Patient Confidentiality in Singapore

By , Founding Editor

Last verified:

Source: Medical Registration Act (Cap. 174); SMC Ethical Code and Ethical Guidelines; Personal Data Protection Act 2012 (PDPA)

Reviewed by the Commoner Law Editorial Team. Sourced from Singapore Acts of Parliament, subsidiary legislation, and official government guidance. Written in plain language for general understanding — this is educational content, not legal advice. Our editorial standards

Singapore National Law

What is this right?

Your medical information is confidential and cannot be disclosed without your consent, subject to limited exceptions:

  • Doctor-patient confidentiality: The SMC Ethical Code requires doctors to keep patient information confidential. Breach is a disciplinary offence.
  • PDPA: Healthcare organisations are bound by the PDPA — they must obtain consent to collect, use, or disclose your personal health data.
  • National Electronic Health Record (NEHR): Your medical records may be shared between healthcare institutions via the NEHR to improve care coordination — you can opt out of NEHR data sharing.
  • Exceptions: Disclosure without consent is permitted where required by law (e.g., notifiable diseases under the Infectious Diseases Act), by court order, or where there is a serious and imminent threat to life.

When does it apply?

  • You have received medical treatment and are concerned about who has access to your health information.
  • An insurer, employer, or third party is requesting your medical records.

What to Do If Your Medical Information Has Been Shared Without Your Consent in Singapore

  • Ask what data is being collected and for what purpose — the healthcare provider must inform you.
  • If you want to opt out of NEHR sharing, submit a request at healthhub.sg or an NEHR-participating institution.
  • If your data has been improperly disclosed, file a complaint with the PDPC and/or the SMC.
  • Do not sign blanket consent forms allowing unlimited sharing — be specific about what you authorise.

What should you NOT do?

  • Don't assume your employer has the right to your medical records — they generally do not, unless you consent or it is required by law (e.g., fitness-for-duty assessments).
  • Don't post your own medical records publicly if they contain other people's data (e.g., a doctor's report mentioning family medical history).
  • Don't ignore data breaches — if notified of a breach by a healthcare provider, take steps to protect yourself (monitor for identity fraud, change passwords).

Common Questions

Can my Singapore employer see my medical records?

Generally no — your employer does not have the right to your medical records unless you consent or it is required by law, such as for a fitness-for-duty assessment. The SMC Ethical Code requires doctors to keep patient information confidential, and breach is a disciplinary offence. Healthcare organisations are also bound by the PDPA.

Can I opt out of the National Electronic Health Record in Singapore?

Yes. Your medical records may be shared between healthcare institutions via the NEHR to improve care coordination, but you can opt out of NEHR data sharing. Submit a request at healthhub.sg or at an NEHR-participating institution. Be specific about what you authorise, rather than signing blanket consent forms.

When can a Singapore doctor disclose my medical information without consent?

Disclosure without consent is permitted where required by law — for example, notifiable diseases under the Infectious Diseases Act — by court order, or where there is a serious and imminent threat to life. If your data has been improperly disclosed, file a complaint with the PDPC and/or the SMC.

When does it applypatient confidentiality?

You have received medical treatment and are concerned about who has access to your health information.An insurer, employer, or third party is requesting your medical records.

What should I do if a Singapore hospital or clinic disclosed my medical records to a third party without my permission?

Ask what data is being collected and for what purpose — the healthcare provider must inform you.If you want to opt out of NEHR sharing, submit a request at healthhub.sg or an NEHR-participating institution.If your data has been improperly disclosed, file a complaint with the PDPC and/or the SMC.Do not sign blanket consent forms allowing unlimited sharing — be specific about what you authorise.

What should you NOT dopatient confidentiality?

Don't assume your employer has the right to your medical records — they generally do not, unless you consent or it is required by law (e.g., fitness-for-duty assessments).Don't post your own medical records publicly if they contain other people's data (e.g., a doctor's report mentioning family medical history).Don't ignore data breaches — if notified of a breach by a healthcare provider, take steps to protect yourself (monitor for identity fraud, change passwords).

More in Healthcare Rights

MediSaveMediSave is a national medical savings scheme under the CPF system that helps Singapore citizens and PRs pay for healthc...Read more →MediShield LifeMediShield Life is Singapore's compulsory national health insurance scheme:Universal coverage: All Singapore citizens an...Read more →Informed ConsentEvery patient in Singapore has the right to informed consent before any medical procedure or treatment:Montgomery standa...Read more →

Related Topics

Family LawMaintenance of ParentsWorkers' RightsMaternity and Paternity Leave
← Browse all Healthcare Rights

Last verified:

You came here to know your rights — help someone else know theirs.

Support This Mission