Healthcare
Bookmark

Modernising identity management in Singapore’s healthcare ecosystem

By Sol Gonzalez

Synapxe’s Automated Identity and Access Management System is transforming how the public healthcare landscape governs user identities, enforces access controls, and protects critical national health data.

Synapxe’s Automated Identity & Access Management (AIAM) system modernises identity and access management across the entire public healthcare ecosystem, in response to evolving regulatory expectations and cybersecurity standards that call for more automation and real-time governance to strengthen controls and improve internal processes. Image: Canva.

Singapore’s public healthcare sector has been consistently adopting digital solutions to modernise processes, services, and operations.  


But this has also resulted in calls for improvements to earlier systems to support evolving operational needs. 


It has been felt that with digitalisation of healthcare accelerating, the sector’s identity and access management (IAM) processes need to evolve from manual and resource-intensive processes through automation. 


“The real transformation lies in fundamentally changing how we work,” says Synapxe’s Director of Infrastructure Services, Serena Yong.  


She shares with GovInsider about Synapxe’s Automated Identity & Access Management (AIAM) system, which modernises identity and access management across the entire public healthcare ecosystem.  


AIAM responds to evolving regulatory expectations and cybersecurity standards that call for more automation and real-time governance to strengthen controls and improve internal processes.  


The system was awarded the Digital Government Award at GovInsider’s Festival of Innovation 2026 for its transformative impact at scale in the public healthcare sector, supporting over 130,000 users across over 40 public healthcare institutions. 

When transformation is needed  


The project started with the realisation that original IAM processes need to evolve to adapt to growing staff numbers, system integrations access, and security requirements. 


Synapxe’s Director of Infrastructure Services, Serena Yong, explains how AIAM was designed to modernise and improve existing identity and access management across the entire public healthcare ecosystem. Image: Synapxe.

This meant longer onboarding time for clinicians and frontline staff, varied turnaround times due to different approval workflows, and higher administrative effort for IT teams managing thousands of access requests. 


Another concern was ensuring the timely deactivation of accounts to prevent any potential security concerns. 


Yong adds that they sought to ensure new users receive their accounts in a timely manner on their first day of work.  


This is important particularly for frontline healthcare staff, as timely system access enables operational continuity and patient care delivery.  


The AIAM system streamlines the onboarding process for healthcare staff while reducing administrative burden and strengthening security and compliance.  


Improving audit readiness is also a key objective, notes Yong, explaining the complexity of managing accounts across the entire public healthcare system due to constant staff movement across entities or hospitals. 


“When staff moved between entities previously, new accounts were often created at each location, as account management was handled independently by each department before AIAM. With AIAM in place, we now have end-to-end visibility, ensuring users maintain a single account across PHIs,” she says. 


The AIAM system creates a single unified public healthcare-wide identity management system, adds Yong.  

Intentional innovation 


Aiming to reduce manual steps and turnaround time, the AIAM system adopts an end-to-end provisioning of user access that ensures timely issuance of Active Directory ID (ADID), Microsoft365 (M365), and Hospital Medical Record System access across all public healthcare institutions. 


The Human Resources (HR) department directly triggers auto-provisioning, modification and deprovisioning, which helps to speed up the process. 


The integration across ADID, M365, HR systems, and SAP systems (such as medical record systems and public healthcare directories) also provides users with all the tools and resources they need from day one.  


When staff departs, the system automatically deprovisions their accounts within 24 hours of their HR-recorded departure, eliminating delays and security exposures.  


Through extensive role and access standardisation within hospital medical record systems, new employees can receive the required system access from the first day at the hospital. 


This harmonisation also enables Healthcare-Specific Role-Based Access Control (RBAC), says Yong. 


RBAC has been implemented to standardise access provisioning based on defined job functions. For example, a doctor specialising in cardiology would get access to modules and content about their specialisation, explains Yong. 


Mapping access profiles to role requirements helps to ensure that staff are automatically granted the systems and information they need to perform their duties effectively.  


This approach minimises the risk of over-provisioning and privilege creep, and strengthens zero-trust access governance, ensuring that access is appropriate and controlled.  

A shared North Star  


While Yong’s role as the IT integrator has been to manage the automation for identity and access across the entire sector, numerous other stakeholders have been involved in developing AIAM. 


To harmonise and standardise access across institutions, the project coordinated with over 100 stakeholders in HR, Group Chief Information Officers, (CIOs), IT teams, and clinical users. 


Yong says that aligning everyone has not been easy, but the collective effort was necessary for a consistent, secure and unified access framework.  


“All my colleagues and stakeholders had a common objective … about how to deliver better care for our patients. That common objective allowed us to move things a lot faster,” says Yong.  


This spirit of collaboration across institutions also shaped the governance approach behind AIAM.  


AIAM’s Deputy Chair and NHG Health’s Group Chief Digital Health Officer, Adjunct Associate Professor Eric Wong, highlights the importance of close partnership between healthcare and technology teams: 


“The successful rollout of AIAM shows how strong governance and secured access control can be achieved at scale across public healthcare. Tight collaboration between healthcare leaders and technology teams is essential for developing such governance frameworks.  


“NHG Health is glad to have contributed to this collective effort, enabling safe, seamless and trusted access to healthcare systems for clinicians and staff.” 


National University Health System (NUHS)’s Clinical Quality and Patient-Centred Care, AIAM Deputy Chair and Assistant Chief Executive, Dr Quek Lit Sin, also highlights that a common vision has been essential to shaping AIAM. 


“The success lies not only in the technology that we deployed, but in the strength of a healthcare ecosystem working closely together. Meaningful transformation at scale is possible when we work as one team, united by a belief in our collective purpose,” says Quek. 

Designed to scale up 


Yong says that AIAM is designed to scale.  


“We are focusing on the next phase of identity access management, where we want to transform the current AIAM into an enterprise identity platform,” she shares, adding that the advancement is planned to respond to the growing number of applications. 


So far, over 90 per cent of the requests in the system have been successfully triggered, Yong says. The team also receives qualitative feedback from users, which helps them trace the success of the platform.  


The planned enhancements for the system include expansion to additional nationwide health systems, continuous refinement of RBAC as healthcare roles evolve, and potential alignment with national digital identity frameworks.