Lazy doctors and patient data privacy

By Jianggan Li | 8 May 2009 | Permanent link | 0 comments

Honestly speaking, managing more than 40 hospitals and more than 50 thousand staff members, Hong Kong’s Hospital Authority has an excellent record of having only about 30 to 40 incidents every year, which is much better than most jurisdictions. Thanks to the health conscious population and the oversensitive local media, all these incidents go into the press, creating an impression that the statutory board is error-prone.

But some of the incidents – such as the recent cases of patient data loss – should not have happened. Hong Kong people are very concerned about privacy and can be easily outraged by even the minimal data leakage.

The creators of the Clinical Management System were well aware of this and they did their best to embed privacy protection in the system – there is no way a doctor could download the patient data from it.

However, you cannot prevent people from taking a photo or typing the data down word by word.

Typing was exactly what the doctors concerned in the USB flash drive loss incidents did, for the sake of convenience, without having sought approval from the Hospital Chief Executive as required by the guidelines.

Both had received training on patient data privacy and were fully aware of the guidelines and procedures for data protection.

More training is on the way, as announced yesterday by both the Hospital Authority and the Office of the Privacy Commissioner for Personal Data – a statutory body whose name is self-explanatory. Will this be effective in stopping such incidents from happening? I don’t know, but I doubt.

Some argue that it is human nature that people circumvent security for convenience and there is nothing we can do about it. However, if you put that in simple economics terms, the problem is that there is really no cost incurred to the doctors associated with this circumvention.

The solution is, obviously, put a cost, a high cost to make every doctor think twice before they prioritise convenience over privacy.

Both doctors, who lost USB flash drives with patient data, received a warning letter after the incident. This is not enough.

“Maybe we should really start firing doctors,” an influential insider at the Hospital Authority told me recently.

Disciplinary dismissal might sound too harsh for a highly trained individual, but that might just be what is needed to stop such incidents.

Maybe it will turn the local media to sympathise the doctors being fired – but believe me, there won’t be many such doctors.

Because doctors are smart people, they adjust themselves fast – if there is a need to do so.