Hospital Authority staff reminded on safeguarding patient data privacy
The following is issued on behalf of the Hospital Authority:
Recently, there were several incidents of clinical information and images, suspected to belong to public hospital patients, being circulated in the social media. The Hospital Authority (HA) spokesperson today (November 11) reiterated that it strives to safeguard patient privacy and will abide by the Personal Data (Privacy) Ordinance. HA staff are also reminded of the same responsibility to protect patient privacy.
The HA has issued an email to all staff last week reminding staff to avoid unauthorised access to patient data and unauthorised disclosure of patient data to third party, including any disclosure of confidential patient information or medical records in social media.
While using the Clinical Management System to access patient records, healthcare staff has to observe the two key principles, namely, patient under care and organisation need-to-know.
The HA spokesperson remarked that besides strict compliance with the guidelines on protecting patient privacy, staff members should not disclose any confidential information or records obtained in their official capacity to any party outside the organisation, according to the HA Code of Conduct. Hence, even though the leaked information may not contain personal identifier, the staff member would have breached the Code in handling confidential information and records. The HA would follow up seriously for cases of non-compliance. It will also refer cases to the Office of the Privacy Commissioner for Personal Data or relevant law enforcement agencies for follow up as appropriate.
The HA also appeals to members of the public to respect the privacy of patients and avoid further circulating these kind of information.