A government-appointed committee is studying the need for separate legislation to protect electronically stored health records, an official has said. The working group will study privacy and security issues that may arise when a common platform for data sharing among all health care providers and patients is established. 'Separate legislation can provide additional reassurance, and people will feel more comfortable with having their data shared,' said Deputy Secretary for Food and Health Thomas Chan Chung-ching. 'But at the same time, it will carry extra costs, as it may need extra law-enforcement efforts. So we need to strike a good balance.' At present, protection of health care data falls under different legislation, including the Crime Ordinance and the Personal Data (Privacy) Ordinance, which is enforced by the Privacy Commission. The Hospital Authority announced this month that it would spend HK$35 million in the coming two years to improve data security. This comes after a series of data leaks from public hospitals this year that raised public concern. An estimated 16,000 patients at five public hospitals and an outpatient clinic had their personal data lost, as reported to the Hospital Authority in April and May. All the incidents were caused by the loss of electronic devices such as USB flash drives. In July, the Privacy Commission laid down 37 recommendations after an unprecedented two-month inspection of public hospitals. In 1998, a hospital research assistant was jailed for six months for leaking the medical records of former secretary for justice Elsie Leung Oi-sie to the press. The assistant used a doctor's password to obtain the confidential file at Queen Mary Hospital. Mr Chan said regular privacy audits would be conducted in the future.