Cross-border Data Transfer

How should the cross-border transfer of personal information collected and processed in the course of telehealth services be carried out to ensure compliance with applicable privacy laws?

If the telehealth data constitutes personal data, this would be governed under the PDPA. The PDPA and its subsidiary legislation provides that an organisation may only transfer personal data overseas if it has taken appropriate steps to ensure that:

  1. it will comply with the PDPA obligations in respect of the transferred personal data while it remains in its possession or under its control; and
  2. the recipient outside of Singapore is bound by legally enforceable obligations to provide to the personal data transferred a standard of protection that is comparable to the standard under the PDPA. In this regard, legally enforceable obligations would include obligations imposed on a recipient pursuant to:
    1. any law;
    2. any contract that requires a recipient to: (A) provide a standard of protection to the personal data transferred that is at least comparable to the protection under the PDPA; and (B) specifying the countries and territories to which the personal data may be transferred under the contract;
    3. under binding corporate rules; or
    4. any other legally binding instrument.

A telehealth service provider will, however, be taken to have satisfied the requirement of ensuring that the recipient outside of Singapore is bound by legally enforceable obligations if the individual whose personal data is being transferred consents to the transfer of the personal data to the recipient in that country or territory, subject to such consent satisfying certain prescribed conditions.

Last modified 18 May 2023

Singapore

Singapore

Is the use of telehealth permitted?

Yes, subject to certain restrictions as set out below.

Last modified 18 May 2023

Singapore

Singapore

How is telehealth regulated?

There is currently no over-arching legislation governing telehealth in Singapore, although we highlight that the telemedicine sector is intended to be regulated by the Healthcare Services Act 2020 ("HCSA"). While parts of the HCSA have taken effect from 3 January 2022, the legislation and provisions relating to telehealth are expected to be rolled out over the course of 2023 which will bring telehealth and telemedicine services under the licensing regime applicable to traditional medical services providers. The public consultation for the telehealth provisions recently concluded in end 2022 and it is expected that the relevant phases of legislation and provisions will be introduced from end June 2023 onwards.

The proposed new regime intends to regulate the provision of medical service via the ‘remote’ method of service delivery. This refers to the provision of a medical service via technological means (including but not limited to telephone, internet-based video, email, and/or similar electronic-based communications) and where the service provider and the patient are not physically in the same location. It however excludes (a) companies that only operate telemedicine platforms or provides software as a service, but do not otherwise provide medical services or direct patient care, such as third-party telemedicine applications; (b) tele-support services, such as mobile applications that provides educational information to patients on diseases and medication; or (c) tele-collaboration services, such as online platforms that facilitate information sharing among doctors for peer consultation purposes.

While the finalised language of the legislation amendments have not yet been published, under the proposed regime, among others:

  • telemedicine service providers will need to be specifically licensed before such services can be offered;
  • licensees will have to appoint a clinical governance officer to provide clinical governance and technical oversight. The clinical governance officer must be a registered medical practitioner with the Singapore Medical Council under the Medical Registration Act 1997 of Singapore and hold a valid practising certificate with the appropriate number of years of experience. Such officer must also complete the prescribed telemedicine e-training;
  • licensees will have to establish and implement guidelines to assist medical practitioners in determining whether a particular medical condition may be managed remotely. Such guidelines must take into consideration: (i) the patient’s medical condition and medical history; (ii) the patient’s ability to use the teleconsultation function effectively (for example based on their technological literacy); and (iii) the medical practitioner’s training and scope of practice;
  • licensees will have to ensure that the patient or caregiver is provided with alternative arrangements for such patient to receive medical care if the medical practitioner deems that the patient’s condition cannot be remotely managed in a proper, effective and safe manner. For example, the patient requires a physical examination or when ancillary services need to be provided;
  • real-time two-way interactive audio-visual communications should be used as the primary means of remote medical service delivery when medical service is provided remotely;
  • real-time, two-way interactive audio-visual communications must be used whenteleconsulting is carried out with new patients using the licensee’s medical service for the first time and there are no earlier patient records and medical history with the relevant licensee;
  • medical practitioners providing medical service remotely should complete the prescribed telemedicine e-training; and
  • doctors providing remote medical services will need to abide by good professional practices and conduct defined under the Singapore Medical Council (SMC)’s Ethical Code and Ethical Guidelines (ECEG).

For completeness, telehealth in Singapore is currently regulated through various codes, guidelines and regulations, including the following:

  • National Telemedicine Guidelines;
  • Singapore Medical Council’s Ethical Code and Ethical Guidelines and Handbook on Medical Ethics;
  • Regulatory Guidelines for Telehealth Products by the Singapore Health Sciences Authority (Medical Devices Branch);
  • Health Products (Licensing of Retail Pharmacies) Regulations and Telepharmacy Guidelines; and
  • Singapore Dental Council’s Ethical Code and Ethical Guidelines.

These generally regulate the telehealth products (including software and mobile applications), and medical professionals providing such telehealth services.

Last modified 18 May 2023

Singapore

Singapore

Are there specific fields of healthcare in relation to which telehealth services are currently available, and do they involve the use of proprietary technology or platforms?

While there are generally no limits in terms of the types of healthcare services which can be provided by way of telehealth in Singapore, doctors are required to adhere to the applicable guidelines and regulations in providing such services. Generally, the diagnosis, prescription of medicine and issuance of medical certificates via telemedicine (i.e. without a physical medical consultation) would be subject to the professional judgement of the relevant doctor and the specific facts and circumstances of each presenting case. Specific telemedicine applications may also have recommendations on the type of healthcare services or ailments that telemedicine under the application should be used for. In particular, the scope of ‘medical services’ which can be provided remotely under the proposed new regime under the HCSA remains broad. ‘Medical services’ under the proposed new regime is proposed to mean:

  1. (i) a service that is provided, or an act that is done, by a medical practitioner in the course of his or her practice as a medical practitioner; and (ii) any ancillary service;
  2. prescribed specified service; but
  3. excludes (i) the provision of accommodation to any patient for a period exceeding 12 hours; (ii) the administration of general anaesthesia; and (iii) the conduct of any surgical procedure other than minor surgical procedure.

For completeness, telehealth in Singapore is provided to the public by way of both telemedicine applications, as well as videoconferencing and teleconferencing applications. In particular, we highlight that the Infocomm Media Development Authority, Enterprise Singapore and the Ministry of Health ("MOH") had announced in May 2020 ("Announcement"), an expansion of pre-approved teleconsultation (video) solutions to help Small and Medium-sized Enterprises ("SMEs") in, inter alia, the healthcare sector, to manage the impact of the COVID-19 pandemic.

It was also stated in the Announcement that video was the preferred mode of telemedicine, and it allows doctors to assess key visual cues and have a more natural consultation with patients.

Last modified 18 May 2023

Singapore

Singapore

Does the public health system include telehealth services, and if so, are such services free of charge, subsidised or reimbursed? Where the public health system does not include telehealth services, are such services covered by private health insurance?

Yes, the Smart Health Video Consultation ("SHVC") system, which leverages video conferencing technology to allow patients to remotely consult their care team online, has been implemented at most hospitals in Singapore, including the Singapore General Hospital, Tan Tock Seng Hospital and the National University Hospital. This platform will also be available at Ng Teng Fong General Hospital, Singapore National Eye Centre, National Neuroscience Institute and the National Healthcare Group Polyclinics soon. The SHVC system was implemented by the Integrated Health Information Systems ("IHiS"), the technology agency for Singapore healthcare.

Generally, regular consultation charges should apply unless otherwise stated. We also note that certain subsidies are only available for in-person consultations. However, we highlight that from 3 April 2020, patients who qualify for the Community Health Assist Scheme ("CHAS") and MediSave payments can attend their regular follow-ups of seven chronic conditions through video consultation and use their CHAS subsidies and Medisave to pay for such consultations. This will apply to patients with diabetes, hypertension, lipid disorder, major depression, schizophrenia, bipolar disorder and anxiety, and is meant to support safe distancing due to the current COVID-19 pandemic. This will remain in force until the deactivation of the Public Health Preparedness Clinic scheme, or as otherwise determined by the MOH.

Last modified 18 May 2023

Singapore

Singapore

Do specific privacy and/or data protection laws apply to the provision of telehealth services?

Personal data is protected under the Personal Data Protection Act 2012 ("PDPA"). In particular, advisory guidelines for the healthcare sector have been provided for the healthcare sector. While these are not specifically in relation to the telehealth sector, telehealth providers should familiarise themselves with, and abide by this as well.

We would also highlight that telehealth service providers should, on top of the provisions as set out in the PDPA, ensure that tighter security arrangements are put in place to protect the personal data in its possession, especially where the personal data is more sensitive and confidential (such as patient’s medical records) and where the impact to an individual would be significantly more adverse if such personal data were inadvertently accessed.

Last modified 18 May 2023

Singapore

Singapore

How should the cross-border transfer of personal information collected and processed in the course of telehealth services be carried out to ensure compliance with applicable privacy laws?

If the telehealth data constitutes personal data, this would be governed under the PDPA. The PDPA and its subsidiary legislation provides that an organisation may only transfer personal data overseas if it has taken appropriate steps to ensure that:

  1. it will comply with the PDPA obligations in respect of the transferred personal data while it remains in its possession or under its control; and
  2. the recipient outside of Singapore is bound by legally enforceable obligations to provide to the personal data transferred a standard of protection that is comparable to the standard under the PDPA. In this regard, legally enforceable obligations would include obligations imposed on a recipient pursuant to:
    1. any law;
    2. any contract that requires a recipient to: (A) provide a standard of protection to the personal data transferred that is at least comparable to the protection under the PDPA; and (B) specifying the countries and territories to which the personal data may be transferred under the contract;
    3. under binding corporate rules; or
    4. any other legally binding instrument.

A telehealth service provider will, however, be taken to have satisfied the requirement of ensuring that the recipient outside of Singapore is bound by legally enforceable obligations if the individual whose personal data is being transferred consents to the transfer of the personal data to the recipient in that country or territory, subject to such consent satisfying certain prescribed conditions.

Last modified 18 May 2023

Singapore

Singapore

Are there any currently applicable codes of conduct on the use of telehealth systems and/or security of telehealth data in your jurisdiction?

Please refer to the guidelines set out in Regulation of Telehealth.

Last modified 18 May 2023

Singapore

Singapore

Are any specific laws, regulations, or self-regulatory instruments expected to be adopted in the near future?

Yes, as mentioned above, the telemedicine sector is due to be implemented in the course of 2023.

Last modified 18 May 2023

Singapore

Singapore

Katherine Chew

Katherine Chew

Partner

DLA Piper Singapore Pte. Ltd.

T: +65 6512 6046[email protected]
Ying Chern Tan

Senior Associate

DLA Piper Singapore Pte. Ltd.

T: +65 6512 9557[email protected]
Yam Jia De

Associate

DLA Piper Singapore Pte. Ltd.

T: +65 6512 9550[email protected]