USB drive with patient data goes missing in Hong Kong

Sunday, 12 February 2012

RESOURCE CENTRE

Tax and Revenue Management: A government’s lifeblood

IT has provided the opportunities for governments to remodel the entire process of tax collection over the last decade. It is, however, a continuously evolving process and governments the world over need to constantly upgrade their tax systems to optimise their revenue workflows.

Unlocking Public Value

A recent SAP study confirmed that those organisations which adopt best practices in the areas of scope and adoption, process standardisation, technology and customer governance, do perform better, and do so as their best practice maturity increases.

Governments and Socialising

The advent of social media has seen governments hopping onto the bandwagon in a bid to further engage citizens.

Healthcare IT

By Jianggan Li | 26 March 2009

A doctor working for a hospital managed by the Hospital Authority has lost a USB flash drive containing personal data of 47 patients, including their names, ID numbers, sex, age and operation records.

Photos

View photos

Related Categories

From this Section

NEWS

The doctor is from the Ophthalmology Department of United Christian Hospital, part of the Kowloon East Cluster (KEC).

According to the spokesperson of the KEC, the relevant data were not exported or download from the Hospital Authority’s Clinical Management System.

Failing to locate the device despite repeated searching, the doctor reported the incident to the hospital management and the Police on 23 March. On the same day it was also reported to Hospital Authority Head Office through the Advanced Incidents Reporting System, and the Office of the Privacy Commissioner for Personal Data was informed.

The device also contained some work related files. The hospital said that the incident would not affect concerning patients’ treatment.

According to the guidelines established by the Hospital Authority, any hospital staff using removable electronic storage devices for operational needs should apply for the approval from the Chief Executive of the hospital. The staff concerned was found not to have complied with these data security guidelines.

KEC is setting up an independent panel to investigate the incident and disciplinary action will be taken according to the policy if any human errors are identified.

“Staff members have been reminded again to strictly follow the established protocol on protecting data and privacy of patients,” said a statement by the Hospital Authority.

Regular training sessions have been provided for staff of all grades and ranks on protection of patient data and privacy.

January last year, a similar incident happened in the same hospital. During an interview with FutureGov, Andre Greyling, CIO of the Hospital Authority said the earlier incident was the biggest challenge the IT department had to deal with in 2008.