Digital health apps and telemedicine in Singapore

Software within digital health apps may be classified as a “medical device”, “technology or equipment in telemedicine” and/or “telehealth products”. Please refer to the response to Question 1.1 below for further information.

Yes, software within digital health apps may fall under the definition of “medical devices” under the Health Products Act 2007  (“HPA”) and the Health Products (Medical Devices) Regulations 2010 (“Medical Devices Regulations”), if they are software that are “intended by its manufacturer to be used, whether alone or in combination, for humans for one or more of the specific purposes of:

• diagnosis, prevention, monitoring, treatment or alleviation of disease; 
• diagnosis, monitoring, treatment or alleviation of, or compensation for, an injury;
• investigation, replacement, modification or support of the anatomy or of a physiological process, for medical purposes; 
• supporting or sustaining life;
• control of conception;
• disinfection of medical devices; or
• providing information by means of in vitro examination of specimens derived from the human body, for medical or diagnostic purposes, 

and which does not achieve its primary intended action, in or on the human body by pharmacological, immunological or metabolic means, but which may be assisted in its intended function by such means”.

There may be “digital health apps” software that does not fall under the legal definition of “medical device” above, such as software used for wellness purposes (e.g., massagers or body toning equipment).

Key regulations in Singapore that apply to digital health apps that are considered medical devices include:

• HPA: This legislation deals with the manufacture, import, supply, presentation and advertisement, licensing, registration, and other duties of manufacturers, importers and wholesalers of “health products” which includes “medical devices” as defined above;
• Medical Devices Regulations: These regulations deal with the manufacture, import, supply requirements and exemptions for medical devices, presentation, advertisement and registration of medical devices, and various duties and obligations of manufacturers and importers of medical devices;
• National Telemedicine Guidelines (January 2015) (“National Telemedicine Guidelines”): These non-legally binding guidelines were issued by the Ministry of Health (“MOH”) as a guide setting out best practices in implementing telemedicine solutions. They govern the use of technology and equipment in telemedicine, which may include digital health apps, addressing procurement practices, safety, security, diagnostic quality, maintenance and reliability issues;
• Regulatory Guidelines for Telehealth Products (April 2019) (“Telehealth Products Guidelines”): These guidelines describe telehealth products, which may include digital health apps that are categorised as medical devices, and set out the risk classification and regulatory controls (such as product registration and dealer’s licence requirements) for telehealth medical devices and standalone mobile applications that are categorised as medical devices; and

There are other specific guidance documents published by the Health Sciences Authority (“HSA”) addressing medical device advertisements, sales promotion and product claims, as well as by the Pharmaceutical Society of Singapore (“PSS”) addressing telepharmacy.

There are no specific exclusions/exemptions applicable to liability within the HPA and Medical Devices Regulations arising from the usage of digital health apps that are considered medical devices under the HPA.

The limitation period under the Limitation Act 1959 of Singapore will generally apply, which is 6 years from when the cause of action accrued under contract or tort. There is also a prohibition on the exclusion or restriction of liability for death or personal injury resulting from negligence under the Unfair Contract Terms Act 1977 which will apply generally.

If a medical device user suffers personal injury or damage, an action can be brought under tort, in addition to a breach of contract (if there is privity of contract) and/or breach of statute (where applicable).

An action under the tort of negligence can be based on whether the medical supplier, importer, distributor, manufacturer or registrant of the digital health app that is considered a medical device breached their duty of care resulting in damage suffered by the user, such as failing to conduct quality assurance checks on the medical device resulting in a defect. The claimant will have to establish the general common law thresholds for negligence against the defendant, which may be a single actor in the chain of supply, or a combination, depending on the source of the damage.

The claimant can also bring a contractual claim if a contract between the relevant parties was breached. In addition, an action for a breach of implied term may be made under the Sale of Goods Act 1979 (e.g., if the medical device does not correspond with the description, sample provided, or is of unsatisfactory quality or unfit for purpose).

The Consumer Protection (Fair Trading) Act 2003 (“CPFTA”) applies generally to consumer transactions with a nexus to Singapore, namely (a) contracts between a supplier and consumer who is resident in Singapore or (b) where the offer or acceptance relating to the consumer transaction is made in or is sent from Singapore. Under the CPFTA, consumers who have entered into a consumer transaction involving an unfair practice may take legal action against suppliers. Unfair practices generally include suppliers making statements that result in consumers being deceived or misled, making false claims, taking advantage of consumers who are not able to protect their own interests, using small print to conceal facts from the consumer, and the imposition of excessively one-sided agreement terms. device does not correspond with the description, sample provided, or quality or fitness for purpose).

Yes, there are other legal regimes that may govern digital health apps, including the following:

Personal Data Protection

The Personal Data Protection Act 2012 (“PDPA”) and its subsidiary legislation and guidance will apply to any collection, use or disclosure of personal data. In particular, the Personal Data Protection Commission (“PDPC”) has specifically issued Advisory Guidelines for the Healthcare Sector (revised 20 September 2023), elaborating on data protection issues relating to healthcare, that may be applicable to digital health software.

Healthcare Professionals

Doctors are regulated under the Medical Registration Act 1997 (“MRA”) and the Medical Registration Regulations 2010 (“Medical Registration Regulations”), and are bound to observe the pronouncements on professional matters and professional ethics issued by the Singapore Medical Council (“SMC”), which primarily comprises the SMC Ethical Code and Ethical Guidelines (2016 edition) (“SMC ECEG”) and the accompanying SMC Handbook on Medical Ethics (2016 edition) (“SMC HME”) (collectively, the “SMC Ethics Guidelines”). The SMC Ethics Guidelines apply to the provision of medical services by medical practitioners, which may include the use of digital health software. For example, doctors must comply with the guidelines for specific consent and other measures to be taken if visual or audio recordings of patients are made using such software.

In addition to the SMC, a diverse group of healthcare professionals in Singapore (e.g., physiotherapists, radiation therapists, clinical psychologists, etc.) are governed by the Allied Health Professions Council (“AHPC”), a professional board under the MOH to regulate the professional conduct and ethics of registered allied health professionals. The Allied Health Professions Council Code of Professional Conduct (2013) contains general guidelines in provision of healthcare services, including obtaining informed consent from the patient in relation to the details of service or therapy provided.

Healthcare Providers

Healthcare providers must ensure that any digital health apps used to provide regulated services complies with the general rules on healthcare and telemedicine (if the digital health app is used in the context of telemedicine).

Under the Health Products (Licensing of Retail Pharmacies) Regulations 2016, a licence is required to provide telepharmacy services.

Next, under the Healthcare Services Act 2020 (“HCSA”), a licence is required to provide licensable healthcare services identified under the First Schedule of the HCSA. Licensable Healthcare Services include clinical support services (e.g., blood banking, human tissue banking, emergency ambulance, etc), inpatient services (e.g., nursing home, community hospital, etc) and outpatient services (dental, medical, etc).  Under the Healthcare Services (General) Regulations 2021, a licensee who provides a licensable health service (“LHS Licensee”) must ensure that (a) every equipment or device provided by the licensee is safe for the patient’s use (where services are remotely provided); (b) all medical appliances are (i) installed, used and/or operated in accordance with the manufacturer’s instructions and (ii) are checked regularly, maintained and repaired properly and according to the manufacturer’s specifications; and (c) any medical appliance which is not functioning properly or effectively is replaced in a timely manner.  An LHS Licensee is also subject to various licence conditions as provided under section 13 of the HSA, which includes the Licence Conditions on the retention periods of patient health records.  

The National Telemedicine Guidelines also set out requirements on the delivery of diagnostic quality images and audio for telemedicine services, reliability of medical and laboratory equipment, equipment calibration and other application-specific standards that will apply to telemedicine equipment in general.  The PSS has also released the Guidelines for Telepharmacy & Tele-Pharmaceutical Care Services (revised in 2024) which cover technology requirements for the delivery of telepharmacy services.

The PDPA applies to all organisations that collect, use and/or disclose the personal data of Singapore-based individuals, which includes residents within Singapore and Singapore residents outside of Singapore.  

The regulations under the SMC and AHPC govern all healthcare professionals in Singapore that are registered with the SMC and AHPC (as applicable), regardless of where the patients are using the digital health app from.  Similarly, healthcare providers based in Singapore are not mandated to set out exceptions for healthcare service recipients outside of Singapore.

The HSA applies to all licensable healthcare service providers in Singapore and is silent on whether the recipient who receives a licensable healthcare service must be using such services from Singapore.

The requirements under Q2 apply to both B2B and B2C arrangements. However, do note that the licensable healthcare services listed under the First Schedule of the HSA apply in relation to services provided (B2C) to patients / inpatients.

Under the PDPA, location tracking or any real-time information that relates to an individual will fall under the definition of personal data and will be subject to the data protection requirements under the PDPDA, which includes obtaining the individual’s consent and providing sufficient notice of how his or her personal data is collected, used and disclosed.

Medical or health data, such as sensitive medical conditions (e.g., sexually transmitted diseases, HIV, mental disorders or substance abuse) and health information provided under a health or life insurance policy constitute sensitive personal data under Singapore’s data protection laws.  Accordingly, organisations that collect, use, or disclose such sensitive personal data are expected to provide more robust and higher standards of protection to meet the protection requirement under the PDPA.

Under the SMC Ethics Guidelines, a doctor will need to ensure there are proper records of informed consent for each step of the medical service provided. For example, sufficient information about telemedicine must be given for patients to consent to it, and explicit consent for any visual or audio recording of patients is required. Requirements for informed consent also apply to other healthcare professionals, including those registered with the AHPC. The National Telemedicine Guidelines also highlight that the use of telemedicine or any medical act outside of the traditional healthcare setting (e.g., video or audio recording of sessions or the use of data for research or educational purposes) should be made only with the explicit consent from the patient for each step.

The standard of care or liability of a physician is not limited or transferred to the producer of a digital health app or software.  A healthcare provider’s or healthcare professional’s duties and responsibilities remain regardless of whether digital health apps are used in the provision of healthcare services.

Within the context of telemedicine, the National Telemedicine Guidelines specify that the healthcare provider must be satisfied that the patient is suitable for a telemedicine interaction and that the standard of care delivered via telemedicine is reasonable considering the specific context. The healthcare professional should be trained in the use of technology and equipment, and if the technical and environmental limitations affect the quality of a telemedicine consultation such that minimum standards cannot be met, an in-person session must be arranged.

Breaches of the requirements under the PDPA may result in the PDPC potentially issuing or imposing a:  (a) warning; (b) direction; (c) financial penalty (up to S$1 million or 10% of the organisation’s annual turnover in Singapore, whichever is higher); or (d) any combination thereof.  Additionally, a person who suffers loss or damages directly because of a contravention by an organisation of the PDPA provisions (including section 18 of the PDPA) may initiate civil proceedings.

Breaches of the requirements under the HPA and HCSA may result in a criminal offence, and upon conviction, a fine and/or imprisonment may be imposed.

HSA is the regulator that oversees any breach of the HPA. HSA has the powers to suspend or revoke any licences or approvals granted under the HPA and inspect and search premises without a warrant. Any person found to obstruct or hinder any enforcement officer acting on the direction of HSA may be found guilty of a criminal offence, and subject to a fine or imprisonment. The HPA also provides for an enhanced penalty for corporations, including a fine of up to 2 times the maximum prescribed amount for the relevant offence under the HPA.

The Director-General is responsible for administration of the HCSA.  A person who provides a licensable healthcare service without a license or contravenes the relevant provisions under the Healthcare Services (General) Regulations 2021 may be subject to a fine and/or imprisonment.

The government has proposed a Health Information Bill (“HIB”) which established the framework governing the collection, access, use and sharing of health information across Singapore’s healthcare systems.  This would include any health information that is processed using digital health apps and/or software. Public feedback has been collected regarding the HIB, and it is expected to be tabled in Parliament this year.

The SMC, a statutory board under the MOH, is responsible for the regulation of the conduct of medical practitioners in Singapore.

The key laws / guidelines that apply to telemedicine includes: 

1. National Telemedicine Guidelines: See our response to Q1(a) above;
2. SMC Ethics Guidelines: Registered doctors in Singapore, pursuant to the Medical Registration Regulations, must observe the pronouncements on professional matters and professional ethics issued by the SMC, which comprise primarily the SMC Ethics Guidelines (which also address telemedicine specifically) or they may face disciplinary proceedings by the SMC;
3. Regulatory Guideline for Telehealth Products: See our response to Q1(a) above;
4. Other specific regulations or circulars may apply to certain types of healthcare providers (e.g., the Health Products (Licensing of Retail Pharmacies) Regulations 2016 requires retail pharmacies in Singapore to obtain the requisite approval from the HSA if they wish to provide telepharmacy services, and MOH Circular No. 87/2024 which applies to licensees under the HCSA who provide telemedicine services); and
5. Tort of negligence: The failure to exercise an accepted standard of care in the medical context is actionable under the tort of negligence. A claimant must establish the elements of duty of care, breach of duty, causation and unremote damage. In Singapore, there are now two differing standards of care applicable to medical negligence cases, namely one for diagnosis and treatment, and another for medical advice.

Yes.

The SMC Ethics Guidelines state several requirements, including the need for doctors to be properly trained in managing patients through telemedicine and the overall requirement for doctors providing telemedicine services to provide the same quality and standard of care as conventional in-person medical care. Further, the National Telemedicine Guidelines state that healthcare professionals intending to provide telemedicine services from or within Singapore must be registered and licensed with the respective regulatory and licensing body. Healthcare professionals must be satisfied that the patient is suitable for a telemedicine interaction and that the standard of care delivered via telemedicine is reasonable considering the specific context.

MOH Circular No. 87/2024, which applies to licensees under the HCSA who provide telemedicine services, stipulates key requirements regarding the provision of such services. These include (a) establishing, implementing and reviewing its guidelines on the appropriate circumstances to remotely provide out-patient medical services and the types of suitable patients for such services; (b) the parameters and conditions for holding teleconsultations; and (c) having in place proper patient follow-up guidelines or protocols.

The general standards of care applicable to healthcare providers do not change in the context of using telemedicine. The National Telemedicine Guidelines issued by the MOH indicate that the overall standard of care in the context of telemedicine services must not be less than what is provided in conventional services. 

Similar to our response to Q4 above, the SMC Ethics Guidelines state that doctors must provide their patients with sufficient information about telemedicine prior to obtaining consent and ensure that the patients understand any limitations of telemedicine that may affect the quality of their care in relation to their specific circumstances. Moreover, the National Telemedicine Guidelines encourage healthcare providers to share relevant information with the patient and caregiver, as appropriate, before beginning any telemedicine interaction.

Further, under MOH Circular No. 87/2024, before proceeding with teleconsultations, the medical practitioner must inform the patient of the limitations of teleconsultation regarding the patient’s current issue (where applicable) and obtain the patient’s consent to proceed.

Similar to our response to Q5 above, the National Telemedicine Guidelines state that, to ensure that the standard of care is maintained in telemedicine, healthcare providers must be satisfied that the patient is suitable for a telemedicine interaction and that the standard of care delivered via telemedicine is reasonable considering the specific context. If healthcare providers do not take into account such considerations, the use of telemedicine may increase the risk of liability. Where an in-person session is deemed necessary, the doctor should arrange such session so as to provide the appropriate standard of care required, or if that is not possible, a qualified opinion ought to be given pending the availability of more information. 

Yes.  MOH Circular No. 87/2024 states that HCSA licensees should not prescribe certain types of medication via telemedicine.  Such medication includes (a) controlled drugs or medications with addictive potential (such as codeine-containing products, opioids, hypnotics or benzodiazepines); (b) medications which may have more drug-drug interactions (such as PDE-5 inhibitors for treatment of erectile dysfunction); or (c) medications requiring the patients to be first taught to be proficient in its use (such as bronchodilators in asthma or insulin or GLP-1 injections).

Yes, there are some subsidies in Singapore for patients as well as small and medium-sized healthcare providers in relation to telemedicine services.

Patients may tap on Community Health Assistance Scheme subsidies and MediSave (a national medical savings scheme) when utilising remote consultations for the regular follow-ups of all chronic conditions listed under the Chronic Disease Management Programme (“CDMP”). This initiative was introduced for certain conditions as a time-limited approach to support safe distancing measures during the height of the Covid-19 pandemic and has since been expanded. This scheme will subsist until the Public Health Preparedness Clinic scheme is decommissioned or the MOH directs otherwise.

 The government has also committed to supporting the development of health technology, which includes telemedicine.  For example, the Infocomm Media Development Authority and Enterprise Singapore expanded the range of pre-approved teleconsultation digital solutions (to include three teleconsultation solutions) in May 2020 and announced grants and subsidies to encourage small and medium-sized healthcare providers to adopt these solutions.

As set out in Q2 above, there are no specific data protection regulations covering telemedicine in Singapore. However, under the Healthcare Services (General) Regulations 2021, telemedicine providers (and other healthcare providers) are obliged to maintain the confidentiality, integrity and security of every patient health record kept.  In addition, healthcare and telemedicine providers should ensure that the collection, use and disclosure of patients’ personal data are in compliance with the PDPA and other relevant guidelines and regulations, including the PDPC’s Advisory Guidelines for the Healthcare Sector.

Telemedicine providers (and other healthcare providers) are also encouraged to comply with the Cyber and Data Security Guidelines for Healthcare Providers, which provide guidance on the measures to be put in place for the proper storage, access, use, and sharing of health information.  The recommendations under these Guidelines will be imposed as binding regulatory requirements under the HIB per its enactment (see response to Question 7 for further information on the HIB).    

It is unclear whether the proposed HIB will contain provisions relating to telemedicine (see response to Question 7 for further information on the HIB).  As of February 2025, there are no future legal developments regarding telemedicine.