Copyright © Ministry of Health Singapore. All Rights Reserved.
Integrated Health information Systems Pte. Ltd. (“IHiS”) respect your privacy and recognise the importance of data protection. This policy serves to share how we process your personal data in accordance with the Personal Data Protection Act (2012). To “process” means to collect, use, store, transfer, disclose, alter, correct, delete or destroy personal data.
https://www.healthhub.sg/. Each time you use our websites and mobile and web-based application, and any updates, upgrades, new versions, documentation and content and services provided by or through the websites and mobile and web-based application (collectively referred to as
1. Your / Another Person's Personal Data
your name, NRIC, passport or other identification number, telephone number(s), mailing address, email address, geo-location, device unique identifier and any other information relating to you which you have provided us;
your medical history and background, and income levels; and
your nationality, residency status, address, date of birth and race.
A reference to “Personal Data” also includes such data that may be provided by you on behalf of another person pursuant to Clause 2 below.
References to “includes,” “including,” “including but not limited to,” “including without limitation” and words or phrases of similar import shall be deemed to have the same meaning and the words “includes(s)” and “including” shall not be deemed to be terms of limitation but rather be deemed to be followed by the words “without limitation.”
In relation to personal data, “Processing” refers to the act of collecting, recording, holding or storing personal data and carrying out any operations or set of operations on the personal data.
2. Use and Collection of Personal Data
IHiS may use your personal data (a) for the purposes identified below or separately communicated to you (b) to fulfil legitimate business interests and/or contractual and legal obligations and (c) to comply with applicable laws, regulations and/or requirements from government agencies, regulatory bodies, statutory boards or other relevant bodies in Singapore.
Generally, IHiS may collect your Personal Data in the following ways:
when you submit forms, applications, requests or feedback to us;
when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
when you interact with our customer service officers, for example, via telephone calls, letters, face-to-face meetings, social media platforms and emails;
when you use our electronic services, mobile and web-based applications or interact with us via any of our websites or mobile or web-based applications or use the services on any of our websites or mobile or web-based applications which may utilise various technologies to collect data (which may include Personal Data) automatically either by us or by third parties on behalf of us;
when you respond to our requests for additional Personal Data;
when we receive your personal data from referral parties, government ministries or agencies, regulators, statutory boards, Public Healthcare Institutions, public agencies, your employer and other third parties;
when you attend or participate in our events or activities (e.g. public forums and events) and your voice and image data is captured on cameras, audio and video recordings;
when you respond to our initiatives;
from third parties, including social networks (such as Facebook, LinkedIn and YouTube), when you consent to such third parties disclosing information about you to us that those third parties have collected, whether by logging into through the social plug-ins on our websites or mobile or web-based applications or otherwise; and
when you submit your Personal Data to us for any other reason.
Examples of some of the technologies which may be used (either by us or by third parties on behalf of us) by or in our electronic services, websites and mobile and web-based applications to collect, use and/or disclose Personal Data include the following:
Click-stream data. A visit to one of our websites or use of our mobile or web-based applications results in data that is transmitted from your browser to our server being automatically collected and stored by us or by third parties on behalf of us. This data can include the following:
the visitor's IP address;
the date and time of the visit;
the referral URL (the site from which the visitor has come);
the pages visited and action taken on our website or mobile or web-based applications; and
information about the device, mobile carrier and browser used (browser type and version, operating system, etc).
Web beacons and tracking links. Web beacons (also known as pixel tags and clear GIFs) involve graphics that are not apparent to the user. Tracking links and/or similar technologies consist of a few lines of programming code and can be embedded in our emails, website or mobile or web-based applications. In conjunction with cookies, these are primarily used for statistical analysis purposes. This technology can also be used for tracking traffic patterns on websites, as well as finding out if an e-mail has been received and opened and to see if there has been any response;
Unique application numbers. Certain services include a unique application number. This number and information about your installation of the application (for example, the operating system type and application version number) may be sent to us when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates;
Local Storage. We may collect and store information (including Personal Data) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches. Such information may include your self-added medication list and medication reminders;
If you provide us with any Personal Data relating to a third party (including, for example, information of your spouse, children, parents, caregiver), by submitting such information to us, you represent to us that:
you are authorised to act on his/her behalf;
you have obtained the consent of the third party to provide us with their Personal Data for the respective purpose;
you agree to fully indemnify us in respect of any regulatory penalties, claims or proceedings by third parties and any proceedings, investigations, orders, directions, judgements issued by a court, statutory body or regulatory authority, in connection with the provision of his/her Personal Data.
You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the products and services you have requested or process your application.
3. Purposes for the Collection, Use and Disclosure of Your Personal Data
Generally, IHiS may collect, use and/or disclose your Personal Data for the following purposes:
setting up your account with us and managing your use and access of HealthHub;
facilitating your use of our online and mobile services such as the healthcare management programmes and/or the transactional e-services like e-appointments and e-payments;
integrating onto healthcare computer systems and applications operated or managed by the Public Healthcare Institutions in order to provide you with the healthcare services (including medical, dental, health-screening and immunisation services) and any programmes related to promotion of good health, healthy lifestyles and prevention and detection of diseases. The institutions include but are not limited to the National Electronic Health Record system managed by the Ministry of Health, the SingHealth Online Appointment System and National Healthcare Group Polyclinics Online Appointment System or any healthcare institutions under the Ministry of Health.
managing your relationship with us by personalising our services and recommending content related to your health and our services and informing you about service upgrades and updates;
carrying out security and safety measures and services such as performing network or service enhancement and protecting our platforms from unauthorised access or use;
carrying out market-related, evaluation or similar research and analysis for our operational strategy and policy planning purposes, including providing data to authorised external parties for any purposes to review, develop and improve the quality of healthcare products and services.
verifying your identity and such other information provided by you, including but not limited to the relationship between yourself and a third party dependent or the relationship between yourself and a third party caregiver;
managing the administrative and business operations more effectively such as to attend your queries, feedback, complaints and to comply with our internal record keepings for meeting any applicable laws and regulations;
facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales);
carrying due diligence in accordance with legal and regulatory obligations or our risk management procedures and policies such as conducting audits to prevent, detect and investigate crime or offences or uncover non-conforming process.
monitoring or recording phone calls and customer-facing interactions for quality assurance, and identity verification purposes;
in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
complying with any request or direction of any government authority or public agencies, ministries, statutory boards or similar authorities or non-governmental agencies authorized to carry out specific Government services and duties; and
any other purpose reasonably related to the aforesaid.
To conduct our operations more smoothly, we may disclose the personal data you have provided to us to our third-party services providers, agents and/or affiliates or related corporations (“External Parties”) for such External Parties to process your personal data based on your requested services for one or more of the above stated reasons or purposes. An External Party may be sited in locally or outside Singapore.
If we need to use your Personal Data for any other purposes, we will notify you and obtain your consent beforehand in accordance with the requirements of applicable data protection laws.
4. Accuracy of Personal Data
We will take reasonable steps to make sure the personal data we collect, use or disclose is accurate, complete and up to date. To enable us to ensure the quality and accuracy of personal data, you are obliged to provide relevant and accurate information to us.
5. Protection and Retention
We will take reasonable steps to protect the personal data we hold from misuse and loss and from unauthorised access, modification or disclosure.
We will take reasonable steps to destroy or permanently de-identify personal data if it is no longer needed for any purpose. Destruction of personal data will be carried out in accordance with IHiS’s prevailing policies and procedures, contractual agreements and Government’s Healthcare Instruction Manuals.
6. Transfer of Personal Data
Generally, we do not transfer personal data out of Singapore except under collaboration with External Parties or our approved third-party services for application services. Should we do so, we ensure there is data protection of a standard that is at least comparable to that under PDPA.
7. Third Party Sites
This site may contain links to sites whose data protection and privacy practices may differ from ours. We are not responsible for the content and privacy practices of these other websites and encourage you to consult the privacy notices of these other websites.
8. Contacting Us – Feedback, Withdrawal of Consent, Access and Correction of your Personal Data
You are entitled to withdraw your consent for the collection, use and disclosure of your personal data at any time. However, depending on the nature of the withdrawal, it may become impossible for IHiS to provide services such as processing or providing services offered by HealthHub. IHiS may also not be in a position to administer any contractual relationship in place, which in turn may also result in the termination of any agreements with IHiS, and your being in breach of your contractual obligations or undertakings. IHiS’ legal rights and remedies in such event are expressly reserved.
would like to obtain access and make corrections to your Personal Data records, you can contact our Data Protection Officer by email at
9. Governing Law