Privacy Commissioner commences inspection against Hospital Authority

1.    The Privacy Commissioner for Personal Data Mr. Roderick B Woo has today served notice on the Hospital Authority (HA) of his intention to carry out an inspection of HA's patients' data system pursuant to section 36 of the Personal Data (Privacy) Ordinance ("the Ordinance").  The purpose of the inspection is to assist the Commissioner in making recommendations relating to the promotion of HA's compliance.  The inspection and the recommendations will focus on the security aspects of the system.

2.    This is the first time that the inspection power is exercised by the Commissioner who finds it in public interest to do so in response to the series of incidents concerning loss of patients' data.

3.    In accordance with the provisions of the Ordinance, the Commissioner has given the HA 14 days' notice of his entry into its premises for the purpose of on-site inspection.  The inspection will commence on 23 May 2008.

4.    "I believe that the inspection will enable me to make useful recommendations on the maintenance of appropriate security measures by the HA in handling patients' personal data.  Such recommendations will help the HA in preventing future recurrence of similar data loss incidents." Mr. Woo said.

5.    The Commissioner will meet Mr. Shane Solomon, the Chief Executive of HA, tomorrow to discuss the inspection and other matters.


END