Synapxe

Synapxe Pte Ltd, formerly known as Integrated Health Information System (IHiS), is a wholly-owned subsidiary of MOH Holdings Pte Ltd, the holding company through which the Singapore Ministry of Health owns corporatised institutions in the public healthcare sector.

History
IHiS was founded in 2008 by the Ministry of Health, Singapore.

During the COVID-19 pandemic in Singapore, IHiS developed several healthtech projects including, the Command, Control, and Communications (C3) System, which was co-developed with Tan Tock Seng Hospital. Some other projects such as the GPConnect system were transferred to IHiS following the merger of Information Systems Division (ISD) of MOH Holdings and IHiS in November 2016.

In January 2021, GPConnect was adopted and deployed as the national EMR system for Singapore's COVID-19 vaccination operations (VacOps). As well the VacOps program which was established to support Singapore's vaccination operations VacOps, with an aim to deploy various HealthTech solutions to multiple vaccination centers, public health preparedness clinics and polyclinics. IHiS also tech-enabled mobile vaccination teams to visit community care facilities such as nursing homes and residential facilities.

In 2023, it is reported that IHiS will move out of its current premises to Elementum, located at Biopolis, One-north, Singapore.

On 27 July 2023, IHiS was renamed as Synapxe.

National Electronic Health Record
The National Electronic Health Record (NEHR) is a system that collects and organizes patient health care records and is managed by IHiS.

Outpatient Pharmacy Automation System
The Outpatient Pharmacy Automation System (OPAS) is a system that automate pharmacy processes of sorting, packing and dispensing a variety of drugs including blister packs, boxes and loose tablets into one complete system.

HealthHub
In 2015, IHiS established the HealthHub, a web portal and mobile application for national health information and services. It allows Singaporeans to view evidence-based health and wellness information, access health records, and perform transactions across public healthcare clusters such as appointments, bill payments and refilling of medication.

2018 data breach
Personal particulars of 1.5 million SingHealth patients and records of medicines dispensed to outpatients, affecting a total of 160,000 such patients, were stolen in a cyberattack occurring between 27 June and 4 July 2018. Information relating to the names, National Registration Identity Card numbers, addresses, dates of birth, and race and gender of patients who visited specialist outpatient clinics and polyclinics between 1 May 2015 and 4 July 2018 was maliciously accessed and copied. Information relating to patient diagnosis, test results and doctors' notes were unaffected. Information on Prime Minister Lee Hsien Loong was specifically targeted.

In response, IHiS had strengthened public health systems against data breaches. 19 measures were put in place, including two-factor authentication for all administrators, proactive threat hunting and intelligence, allowing only computers with latest security updates on hospital networks, and a new database activity monitoring.

A Committee of Inquiry was convened for the SingHealth breach and subsequently released a report. After the release of the report, IHiS dismissed two employees and demoted one for being negligent in handling and misunderstanding the attack respectively, with financial penalties imposed on two middle management supervisors, and five members of the senior management including CEO Bruce Liang. Three employees were commended by IHiS for handling the incident diligently even when not part of their job scope. IHiS has since fast-tracked a suite of 18 measures for enhancing cybersecurity. The Personal Data Protection Commission fined IHiS $750,000 and SingHealth $250,000 for not doing enough to safeguard personal data under the Personal Data Protection Act, making it the largest fine imposed for data breaches.

Subsequently, on 6 March 2019, cybersecurity company Symantec identified a state-sponsored group, known as Whitefly, behind the cyberattack. Although the country is not identified, that group has been found to be behind several related cyberattacks against Singapore-based entities since 2017.