laws.sg

Singapore legislation

Clause 22

of Health Information Bill

Clause 22

Obligations of users

(1)

A user must —

(a)

in addition to the conditions and restrictions mentioned in section 20(2)(e) (if applicable), comply with all requirements, conditions and restrictions relating to the access, collection, retention and disclosure of accessible health information that may be prescribed;

(b)

establish and implement appropriate policies and practices to ensure that the authorised individuals of the user access, collect, retain and disclose accessible health information in accordance with this Part; and

(c)

ensure that every authorised individual of the user complies with —

(i)

the requirements, conditions and restrictions mentioned in paragraph (a); and

(ii)

the policies and practices mentioned in paragraph (b).

(2)

Without limiting subsection (1)(a), the requirements, conditions and restrictions mentioned in that provision include the following:

(a)

requirements relating to the software (including any Application Programming Interface) that a user or a relevant HDI of a user is to use in or for any computer or computer system that interconnects with the national electronic records system;

(b)

any computer or computer system, or any website, that a user may use to access and collect accessible health information.

(3)

For the purposes of subsection (1)(a), different conditions or restrictions may be prescribed for different users or classes of users.

(4)

For the purposes of subsection (1)(b), the policies and practices mentioned in that provision must include policies and practices in respect of any prescribed matters relating to the access, collection, retention and disclosure of accessible health information.

(5)

A user and every authorised individual of a user must comply with every administrative instruction or technical requirement of a System Operator in relation to the access, collection and disclosure of accessible health information.

(6)

A user must notify a System Operator, within the prescribed time, and in the form and manner prescribed (if prescribed), of —

(a)

the cessation of any individual as an authorised individual of the user for any reason; or

(b)

any change in the designation or role in the user’s organisation of any authorised individual of the user.

(7)

A user who contravenes subsection (1) or (6) shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 2 years or to both.

Read in full context — Health Information Bill