Hospital Authority further enhances patient data protection

The following is issued on behalf of the Hospital Authority:

     The Hospital Authority (HA) set up a working group comprising members of the Coordinating Committee (A&E), Information Technology and Health Informatics Department and data security expert, to explore means of enhancing protection of patient data while ensuring the operation efficiency of Accident and Emergency (A&E) Departments. The working group met yesterday (June 18) to address concerns recently expressed in the community and by some healthcare staff towards safeguarding patient data privacy.

     The Chiefs of Service of all A&E Departments agreed that the Accident and Emergency Information System (AEIS) is very important to clinical services in the Department. It was confirmed that all computers and the AEIS in A&E Department are for the exclusive use of public hospital staff. Given the different views of the community and healthcare staff towards access arrangement of the systems concerned, the Chiefs of Service of all A&E Department agreed to suspend the "report" and "print" in the "Disaster" module beginning tomorrow. Staff can only access with personal password via the Clinical Management System to view or print the patient list of major incidents of AEIS.

     Regarding recent media reports on a designated page for police in the system, the HA clarified that "For Police" selection in AEIS is just a printing option. There is never a designated page for police access to patient information, as being described wrongly by somebody. The HA reiterated that the AEIS is an independent system of the HA without connection to the computer system of any other organisation. No access right has been given to any government department including the police.

     There were also some recent news reports on possible unintended exposure of computer screens in busy A&E Departments. The HA understands that A&E staff may need to leave their desktop computers at times to help resuscitate patients, hence will install in AEIS of all A&E Departments the automatic log-out function after idling for 15 minutes. Computers are also installed with screensaver programme to prevent the risk of information exposing accidentally.

     As A&E Departments are always crowded with members of public and other rescue department staff, the HA has reminded healthcare staff to ensure that patients' medical records and conversation are not leaked during triage and consultation. The HA will also remind law enforcement departments to be mindful of the respect for patient data privacy in hospitals.

     The HA will continue to uphold patient confidentiality, which is the cornerstone of patient confidence in seeking consultation. The HA reiterates that public hospital healthcare staff always work in the best interest of the patients and will not be compromised by any non-clinical activities. Patients in need are advised to seek timely consultation.

Ends/Wednesday, June 19, 2019
Issued at HKT 22:32