Privacy and Security Principles for Health Information TechnologyIt has come to our attention that recently the Center for Democracy and Technology (CDT) has released in June a briefing on public health policy issues affecting civil liberties online. This issue has become a hot button in the U.S. because of the strong push for the adoption of IT in healthcare there. But this is of course timely for us in Hong Kong too, in the aftermath of the leakage of personal data in our hospitals. (Indeed, tonight it was reported that HSBC has once again "lost" a tape containing 25,000 customer call conversations that include personal data.)
This afternoon, I also attended a briefing by Cisco with its public sector executives from the U.K. and New Zealand sharing with us their experience with privacy protection in public bodies in their countries. We are reminded that the incidents we face in Hong Kong are not unique or exceptional. We also have to be careful about striking a balance between more openness (which is a global trend in government and demanded by citizens in most developed countries) and becoming more guarded and closed because of concerns about privacy.
Working with the Hospital Authority Task Force on Patient Data Security and Privacy, we are working hard to finalize our final report – to analyze the lessons learned in the previous incidents and the recommend further improvements in structure, processes and the training and communications with people. The Privacy Commissioner's Office will also likely release its report soon on the incidents after it has conducted its “data inspection.” While the PCO report will look more specifically into the existing situation and making its comments and suggestion, the Task Force's report hopefully would be more forward looking.
Privacy and Security Principles for Health Information Technology