Special Task Group Appointed to Review Information Technology Security

The following is issued on behalf of the Hospital Authority:

     In view of recent allegations and concerns on the Accident and Emergency Information System (AEIS) of the Hospital Authority (HA), the HA today (June 20) announced the establishment of a special task group to conduct a quick and focused review into information technology security in the HA, with particular focus on clinical system security risks with regard to patient privacy protection and frontline operation. The objective is to reaffirm the clinical system security frameworks and, where appropriate, recommend possible measures for enhancements. The special task group will focus on the following tasks:
 
     1.     To review the security and privacy protection measures in the HA's clinical systems;
     2.     To suggest areas where new approaches to securing access are required; and
     3.     To highlight new security technologies and practices which could be of value for enhancing the security and privacy of the HA's clinical systems.
 
     The special task group will be chaired by Mr Jason Yeung who is the chairman of the Audit and Risk Committee of the HA Board. Two experts on information technology and personal data privacy, namely, Professor Daniel Lai, the former Government Chief Information Officer and Mr Stephen Lau Ka-men, the first Privacy Commissioner for Personal Data of Hong Kong, will also join the group as member (full details attached).

     The special task group targets to complete the review and submit a report to the HA in three months.