Hong Kong urges tougher controls on patients' data

Jul 22, 2008, 9:27 GMT

Hong Kong - Tougher controls to protect patients' personal and medical data should be introduced at the city's hospitals following a series of security blunders, the territory's privacy watchdog said Tuesday.

Roderick Woo, the privacy commissioner, made 37 recommendations to the Hospital Authority after inspecting the data security system at one of its hospitals.

The tougher measures include restricting the use of passport and identity card numbers, limiting the period of time data is stored and more stringent controls on the use of portable storage devices such as computer memory sticks.

Woo said any data leaks or losses should be reported to him, saying he was 'in the dark' on many of the security lapses.

Responding to Woo's report, Hospital Authority chief executive Shane Solomon said 'significant progress' would be made in adopting the recommendations over the next year.

'A number of improvement steps, particularly on the technology side, are already underway. This includes, for example, automatic encryption of patient data,' Solomon said.

A dedicated team would be set up to work solely on improving data security within the authority.

Woo launched the security probe in May after Prince of Wales hospital lost a USB computer memory stick containing the data of 10,000 patients. A laboratory analyst admitted leaving the memory stick, half the length of a ball point pen, in a taxi.

About 10 memory sticks containing patients' information were either lost or stolen before the probe began.