HIA Readiness · for GP clinics
Get your GP clinic HIA-ready - system, security, and compliance in one place
OtterSG is a NEHR-ready clinic management system. From your clinic records and NEHR contribution to cybersecurity and IT support, OtterSG and Contfinity run HIA readiness as one programme so you meet the Health Information Act with one partner and one point of contact.

The September 2027 GP deadline
The Health Information Act has deadlines - GP clinics by September 2027
NEHR contribution and cybersecurity become mandatory on a phased timeline - here's how OtterSG gets your clinic ready.
Why OtterSG × Contfinity
One partner for both sides of HIA
OtterSG handles the clinic software and NEHR integration. Contfinity (our cybersecurity partner) covers data security, IT protection, and CISO-as-a-Service. Together, that's both sides of HIA compliance - one programme, one point of contact.
Software and security in one
OtterSG (clinic system + NEHR) and Contfinity (cybersecurity / CISO-as-a-Service) cover both sides of HIA compliance - not two vendors to stitch together.
Grant-eligible by design
We get your clinic certified to CS/DS standards, which is what qualifies you for the government's cybersecurity certification grant. The grants are government-run and applied for through official portals - we focus on getting you certified and ready.
Built for Singapore GP clinics
Integrated with NEHR, CHAS, MediSave, and Healthier SG - the systems GP clinics actually use.
What's included
Everything your clinic needs to run, protect, and comply
Built on the OtterSG clinic system and NEHR integration, with Contfinity's cybersecurity and IT services wrapped around it - delivered as one HIA readiness programme.
CS/DS Compliance Oversight
- Assess clinic setup against HIA requirements
- Identify gaps (firewall, training, policies)
- Step-by-step remediation guidance
- Review / supply incident response plan
- Prepare & submit certification documents
- Liaise with the certification body on follow-up
Cybersecurity Toolkits, Deployed & Managed
- Security awareness training
- Network security appliance
- Endpoint security suite
- Licence & maintenance
- Backup & recovery strategy, regularly tested
Dedicated IT Operational Support
- 24/7 email & phone
- Onsite support during clinic hours
- Device & network troubleshooting
- Security monitoring
- HIA/MOH advisory
- User & access management
- Data backup & restoration
HSG Tier-1 Compatible
Seamless NEHR + government-database integration
Medical AI Assistants
AI tools built for Singapore consultation practices
Telemedicine Integration
Built-in teleconsultation for remote and hybrid care
Why clinics choose us
Built into Singapore's health ecosystem and security certified
Connected to Singapore's national health systems







OtterSG is listed on Synapxe's HIMS directory and integrated with NEHR. Verify status on the official Synapxe HIMS directory ↗
Security & data certified

Cyber Essentials certification for HIMS vendors (or equivalent) submitted to Synapxe, and Code of Practice for Data Portability.
Pricing
Simple. Transparent. Affordable.
Two ways to get your clinic HIA-ready. Package A is recommended if you want the cybersecurity certification grant and full compliance help.
+ SGD 1,470 upfront — your 30% share of the initial Cyber Essentials (CE) Mark certification (government funds 70%). Paid separately to our cybersecurity partner, not part of your monthly subscription.
Full HIA readiness with certification and grant support.
- OtterSG Clinic Management System
- NEHR integration & dedicated IT support
- Cybersecurity & data security
- Up to 10 users and 5 devices
- Cyber Essentials (CE) Mark certification (grant-eligible)
5-year plan, billed monthly
The full clinic system, NEHR, cybersecurity, and IT support at standard price - you handle CS/DS Essentials in-house.
- OtterSG Clinic Management System
- NEHR integration & dedicated IT support
- Cybersecurity & data security
- Up to 10 users and 5 devices
*Prices exclude GST. Terms and conditions apply.
These are our Singapore HIA programme packages. For OtterSG's standard global plans, see our pricing.
What's in each package
| Feature | Package ARecommended | Package B |
|---|---|---|
| Clinic Management System | ||
| NEHR Integration | ||
| Cybersecurity & Data Security | ||
| Dedicated IT Support | ||
| Backup & Recovery | ||
| User Access Management | ||
| Security Awareness Enablement | ||
| Users & devices | Up to 10 users / 5 devices | Up to 10 users / 5 devices |
| Cyber Essentials (CE) Mark certification (grant-eligible)A only |
What's not included
- Penetration testing & vulnerability scanning (optional add-on)
- Incident response forensics & legal (specialist service)
- Full policy writing & document cleanup (drafted separately, quoted)
- Certification body & government fees (paid directly by the clinic)
- Cyber Essentials renewal (typically every ~2 years - borne fully by the clinic; the 70% government funding applies to the initial certification only).
How it works
Your journey to HIA readiness
Consultation
Understand your clinic's needs
Assessment
Review current systems and readiness
Implementation
Set up systems, integrations and security
Staff enablement
Train your team and build awareness
Ongoing support
We're with you all the way
Questions
Frequently asked questions
Both packages include the OtterSG clinic management system, NEHR integration, dedicated IT support, and cybersecurity & data security. Package A also includes attaining the Cyber Essentials (CE) Mark certification (which makes it eligible for the cybersecurity certification grant); Package B includes backup & recovery and security awareness enablement. See the full comparison above.
Funding comes from government schemes, not from us. Eligible clinics can tap government support that helps cover HIA-readiness costs, applied for through the official government portals. Package A gets your clinic certified so it qualifies. Amounts and eligibility are set by the government and can change - for the current details, see MOH's HIA funding page.
GP clinics must start contributing to NEHR by September 2027, with grant applications opening earlier.
After consultation and assessment, NEHR onboarding typically takes up to about five weeks, scheduled around your clinic's operations.
OtterSG provides the NEHR-ready clinic system; Contfinity handles cybersecurity, data protection, and IT. Together they cover both sides of HIA, so you deal with one partner instead of stitching vendors together.
Let's get your clinic HIA-ready
Book a free consultation. We'll assess where you stand and map the simplest path to compliance.