Hong Kong Hospital Authority values patient data privacy, and police are not given access rights to information systems

I refer to the letters from Mr Francisco T.T. Lai (“Hospital data breach demands independent probe, or trust in public health care may be lost”, June 26) and Ms Cassandra Chan (“Keeping patient data private just a TV gimmick”, June 28), expressing their views on privacy protection policies for patients at public hospitals.

Amid recent concerns regarding the protection of patient privacy in public hospitals, the Hospital Authority has announced the establishment of a special task group to conduct a quick and focused review into information technology security in public hospitals, with particular focus on clinical system security risks with regard to patient privacy protection and frontline operations. The special task group will complete the review and submit a report to the Hospital Authority in three months.

The special task group will focus on reviewing the security and privacy protection measures in the Hospital Authority’s clinical systems, suggesting areas where new approaches to securing access are required, and highlighting new security technologies and practices which could be of value in enhancing the security and privacy of clinical systems.

We would like to take this opportunity to reiterate that the privacy of patient data is of the utmost importance. Our information systems are not connected in any way to police systems nor are the police given any access rights to our systems. There has also been no evidence that any information from the Accident and Emergency Information System has been given to the police.

The Hospital Authority will continue to uphold patient confidentiality, which is the cornerstone of patient confidence in seeking consultation.

Dr N.T. Cheung, head of Information Technology and Health Informatics, Hospital Authority