Frequently Asked Questions
General Information

Frequently Asked Questions

Why are various types of data needed for research, policy planning, operations and innovation?

Many innovations require the ability to link and analyse data from different sources. One example includes patient & hospital data from the Ministry of Health and research data from universities.

Large volumes of data provide an opportunity to derive insights to improve systems in Singapore and generate important insights that are internationally relevant. Combining various types of data would assist policy officers, researchers and ops-tech staff in looking for previously hidden insights and patterns. Such information would be invaluable in helping us to understand the possible correlation between different variables of interest and to plan and evaluate existing policies better.

How does an individual benefit from enTRUST?

Any data analysis done on enTRUST can potentially lead to innovations and breakthroughs in the form of improved policies, interventions and streamlined operations.

Is my data being sold? Does enTRUST sell data? Who can access the data on enTRUST?

enTRUST is a national initiative by the Government of Singapore and does not sell any data. Data on enTRUST can only be accessed by data users that have been approved by the various data contributors after a thorough vetting process. The data on enTRUST does not include any identification records, such as NRIC numbers or names.

How does enTRUST enable anonymised research and real-world data to be brought together, accessed and used?

To ensure that data on enTRUST is safe, secure and fit-for-purpose, enTRUST adopts the Five Safes Framework. These “Five Safes” are adjustable controls that complement each other to safely manage risks in data sharing. It serves to provide an optimal balance between supporting data innovation while ensuring data is used securely.

Safe Purpose

Before any research is allowed on enTRUST, the relevant authority, e.g. TRUST Data Access Committee (DAC) for healthcare sector and the Urban Solutions and Sustainability (USS) Secretariat will review the value of the data request to determine if the research is intended to serve a legitimate objective of benefitting the public and generating social benefit.

Safe People

Individuals with access to enTRUST must have the appropriate credentials and only work on approved use cases or projects, amongst other rules such as time-limited access. This ensures that there are no unauthorised data disclosures to unknown or unauthorised individuals.

Safe Settings

Data on enTRUST is stored in a secured environment with government-standard security measures. There are physical and technical security arrangements to prevent unauthorised data disclosure or exfiltration. In addition, activities on enTRUST are monitored to ensure proper usage.

Safe Data

Data on enTRUST are accessed and used based on permission granted and are anonymised to reduce re-identification risks. This means that the data on TRUST does not include any identification records, such as NRIC numbers and names, so that specific individuals are unlikely to be identified from the research data. There are also legal and technical safeguards to minimise the risk of re-identifying individuals.

Safe Output

Drafts of any output to be published by Data Requestor must be provided to enTRUST first, for review and checks on any re-identification risks.

Could my data be combined with other information to identify me?

Datasets on enTRUST are accessed and used based on permission granted and are anonymised in compliance with internal Government standards. It is a criminal offence under Section 48F of the Personal Data Protection Act (PDPA) to deliberately attempt to re-identify someone. In addition to the legal safeguards, multiple process and technical safeguards are also in place to minimise the risk of re-identifying individuals.

How does the Personal Data Protection Act (PDPA) apply to enTRUST?

As a data intermediary, enTRUST complies with Singapore’s legal requirements such as the Personal Data Protection Act (PDPA) and the Human Biomedical Research Act (HBRA). This is through measures such as –

  • Ascertaining the appropriate permission and relevant Institutional Review Board (IRB) approval (or waiver) are in place before research on enTRUST is approved.
  • Anonymising datasets according to internal Government standards.
  • Establishing measures to safeguard data on enTRUST.
  • Establishing measures to safeguard data output out of the enTRUST environment. For example, exports of insights will be checked for re-identification risks before being allowed out of the enTRUST environment.

Notwithstanding these measures, data on enTRUST is anonymised data and hence not considered personal data. This means that the anonymised data on TRUST is not governed by the Personal Data Protection Act (PDPA).

How does enTRUST ensure that the use of data on enTRUST is for public benefit?

enTRUST has relevant authorities assigned to the various sectors to review the value of the data requests before concluding if the purpose of use is beneficial to the public and can generate social benefit. Applications for projects on enTRUST will be evaluated in accordance to their own sector-specific guidelines.

I’m an individual and I want to contribute my data to enTRUST. How do I do so?

We thank you for your interest in enTRUST. Your data is valuable in helping us understand our existing policies and to develop interventions or refine our processes. enTRUST does not collect data directly from individuals, but from public health institutions, research institutions or public agencies. When you provide permission to your data for research purposes, it allows institutions or agencies to share that data with and via enTRUST within the scope of your permission. Be assured that datasets on enTRUST are accessed and used based on permission granted and anonymised so that it is highly unlikely for you to be re-identified from the data.

Am I able to find out what data enTRUST has of me?

As data on TRUST is de-identified and anonymised, enTRUST would not be able to identify individuals from the data. Anonymised data is not considered personal data and thus is not governed by the Personal Data Protection Act (PDPA).

What is “de-identified” and “anonymised”?

De-identification refers to the removal of identifiers (e.g. name, NRIC) that directly identify an individual. De-identification is sometimes mistakenly equated to anonymisation. However, it is only the first step of anonymisation. A de-identified dataset may be easily re-identified when combined with other forms of data that may be easily accessible by the public. Anonymisation refers to the process whereby personal data is converted into data that cannot be used to identify the individual(s). Anonymisation is a risk-based process, which includes analysing risks of re-identification, before applying both anonymisation techniques and safeguards to prevent re-identification from occurring.

Who is behind enTRUST? Who funds enTRUST?

enTRUST is a Singapore Government initiative. The platform is developed by the Government Technology Agency, with key tenants Ministry of Health (MOH) and the National Research Foundaiton (NRF), alongside the Urban Solutions and Sustainability (USS) sector. enTRUST is supported by the Smart Nation Group (SNG).

Who is enTRUST open to?

Currently, enTRUST supports two sectors: Healthcare sector (comprising public health sector users and researchers from Singaporean public health institutions, institutes of higher learning and publicly funded institutions) Urban Solutions and Sustainability sector (comprising government organisations with related urban data)

Please contact us if you wish to onboard as a sector.

What if I am from an institution outside Singapore? Can I use enTRUST?

enTRUST is taking a phased approach in engaging strategic partners from both the public and private sectors. In the current phase, enTRUST is focused on supporting public-private data sharing use cases in Singapore.

Overseas institutions that are interested to explore and access enTRUST are encouraged to do so in collaboration with a Singapore-based government organisation, public healthcare institution or publicly funded research institution.

enTRUST will be looking to support more public-private data partnerships in our next phase (estimated in 4Q 2024).

What is the difference between enTRUST and MOH TRUST?

enTRUST is a Whole-of-Government product that enables programmes like MOH TRUST to function. Within each programme, using MOH TRUST as an example, there would be sector-specific governance, framework, mission, vision and partnerships for the successful sharing of data within the sector organisations and its industry partners. enTRUST is the technical implementation and facilitator that enables data to be (optionally) anonymised, fused and shared as required.

For Data Contributors