Patients' details stolen from clinic
The personal data of 665 patients has been stolen from a Tuen Mun clinic, while it was revealed yesterday that a hospital also had lost patients' data.
In both cases the information had been stored on a USB flash drive.
The theft at the Tuen Mun Child Assessment Centre happened last Friday when a medical officer left the device in her unlocked office.
The data included patients' names and addresses, their photographs, parents' names, phone numbers and medical records.
Police are treating the case as suspected theft and the Health Department is helping the investigation.
Meanwhile, the Hospital Authority revealed last night that the United Christian Hospital had lost the private data of 26 patients last October. The authority said the hospital promptly informed patients, apologised and reported the incident to police. There was no indication the information had been used.
Deputy Director of Health Gloria Tam Lai-fan, who apologised to the patients and their families involved in the Tuen Mun case, said the department was treating the incident seriously as it involved privacy issues.
Most of the patients had been treated at the Tuen Mun clinic, while a few were from other child-assessment centres across the city.
The patients suffered from developmental, communication or physical problems and ranged in age from newborn to 30 years old.
'The affected families should remain alert and report to the police if they are approached by suspicious people with their personal data,' Dr Tam said. 'No suspected abuse of the data has been discovered so far.'
She said letters had been sent to affected families.
Dr Tam said the medical officer left the device in her office on Friday afternoon. 'When she returned, she could not find it.'
The department reported the case to police on Tuesday after repeated efforts to find it failed. 'Officers are allowed to use USB drives to store this information, but there are also guidelines requiring them to store these devices appropriately,' she said.
Dr Tam said the device did not have a password and anyone could directly access the information.
'Since the incident, we require every officer to have passwords on this kind of device if private information is stored. They should also keep identifiable patient information on these devices to a minimum.'
Dr Tam said disciplinary action might be taken against the long-serving officer, who had a good record.
She also reassured parents that treatment for their children would not be affected as the original medical records remained intact.
Health Minister York Chow Yat-ngok urged the Health Department to review its guidelines on the handling of private data.
A hotline has been set up on 21251133 to handle inquiries involving the Tuen Mun case.