National electronic health record system proposed for South Africa

During his State of the Nation Address on Thursday evening, President Cyril Ramphosa reiterated the government’s plan to develop an electronic health record system.

Ramphosa said this would form part of the preparation for the National Health Insurance (NHI).

“This year, we will proceed with the preparatory work for establishing the National Health Insurance,” Ramaphosa said.

“This includes developing the first phase of a single electronic health record system, the preparatory work to establish the ministerial advisory committees on health technologies and healthcare benefits, and the accreditation framework for health service providers.”

While the President did not elaborate on what an electronic health record system would entail, he did emphasise South Africa’s goal of modernising its health system.

“Our most immediate priority is to strengthen the health system and improve the quality of care. A vital part of this is the modernisation, improvement and maintenance of existing health facilities,” he continued.

Electronic health records systems, or EHRs, are a comprehensive digital compilation of a patient’s health data, including medications, X-rays, laboratory results, and clinical notes.

This allows a patient’s health data to be accessed electronically from a central database, allowing medical professionals to view records remotely.

A centralised database of all South Africans’ healthcare information will be largely beneficial. However, given recent cyber attacks on government departments, it also carries substantial risk.

In June last year, the National Health Laboratory Service (NHLS) had to shut down its IT systems following a data breach.

This forced the company’s emails, website, and system for retrieving and storing patients’ lab test results offline.

It soon emerged that ransomware gang BlackSuit was behind the attack. The group claimed it had exfiltrated 1.2 terabytes of data from the government agency, including third-party, client, and patient information.

NHLS chief executive officer Prof Koleka Mlisana said there was no evidence that patient data had been erased, saying their entire IT environment was shut down to prevent further damage.

Mlisana said the NHLS organisation did not communicate with the attackers after they left a message identifying themselves.

Ransomware gangs often leave notes after a breach with a method to contact them to negotiate a price for a decryption key to recover your data, and so they won’t leak or sell the data they stole.