Strict adherence to patient data privacy for EHR System

– MoH Minister says confidentiality, privacy built in

The upcoming Electronic Health Record (EHR) system will integrate vital health information, including patients’ medical histories, diagnoses, medications, treatments, and test results.
An EHR is a comprehensive collection of a patient’s health history within the healthcare system.
This comprehensive database will enable healthcare providers to make informed decisions regarding patient care, ultimately improving the overall healthcare experience for individuals utilising medical services throughout the country.
During a recent appearance on the Guyana Dialogue, Health Minister Dr Frank Anthony revealed that once successfully implemented, private medical facilities will have access to patient’s electronic health records once authorised by individuals.

“We would have every person in Guyana getting a unique identifier and so the records can be shared of course with confidentiality and privacy being built in. But once the patient gives access, the doctor or the professional would be able to see that record,” he explained.
The Ministry of Health has contracted the United Kingdom (UK)-based company RioMed Limited, at a cost of US$3.3 million, to design, supply, and install the electronic records system.
Phase one of the project will begin at the Georgetown Public Hospital Corporation (GPHC) and its satellite clinics. After successful implementation, the EHR system will extend to other health institutions across Guyana.

Legislation
The Government has already enacted the Data Protection Law, guaranteeing proper patient confidentiality.
Dr Anthony said that in a bid to prevent the leakage or exploitation of patients’ data, strict penalties will be given to persons who breach the outlined regulations.
“We passed legislation, and among the things that are in the legislation are some very severe penalties. So if someone leaks information from such a system they can be fined, and I think for [an] individual, [fines go] up to $20 million, and corporate fines start at a $100 million. So they’re really meant to deter people from such activities,” he noted.
In August 2023, the Data Protection (Amendment) Bill 2023 was passed in the National Assembly to protect the privacy of personal data. The Act contains stiff penalties for any breaches by data controllers, that is, the persons who determine the manner and purpose of which personal data is processed.
Additionally, it is a criminal offence for such officers to operate without being registered, or without nominating a representative, carrying a fine of $10 million- or two months’ imprisonment.
Like data controllers, data processors must also be registered and when necessary, appoint a representative established in Guyana. A data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
When he presented the bill for its final reading in Parliament, Attorney General (AG), Anil Nandlall, had noted that this piece of updated legislation had been long overdue, given the shift to e-governance and digitalisation.
The Data Protection Bill was created to regulate the collection, keeping, processing, use and dissemination of personal data. It sets a statutory framework, moving away from the current construct of the country’s legislation, which does not safeguard against rights to data protection.
Then, in 2024, the Government passed the Open Data Bill No. 13 of 2024, which required that public authorities maintain an electronic data registry containing all data assets created, collected, under the control or direction of, or maintained by that public authority.
Prime Minister Brigadier (Ret’d) Mark Phillips had explained that the Bill would complement the Data Protection Act and the Digital Identity Card Act, which were both passed the previous year.