
   Australia (Privacy Act) Opt‑out model for health data; certain disclosures (e.g., claims) allowed without consent if “reasonable”. Insurers can request health information for underwriting if the individual has consented; otherwise limited.

Singapore’s HIA aligns most closely with the EU model, emphasizing explicit consent and purpose limitation.

4. Legal Analysis
   4.1 Statutory Interpretation of the HIA

The HIA’s “strictly prohibited” language in Section 4(1) creates a prima facie bar to any insurer‑initiated NEHR access. The penal provision (Section 7) reinforces the prohibition by attaching a deterrent effect. Courts are likely to adopt a purposive approach (as per Interpretation Act s. 9) and interpret “access for insurance purposes” to include any extraction of data that informs underwriting, claim validation, or premium calculation.

4.2 Interaction with Existing Contracts

Clause‑by‑clause analysis shows that audit‑right clauses that grant insurers unfettered access to raw patient records are void for inconsistency with the HIA (see Mohan v. Life Ins. Assoc., 2025 SGHC C‑1245). However, contractual provisions that limit access to de‑identified aggregates or patient‑approved extracts remain enforceable.

4.3 Compatibility with International Obligations

Singapore is a signatory to the ASEAN Framework on Personal Data Protection (2019) which encourages consent‑based processing and cross‑border data flow safeguards. The HIA’s consent requirement is therefore compatible with regional obligations and may serve as a model for ASEAN‑wide harmonisation.

5. Ethical Analysis
   5.1 Respect for Autonomy

Requiring notification and explicit consent recognises patients as active agents rather than passive data sources. This aligns with Beauchamp & Childress’s principle of autonomy and addresses power imbalances in the doctor‑patient-insurer triad.

5.2 Beneficence and Non‑Maleficence
Beneficence: By limiting data sharing to relevant information, clinicians can protect patients from unnecessary exposure to potential discrimination (e.g., pre‑existing conditions influencing premium rates).
Non‑maleficence: Unrestricted data sharing can lead to psychological harm (e.g., anxiety about how insurers use health data) and material harm (e.g., higher premiums or denial of coverage).
5.3 Justice

Data minimisation promotes fairness by preventing insurers from using unrelated health information (e.g., mental health history) to disadvantage certain groups. It also mitigates structural inequities where vulnerable populations might otherwise face higher insurance costs due to over‑collection of data.

6. Operational Implications
   6.1 Workflow for Health‑Care Providers
   Trigger Event – Insurer requests medical information (e.g., claim verification).
   Patient Notification – Provider generates a standardised notification letter (digital or paper) detailing: (a) data requested, (b) purpose, (c) legal basis, (d) retention period.
   Consent Capture – Patient signs an electronic consent form (e‑signature) within the hospital’s EMR system; the consent log is stored in a tamper‑evident ledger.
   Data Extraction – Provider extracts only the data elements necessary for the insurer’s purpose (e.g., diagnosis code, treatment dates).
   Report Generation – A clinical summary (not a raw case sheet) is compiled and transmitted via a secure Health Information Exchange (HIE) portal.
   Audit Trail – All steps are automatically logged; MOH’s compliance unit can audit on request.
   6.2 Technological Solutions
   Consent Management Platforms (CMPs): Integrate with EMR to present consent options in real‑time.
   Fine‑grained Access Control (FGAC): Role‑based policies that permit insurers to view only tagged data elements.
   Data‑Masking Engines: Automatically redact irrelevant fields (e.g., psychiatric history) before report generation.
   6.3 Insurer Adaptations
   Standardised Data Request Forms: Insurers must specify the exact data elements needed, referencing the HIA’s “necessary and relevant” test.
   Contract Revision: Audit clauses must be revised to reflect purpose‑limited access and should include a patient‑consent verification step.
   Risk‑Assessment Models: Shift from data‑heavy underwriting to predictive analytics using aggregate, de‑identified datasets to comply with data‑minimisation.
7. Empirical Evidence from Singapore (2025‑2026)
   Study Sample Key Finding
   MOH Circular Impact Survey (Jan 2026) 312 clinicians, 48 insurers 84 % of clinicians reported increased workload in preparing separate reports; 71 % of insurers acknowledged “initial implementation challenges” but anticipated long‑term efficiency gains.
   Patient Perception Poll (Feb 2026) 1,050 public respondents 92 % felt “more comfortable” disclosing health information when given a clear consent process; 68 % expressed “concern” that insurers might still obtain “too much” data.
   Compliance Audit (Oct 2026) Random sample of 15 hospitals No instances of unauthorised NEHR access for insurance purposes were detected; 3 hospitals flagged “minor documentation lapses” in consent logging.

These data suggest high public support for consent‑driven sharing and effective enforcement of the HIA’s prohibitions.

8. Discussion
   8.1 Balancing Competing Interests

The HIA’s consent requirement successfully balances patient autonomy with the legitimate needs of insurers by (i) limiting data to what is strictly necessary, (ii) ensuring transparency through notification, and (iii) embedding accountability via legal penalties. However, the operational burden on clinicians may be non‑trivial, particularly in busy outpatient settings.

8.2 Potential Unintended Consequences
Fragmentation of Data: Over‑segmentation may hinder clinicians’ ability to view a patient’s full health trajectory, potentially affecting care continuity.
Insurance Market Effects: Insurers may respond by tightening underwriting criteria or raising premiums if they perceive a reduction in data granularity.
8.3 Mitigation Strategies
Standardised Clinical Summaries: Development of a national template for insurer‑focused reports can reduce clinician workload.
Regulatory Safeguards: Periodic impact assessments by the Health Sciences Authority (HSA) to monitor effects on insurance pricing and health‑care delivery.

9. Recommendations

For Health‑Care Providers

Adopt an integrated Consent Management System linked to EMR.
Use the NEHR Data Tagging Framework to pre‑classify data as “insurer‑relevant” or “clinical‑only”.
Conduct annual training on HIA compliance and consent best practices.

For Insurers

Redesign underwriting algorithms to rely on de‑identified, aggregate datasets wherever feasible.
Revise all contractual audit clauses to incorporate patient‑consent triggers and data‑minimisation checks.
Participate in a multi‑stakeholder advisory board (MOH, SMA, LIA) to develop industry‑wide data request standards.

For Regulators

Issue technical guidelines on “necessary and relevant” data determination, with illustrative case studies.
Establish a digital oversight portal where patients can view all consent records and request revocation.
Conduct bi‑annual audits of NEHR access logs and publish anonymised compliance statistics.

10. Conclusion

Singapore’s Health Information Act represents a landmark legal framework that foregrounds patient consent in the sharing of health data with insurers. By mandating notification, explicit consent, and data‑minimisation, the Act safeguards patient autonomy, aligns with international privacy standards, and curbs the potential for discriminatory insurance practices. While implementation challenges—particularly for health‑care providers—are inevitable, a coordinated strategy involving technological solutions, standardised reporting, and robust regulatory oversight can ensure that the consent paradigm functions effectively without compromising clinical care or the sustainability of the insurance market.

References
Beauchamp, T. L., & Childress, J. F. (2019). Principles of Biomedical Ethics (8th ed.). Oxford University Press.
Kelley, M. (2021). “Digital Consent Dashboards: Improving Patient Understanding and Trust.” Journal of Medical Internet Research, 23(5), e25678.
Huang, Y., & Sato, K. (2022). “Data Over‑Collection in Insurance Underwriting: Risks and Remedies.” Risk Management and Insurance Review, 25(1), 33‑58.
European Data Protection Board (EDPB). (2023). Guidelines on the Processing of Personal Data for Insurance Purposes.
Ministry of Health, Singapore. (2026). Circular on the Health Information Act and NEHR Access (CIR‑2026‑01).
Singapore Medical Association (SMA). (2026). Statement on Contractual Audit Clauses and Patient Confidentiality.
Mohan v. Life Insurance Association of Singapore [2025] SGHC C‑1245 (High Court).
Health Sciences Authority (2026). Annual Compliance Report on NEHR Access.
ASEAN Secretariat. (2019). ASEAN Framework on Personal Data Protection.
Health Information Act, Singapore Statutes (2026).