Hk: HA sets up Task Force on Patient Data Security and Privacy (updated)

From the press release:

The Chief Executive of the Hospital Authority ( HA ), Mr Shane Solomon, today ( May 5 ) announced the appointment of a Task Force on Patient Data Security and Privacy with the objectives of enhancing system security and patient data protection, following cases of loss of electronic devices containing patient data.

Mr Solomon said that from the record of the Advanced Incident Reporting System ( AIRS ), there were nine reported cases on data loss via electronic devices in the past 12 months up to end April.

Among them, eight cases had been reported to the police and seven cases were theft-related. These data loss cases happened at Pamela Youde Nethersole Eastern Hospital ( four cases ), Kowloon Hospital ( two cases ), Queen Mary Hospital ( one case ), Tuen Mun Hospital ( one case ) and United Christian Hospital ( one case ).

The lost electronic devices included four USB memory sticks, one palm handheld device, one MP3 player, one Central Processing Unit, one laptop computer and one digital camera.

“While a total of 5,988 patients were involved, 3,117 of the losses did not involve any personal particulars.”

Of the remaining 2,871 patient data items, 961 ( 33% ) were not password protected.

The data lost were mainly collected manually. Patients involved in four reported cases had been contacted. Hospitals will continue to contact concerned patients if needed. There have not been any reported cases of patient data leakage so far. ( Case details are included in the attachment. )

[…]

Update: SCMP reports that “The Prince of Wales Hospital in Sha Tin informed the Hospital Authority that it had lost an electronic device containing the data of 10,000 patients. Privacy Commissioner Roderick Woo Bun confirmed on Tuesday….” Access to the full article requires a subscription.

About the author: Dissent