12.—(1)  Every licensee of a private hospital, medical clinic or healthcare establishment shall keep and maintain proper medical records and shall in addition cause to be recorded therein in respect of each patient such particulars as may be specified in any guidelines issued by the Director from time to time.
(1A)  The licensee under paragraph (1) shall —
(a)take all reasonable steps, including implementing such processes as are necessary, to ensure that the medical records in paragraph (1) are as accurate, complete and up-to-date as are necessary for the purposes for which they are to be used;
(b)implement adequate safeguards (whether administrative, technical or physical) to protect the medical records against accidental or unlawful loss, modification or destruction, or unauthorised access, disclosure, copying, use or modification;
(c)periodically monitor and evaluate the safeguards in sub-paragraph (b) to ensure that they are effective and being complied with by the persons involved in handling the medical records;
(d)ensure that each person handling the medical records is aware of his role and responsibility in maintaining the confidentiality, integrity and availability of the medical records; and
(e)take reasonable care in the disposal or destruction of the medical records so as to prevent unauthorised access to the records.
[S 189/2011 wef 15/04/2011]
(2)  Every licensee of a clinical laboratory shall keep and maintain laboratory records of all specimens received and examinations conducted by him and the results thereof.
(3)  The records referred to in paragraphs (1) and (2) shall be retained by the licensee of the private hospital, medical clinic, clinical laboratory or healthcare establishment for such periods as may be required by the Director.