Progress of Inspection Against Hospital Authority
The Privacy Commissioner for Personal Data Mr. Roderick B Woo provides
a brief update on the progress of the Inspection against the Hospital
The objective of the Inspection is to examine and assess the personal
data system of the hospital under HA’s management with regard to the
security of patients' data in compliance with the provisions of the
Personal Data (Privacy) Ordinance, in particular Data Protection
Principle 4 of Schedule 1 to the Ordinance in relation to data security.
In accordance with the provisions of the Ordinance, the Commissioner
issued a 14 days notice of Inspection to the HA on 8 May 2008
exercising his power of on-site Inspection.
For the purpose of the Inspection, an Inspection Team was formed,
comprising the Commissioner and the Deputy Commissioner, Mrs. Bonnie
Smith, and officers from the Legal, Operations and Compliance Divisions.
The Commissioner was fortunate in being able to form a team of
consultants comprising eminent experts from the medical, information
technology and legal professions. They have agreed to become
prescribed officers on a pro-bono basis to help the Privacy
Commissioner in providing advice in the various aspects of the
Inspection. These consultants are :-
i) Professor John BACON-Shone
Director, Social Science Research
Former Chairman, Law Reform Commission
ii) Mr. Christopher CHAN Cheuk
Registrar, High Court (Retired)
iii) Dr. HO Chung-ping
Hong Kong Medical Association
iv) Ir. Dr. Samson TAM Wai-ho
Chairman, Group Sense Ltd.
Technology Division, Session 2007/08
Hong Kong Institute of
The Commissioner has also engaged Mr. Patrick R. Moss as the Secretary
to the Inspection Team.
For the purpose of inspecting the personal data system of HA and how
hospitals under its management effectively comply with its data
security policies and practices, this Office obtained from the HA all
relevant documents, manuals and guidelines and pertinent questions on
data security. These were closely assessed and appropriate
requisitions were raised and answered by the HA before the
On 16 May 2008, the Commissioner, the consultants and his Inspection
Team visited a hospital under the HA’s management to pave the way for
The Commissioner carried out the Inspection on 23 May 2008 together
with the consultants, the Inspection Team, and 10 PCPD officers.
An additional 10 PCPD staff members also rendered support by providing
clerical and logistics assistance.
The Inspection was carried out in two ways. On the one hand, the
consultants and the Inspection Team walked through the hospital's
personal data system and interviewed selected hospital staff members
for practical assessment. On the other hand, the Inspection Team
and PCPD officers met more than 100 of the hospital staff members (who
were selected on a random basis) to complete a questionnaire about the
handling of patients' data at work.
The Commissioner and his Inspection Team inspected the hospital again
on 26 May 2008 to collect further information.
"I am gratified by the fact that the management of the hospital was
exceedingly friendly and cooperative and gave us a full picture of how
they handle patients' personal data. The doctors and officers at
all levels in the hospital have been patient and helpful in providing
every facility that the Inspection Team needed to do its job
properly." Mr. Woo said.
At present, the Commissioner, with the consultants and his team, are
compiling and analyzing the information obtained. They have had several
meetings since the Inspection. In due course, the Commissioner
will with the advice and help of the consultants and the Secretary to
the Inspection Team publish a report and make recommendations to the HA
to promote its better compliance with the Ordinance for the purpose of
protecting patients' personal data.