1. There is wide media coverage on the inspection report ("the Report") of the Hospital Authority’s ("HA") patients' data system published by the Privacy Commissioner, Mr. Roderick B.Woo on 22 July.
2. Mr. Woo said, "I am pleased to see that the community concerns about the recommendations on the improvement of patients’ data security made in the Report. I am also pleased that the HA is determined to take proper security measures to minimize the risk of data leakage. However, I notice some of my recommendations are not properly interpreted, so the following clarifications are needed."
3. It was reported that the replacement of HKID
numbers with patient's numbers might increase the risk of mismatching
the identities of patients, as well as the workload of frontline staff.
The Commissioner recognizes the importance of the use of HKID card in accurate authentication of patients' identities for consultation and prescription of drugs. To minimize the risk of intruding patients’ privacy, the Report recommends the HA to study the feasibility of abandoning the use of patients' HKID card for other purposes, e.g. medical research.
4. At present, patients' HKID numbers are printed on appointment slips. In fact, such practice is unnecessary because medical staff can get the data of patients by scanning the bar code on appointment slips. With appropriate arrangement, minimizing the use of patients' HKID numbers will definitely not increase the workload of medical staff.
5. It was commented that when the HA considered the implementation of recommendations, it should also take into account the convenience of patients.
The Report only suggests the HA how to improve the handling of
patients' data. Patients are not required to do anything extra
and therefore it will not bring them any inconvenience.
6. The Commissioner hopes that the above explanations have addressed public concern. For a better understanding of the rationale, objectives and feasible ways of the recommendations, please read the full version of the Report.
END