s you know, several colleagues working in our hospitals had not exercised proper protection of the sensitive personal information stored on their own USB storage devices, which were unfortunately lost. These incidents have inevitably affected the public's confidence in the HA regarding the protection of patients' personal information. We subsequently established the Information Security and Privacy Office in 2008. The purpose is to promote information security and protection of personal data privacy. HASLink has asked Mr Dickson Wong, our Corporate Information Security and Privacy Officer, to tell us more about the HA's policy on this subject.
Mr Wong points out that the policy requires all HA staff to work together to protect the security and privacy of personal information. That includes the time of collection, usage, storage in any form, access, extraction, transmission or disposition of data. "Whenever our colleagues access patients' personal information, they should observe two principles: 'patient under care' and 'organisation need-to-know'," he says.
Such information should be protected in accordance with the following provisions of the Personal Data (Privacy) Ordinance:
¡@
Personal data should be obtained and processed lawfully and fairly;
Personal data should be accurate, up-to-date, and kept no longer than necessary;
Personal data should be used for the purposes for which they were collected;
Appropriate security measures should be applied to personal data;
Information regarding personal data should be generally available; and
Channels should be provided to give the subjects of the data the right to access and correct their personal data.
Mr Roderick Woo, the Privacy Commissioner for Personal Data, and our Chief Executive, Mr Shane Solomon, hosted a ceremony on 7 May 2009 to jointly launch "Care for Patients, Protect their Personal Data" campaign, which aims to promote the importance of privacy. The ceremony was followed by the first forum about the Personal Data (Privacy) Ordinance. It attracted a capacity audience of attentive colleagues when it was held at HAHO.
Mr Wong emphasises that all clinical staff members should receive proper education and training periodically to strengthen their understanding of the Ordinance on the obligation to safeguard the personal information of patients and also our policy and procedures for ensuring this. "To achieve this, we are organising a number of forums in co-operation with the Office of the Privacy Commissioner for Personal Data," he says.
In addition, Mr Wong points out that all staff members should report security and privacy breaches, if any, to the supervisors in a timely manner so as to minimise the potential and consequential damage it may cause.
We should all work together to protect personal data!
s you know, several colleagues working in our hospitals had not exercised proper protection of the sensitive personal information stored on their own USB storage devices, which were unfortunately lost. These incidents have inevitably affected the public's confidence in the HA regarding the protection of patients' personal information. We subsequently established the Information Security and Privacy Office in 2008. The purpose is to promote information security and protection of personal data privacy. HASLink has asked Mr Dickson Wong, our Corporate Information Security and Privacy Officer, to tell us more about the HA's policy on this subject.
¡@ 
