Providing patients with assurance through Data Protection Trustmark Certification.
MaNaDr was set up by a group of doctors in 2017 with a vision – to make healthcare affordable and accessible to everyone who needs it by leveraging technology. It does this by creating a mobile health platform that allows patients to tele-consult with their doctors wherever they may be, at any time, on any day.
Central to MaNaDr’s value proposition is the cultivation of a doctor-patient relationship based on trust, and striking the right balance between business innovation and personal data protection.
In this respect, the Data Protection Trustmark (DPTM) gives a clear indication that the company is on the right track in ensuring good data protection standards. It helps MaNaDr to provide assurance on doubts that patients may have about the security of their personal data.
Since attaining the certification, the company no longer gets questions about what it is doing to protect the data.
Unlike many new business models emerging in the age of digital transformation, healthcare cannot be “on-demand” where you match your patients with whichever doctor is available, said founder and chief executive officer Dr Siaw Tung Yeng.
This is because the one element that is so crucial in healthcare is trust.
“We don’t expect patients to go online to search for a doctor randomly. In my years of practice, patients come to me to ask which specialist they should see,” he said.
This is because patients trust the professional recommendations of their own doctors. And thus, one of the most powerful things that MaNaDr has built is a community of trusted doctors for a community of patients and their friends and relatives. Its vision is to connect these two communities so that patients can have access to trusted healthcare providers for guidance and advice through life.
“It is a relationship based on trust,” Dr Siaw emphasised. “And in creating this platform, we want to demonstrate that MaNaDr can be trusted as well.”
That was why, when the DPTM was announced, MaNaDr decided to put itself through the rigor of getting certified. Prior to that, it engaged a consulting firm to identify gaps in its policies and processes and to find out what it needed to do to plug those gaps.
“To me, this is crucial because we are dealing with highly-sensitive patient data. We want to make sure that they are at ease when they share their data with us,” said Dr Siaw.
Unique data structure
Going into the certification process, the company deduced that it had already met about 90 per cent of the DPTM requirements at the onset.
From day one, MaNaDr made sure that it encrypted all personal data that it had. It specifically designed a unique data structure with two sets of portfolios for each patient. One comprises a data set from the clinic that is fully secure on an internal encrypted platform; the other is the patient’s online persona that is housed separately. This helps to ensure that even if the external data gets breached, the internal data is still secure.
Every service on MaNaDr is also designed to be a micro service. For example, the “Appointment” service is housed in one server, and the “Chat” service on another. “If there is a data breach in one micro service, only that particular one will be affected. They cannot breach the whole ecosystem,” said Dr Siaw.
The MaNaDr platform is secured by a two-lock system to protect the source code. The company also makes sure that the data links to member clinics are highly secure and that the clinics sign a compliance document to affirm that their data protection policies and processes are in tandem with MaNaDr’s.
For MaNaDr, the DPTM certification process has helped to reinforce the company’s personal data protection regime.
“We may not always be aware of blind spots in our processes. As we went through the DPTM certification, we learnt how to identify deficits in our system and what we had to do to plug those gaps,” said Dr Siaw.
As part of the DPTM assessment, the company formalised and standardised its personal data protection practices. Policies and processes were documented and a personal data protection manual was produced to ensure that anyone who joins the company has access to systematic training on data protection and fully understands the philosophy behind it.
MaNaDr has about 80 employees globally, including 15 full-time staff in Singapore and development teams in Vietnam and India. All staff – including overseas staff - have to go through the same training and adopt the same processes to ensure that personal data is protected.
In January this year, MaNaDr was amongst the first organisations in Singapore to receive the DPTM. The certification has had an “amazing” impact on its operations, said Dr Siaw.
He recalled how MaNaDr used to get a lot of questions about the security of data on its platform, and was constantly being asked to prove that it had adequate measures in place. People were reluctant to share personal data such as their credit card details as they were afraid that the information would get stolen.
“With the DPTM, people do not ask about such things anymore. We save time and effort in having to explain our data protection policies and practices to them.”
Dr Siaw believes the DPTM will also help MaNaDr expands its presence in overseas markets. Having the trustmark enables the company to strike up conversations with like-minded healthcare practitioners in overseas clinics and close more business deals, he said.
“DPTM has become a selling point for the company because it is a trustmark offered by the Singapore government,” said Dr Siaw. “A lot of business deals may not factor in DPTM at first, but it gives us a distinct edge in the market when we mention it. Everything else being equal, it can be the deciding factor in many cases.”
For more information, visit the Data Protection Trustmark webpage.
(This story was first published in the Data Protection Trustmark Success Stories e-booklet.)