Hong Kong earmarks funds for patient data security

HONG KONG – The Hospital Authority here has earmarked HK$35 million (US$4.4 million) to improve patient data security and privacy based on recommendations by the privacy commissioner and authority’s own taskforce.

The HA said last week a budget of HK$10 million has been allocated for the remainder of the financial year and HK$25 million next year. The fund will be spent on setting up the new information security and privacy office and upgrading data security infrastructure.

Stephen Lau, chairman of the taskforce said that 26 recommendations were made in a taskforce report and presented to the Hospital Authority Board covering improvements in four major areas — policy; structure and people; procedures and guidelines; and technology.

The taskforce studied 10 reports of data loss cases involving 16,000 patients in six hospitals and clinics since April. The authority said all patients had been notified and no data had been leaked.

The taskforce suggested the appointment of a chief information security and privacy officer for leading HA-wide information security and privacy programs in a coordinated manner.

It added in the report that data security and privacy should be integrated into organizational performance objectives and for which chief executives have an explicit accountability within their clusters and should be required to make an annual report on information security and privacy.

The taskforce also made recommendations for adoption in the short term to minimize risk of further patient data loss. These include: automatic encryption of downloaded data; whole disk encryption for portable electronic devices; physical restriction of the use of devices; and storage and sharing of data on secure file servers.

In addition, it has come up with several principles for ongoing enhancement of data protection. They include: minimizing access to and use of personally identifiable information; minimizing transport of such information; guarding the systems containing such information against external threats; and providing concrete procedures and handling guidelines.

Andre Greyling, CIO of the Hospital Authority, said it has already implemented some of the recommended measures including automatic encryption of patient data downloaded from its clinical systems.

He added that the organization will study the report in detail, together with recommendations made by the Privacy Commissioner for Personal Data (PCPD) in its inspection report earlier this year.

“We are in the process of drawing up an action plan to implement practicable measures as recommended in both reports to enhance patient data security and privacy,” said Greyling. “A dedicated team is also being set up to work solely on improving data security within the authority.”

He added that the HA will provide PCPD with quarterly progress reports and a full report, at the end of 12 months, on the implementation of the 39 recommendations in the inspection report, together with the 26 enhancement measures recommended by the taskforce.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now