A senior Indian-origin patient service associate at Singapore's National University Hospital (NUH) was fined SGD 3,800 after she pleaded guilty to one count of misusing a computer system by accessing records of a patient.
Pubaneswary Poobalan, 39, accessed the hospital's SAP system - a platform that enables healthcare institutions to perform day-to-day business processes such as maintaining patients' records, appointment scheduling and billing, The Straits Times reported on Monday.
The system also contains records of patients' personal identification information, medical appointments and billing information. However, it does not contain patients' medical histories or records.
Court documents stated that Mr Pubaneswary, a Singaporean who is no longer working for NUH, had received several anonymous letters at her home between June and August 2023.
The letters mentioned a certain man, who was referred to as "the witness" in court documents. Details about his identity and how he was linked to her cannot be disclosed due to a gag order.
Mr Pubaneswary then assumed that a certain woman, referred to as "the victim", was the one who had sent the letters.
This was because the woman, who also cannot be named due to a gag order, knew people in the healthcare industry who could help her obtain Mr Pubaneswary's home address.
In October 2023, Mr Pubaneswary spoke to the witness who rejected her assumptions as he did not believe the victim had the offender's home address.
An argument then broke out between Mr Pubaneswary and the man.
Performing night duty at NUH on Oct 23, 2023, Mr Pubaneswary accessed the SAP system. Deputy Public Prosecutor Samuel Chew said that as a senior patient service associate, she was allowed to access the system to manage patients' appointments and billings.
However, she was not supposed to access the records of patients that did not fall within her purview.
Despite this, she searched for the victim's records by keying in the latter's first name and date of birth. The search led to a total of four results, one of which was related to the victim.
DPP Chew told the court, "The accused then accessed the victim's records, and video-recorded the victim's NRIC number, full name, date of birth, address and contact numbers.
"The accused... video-recorded her entire act, as she wanted to prove to the witness that the victim had the capability of obtaining her home address." Following an online complaint from the victim on May 14, 2024, NUH conducted an internal investigation and Mr Pubaneswary admitted that she had accessed the victim's records on the SAP system without authority.
The hospital said it had taken immediate action to file a police report and notify the Ministry of Health.
An NUH spokesperson added, "We have taken immediate steps to request that the involved parties delete the relevant data in their possession. We deeply regret this incident." "Protecting and upholding the confidentiality of patient information is paramount to us, and we do not tolerate the violation of this trust," the Singapore daily quoted the spokesperson as saying.
The spokesperson also assured that the hospital will continue to take proactive measures to safeguard patient data and educate its staff on the critical importance of data protection
(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)
