***********************************************
The following is issued on behalf of the Hospital Authority:
At the Administrative and Operational Meeting today (September 10), the Hospital Authority Board discussed and endorsed the report and recommendations submitted by the Taskforce on Patient Data Security and Privacy to further enhance the protection of patient data privacy.
The chairman of the taskforce, Mr Stephen Lau, said, ˇ§The taskforce acknowledged in the report that the Hospital Authority over the years has taken considerable steps to identify and address the security risks to patient data. It is recognised that structures, policies and guidance, training programmes have been in place. Moreover, technological measures have been established to control access to clinical systems and to protect the authorityˇ¦s network from cyber attacks, such as viruses, spam and hacking.ˇ¨
ˇ§Having reviewed and assessed all the steps and measures, the taskforce believed that more needed to be done to sustain and enhance the effectiveness of these measures. A total of 26 recommendations were made in the report and presented to the Hospital Authority Board today covering improvements in four major areas of Policy; Structure and People; Procedures and Guidelines; and Technology.ˇ¨
Authority chairman, Mr Anthony Wu, expressed appreciation for the efforts made by the members of the taskforce in the last few months in undertaking a comprehensive and thorough review to enhance public hospitalsˇ¦ system security and patient data protection, following the reports of cases on loss of electronic devices containing patient data.
ˇ§Following the recommendations of the taskforce, I am confident that the authority and its public hospitals will soon commence important steps in further enhancement of patient data security while discharging their primary and essential roles in patient care,ˇ¨ Mr Wu said.
Hospital Authority Chief Information Officer, Mr Andre Greyling welcomed the recommendations of the taskforce. ˇ§We are going to study the report in detail, together with recommendations made by the Privacy Commissioner for Personal Data (PCPD) in its Inspection Report earlier this year.ˇ¨
ˇ§We are in the process of drawing up an action plan to implement practicable measures as recommended in both reports to enhance patient data security and privacy. A dedicated team is also being set up to work solely on improving data security within the authority.ˇ¨
ˇ§The Hospital Authority will provide PCPD with quarterly progress reports and a full report, at the end of 12 months, on the implementation of the 39 recommendations in the Inspection Report, together with the 26 enhancement measures recommended by the taskforce,ˇ¨ he said.
Mr Greyling reiterated his confidence in making progress in addressing issues of patient data security.ˇ§We will work towards the recommended good data handling system that can recognise the risks, incorporate appropriate measures to mitigate these risks and is capable of responding quickly to changes in the environment. A number of improvement steps, particularly on the technology side, are already under way. This includes automatic encryption of patient data downloaded from our clinical systems to further protect the data and to enforce security.ˇ¨
The report of the Taskforce on Patient Data Security and Privacy (full report in English, Executive Summary and Summary of Recommendations in English and Chinese) is now available for public viewing on HA's website www.ha.org.hk/report/patientdata.
Ends/Wednesday, September 10, 2008
Issued at HKT 18:49
NNNN
