***************************************************
The following is issued on behalf of the Hospital Authority:
In response to media enquiries on the Privacy Commissioner Investigation Report on loss of USB flash drive containing patients' personal data by United Christian Hospital (UCH), spokesperson of UCH would like to give the following response:
UCH accepts the recommendations of the investigation report by the Privacy Commissioner for Personal Data (PCPD) which will result in a more systematic, consistent approach and lead to improvement on the management of personal data system of Hospital Authority (HA) and UCH.
In response to the recommendations from PCPD, our hospital has followed and implemented the data protection policy and guidelines set up by the HA Task Force on Patient Data Security and Privacy. For instance, our hospital has provided hospital staff the procedural guidelines on the proper use of USB. This includes, for example, to encrypt patient data storing in USB; to stop using the USB once encryption function is found in default; to delete patient data from USB when the need for using the data has ceased; and to report to the senior once USB storing patient data is found lost.
Our hospital has also implemented some technical improvement steps such as automatic encryption of patient data downloaded from our clinical systems to further protect the data and to enforce security.
In addition, we will continue to follow and implement the improvement measures as directed by the Hospital Authority Task Force to ensure adequate protection on patient's data.
Ends/Wednesday, December 24, 2008
Issued at HKT 19:41
NNNN
