Singapore:
The SGD 3,800 was fined after being convicted for a count of a patient’s record of a patient’s record of a patient’s record of misuse of a computer system at the National University Hospital (NUH), Singapore.
Pubaneswary Poobalan, 39, reached the SAP system of the hospital-a platform that enables healthcare institutions to perform day-to-day business processes such as maintaining patients’ records, appointment scheduling and billing, Straits Times on Monday.
The system also includes personal identity information, medical appointments and records of billing information in the system. However, it does not include medical history or records of patients.
The court documents stated that Mr. Pubnesswari, a Singapore, who is no longer working for NUH, received several anonymous letters at his home between June and August 2023.
The letters mentioned a certain person, referred to as a “witness” in court documents. Details about their identity and how they were added cannot be caused by a gag order.
Mr. Pubaneswary then admitted that a certain woman, called “victim”, was the one who sent letters.
This was because the woman, who could not be nominated due to a gag order, knew people in the healthcare industry, which could help her to achieve the address of Sri Pabmanavari’s house.
In October 2023, Mr. Pubaneswary spoke to the witness, who dismissed his perceptions because he did not believe that the victim had the culprit’s house.
An argument then broke between Mr. Pubnesswari and the man.
On October 23, 2023, Mr. Pubensavari, while demonstrating night duty at NUH, accessed the SAP system. Deputy Public Prosecutor Samuel Chev said that as a senior patient service associate, he was allowed to reach the system to manage patients’ appointments and billing.
However, she was not going to reach the records of patients who did not fall under her scope.
Despite this, he discovered the records of the victim by doing the first name and date of birth. Search gave rise to a total of four results, one of which belonged to the victim.
DPP Chev told the court, “The accused accessed the victim’s record, and video-recorded, the victim’s NRIC number, full name, date, date, address and contact number.
“The accused … the video-record recorded his entire work, as she wanted to prove the witness that the victim had the ability to get her home address.” After an online complaint from the victim on May 14, 2024, NUH conducted an internal investigation and Mr. Pubaneswary admitted that he had access the victim’s record on the SAP system without authority.
The hospital said that it had taken immediate action to file police reports and inform the Ministry of Health.
A NUH spokesperson said, “We have taken immediate steps to request that the parties involved remove the related data in their possession. We regret this incident deeply.” Singapore quoted the daily spokesperson as saying, “It is paramount for us to protect and maintain the confidentiality of the patient’s information, and we do not tolerate the violation of this trust.”
The spokesperson also assured that the hospital will continue to take active measures to protect the patient data and educate its employees on the important importance of data protection.
(Except for the headline, the story has not been edited by NDTV employees and is published by a syndicated feed.)