***********************************************************
The following is issued on behalf of the Hospital Authority:
The Task Force on Patient Data Security and Privacy appointed by the Hospital Authority held its first meeting this morning (May 7). Speaking to the media after the meeting, the task force chairman, Mr Stephen Lau said the group would review the Hospital Authority's existing policies and security systems of protecting patient data, and looked forward to recommending short-term as well as long-term improvement measures.
Mr Lau said the task force made two major observations in its preliminary review.
"Firstly, the practice of frontline healthcare staff making use of advanced technology devices to enhance efficiency should not be discouraged, though such practice must be accompanied by adequate technical and administrative policy and procedures to protect the security and privacy of identifiable personal data of patients. Secondly, to elevate their alertness in handling sensitive patient data it is important for Hospital Authority management to exert more educational and promotional efforts in enhancing the culture of all authority staff in the management and protection of patient data."
Mr Lau said the task force would also advise the authority on appropriate improvement measures with an ultimate goal to minimise and eliminate data loss cases from happening again.
The Task Force on Patient Data Security and Privacy comprises the following membership:
Chairman:
Mr Stephen Lau, former Privacy Commissioner for Personal Data
Members:
Mr Charles Mok, Hospital Authority Board Member
Mr Sunny Lee, President of Hong Kong Computer Society
Dr Chong Lap-chuen, Chairman of Hospital Authority Clinical Data Policy Group
The Terms of Reference of the Task Force are as follows:
1. Review the clinical and operational requirements for exporting of clinical data in the Hospital Authority
2. Assess the mechanisms that are currently in place to protect the security and privacy of identifiable patient data. Mechanisms to be examined include:
?policies and guidelines
?education & promulgation efforts
?system design and technical features
?incident reporting and handling measures
3. Suggest improvements to these mechanisms to enhance patient data security and privacy in the Hospital Authority.
The task force will complete its work and submit a report to the Hospital Authority Chief Executive in three months' time.
Ends/Wednesday, May 7, 2008
Issued at HKT 19:13
NNNN
