commences inspection against Hospital Authority
1. The Privacy Commissioner for Personal Data Mr.
Roderick B Woo has today served notice on the Hospital Authority (HA)
of his intention to carry out an inspection of HA's patients' data
system pursuant to section 36 of the Personal Data (Privacy) Ordinance
("the Ordinance"). The purpose of the inspection is to assist the
Commissioner in making recommendations relating to the promotion of
HA's compliance. The inspection and the recommendations will
focus on the security aspects of the system.
2. This is the first time that the inspection power
is exercised by the Commissioner who finds it in public interest to do
so in response to the series of incidents concerning loss of patients'
3. In accordance with the provisions of the
Ordinance, the Commissioner has given the HA 14 days' notice of his
entry into its premises for the purpose of on-site inspection.
The inspection will commence on 23 May 2008.
4. "I believe that the inspection will enable me to
make useful recommendations on the maintenance of appropriate security
measures by the HA in handling patients' personal data. Such
recommendations will help the HA in preventing future recurrence of
similar data loss incidents." Mr. Woo said.
5. The Commissioner will meet Mr. Shane Solomon, the
Chief Executive of HA, tomorrow to discuss the inspection and other