************************************************************
The following is issued on behalf of the Hospital Authority:
The Chief Executive of the Hospital Authority (HA), Mr Shane Solomon, today (July 22) welcomed the recommendations of the inspection report by the Privacy Commissioner for Personal Data (PCPD) which will result in a more systematic, consistent approach and lead to further improvement in the HAˇ¦s personal data system.
Mr Solomon was pleased to note that the commissioner acknowledged the HA's important and significant efforts in devising a patient data security system that facilitates patient care while safeguarding data integrity.
"The recommendations will be studied in detail along with those of the HA's Taskforce on Patient Data Security and Privacy which is now undertaking a comprehensive and thorough review to enhance public hospitals' system security and patient data protection, following the reports of cases on loss of electronic devices containing patient data."
The Chief Executive expressed his confidence in making significant progress in addressing PCPDˇ¦s recommendations over the next 12 months. "Based on the ongoing work of our own taskforce and an independent security consultant, a number of improvement steps, particularly on the technology side, are already underway. This includes, for example, automatic encryption of patient data downloaded from our clinical systems to further protect the data and to enforce security."
A dedicated team will be set up to work solely on improving data security within the HA, including follow-up of the PCPD's recommendations. The HA will provide the PCPD with quarterly progress reports and a full report on the implementation at the end of 12 months, including the technology enhancements that the HA's taskforce is currently considering as part of its work.
"Within the HA, we are looking at technological and procedural measures to safeguard the security of personal data collected by and stored in various HA systems. We will also work with the PCPD to raise healthcare professionals' awareness of privacy risks in their everyday work and to reinforce the need for them to take essential steps to protect patients' data.ˇ¨
To enhance staff knowledge of the Personal Data (Privacy) Ordinance, the HA will also sponsor at least one officer from each of the clusters, who is responsible for personal data privacy matters, to participate in the PCPD's Data Protection Officers' Club.
The HA's own taskforce, which was set up in May this year to review existing policies and security systems for protecting patient data, is expected to complete its report by the middle of August, and have it deliberated in the HA board meeting scheduled in September. Upon endorsement by the board, the HA will provide the PCPD with a full response that sets out its action plan to both the PCPD's recommendations and those made by the taskforce.
Ends/Tuesday, July 22, 2008
Issued at HKT 16:01
NNNN