The Privacy Commissioner for Personal Data has launched an investigation into the recent cases of patient data loss and will inspect the Hospital Authority's personal data system.

The commissioner's office today said in addition to the cases announced by the Health Department and the Hospital Authority, the Prince of Wales Hospital also lost a flash drive containing the personal data of 10,000 patients.

The stored files were mainly general working documents containing patients' names, identity numbers and laboratory test data.

Staff usually delete data on USB flash drives upon completion of a task. As the Prince of Wales staff member could not recall if she deleted the data in this case, for the sake of security, the hospital reported the case to Police and the Privacy Commissioner. Police are now investigating and the hospital has received no enquiries so far.

Immediate action taken

Commissioner Roderick Woo said due to public concern over the losses he has ordered immediate action to be taken under the Personal Data (Privacy) Ordinance to secure patient data.

Regarding the United Christian Hospital's loss of a USB flash drive the commissioner has issued a summons requiring the officer-in-charge to give evidence. The commissioner has asked the authority and the department for information relating to losses by Tuen Mun Child Assessment Centre, Kowloon Hospital and Pamela Youde Nethersole Eastern Hospital and said he may summon witnesses to give evidence.

The commissioner is also probing other data loss cases involving Queen Mary and Prince of Wales Hospitals.

Secretary for Food & Health Dr York Chow is regretful and disappointed with the repeated data losses. He said he looked forward to the commissioner's recommendations. He has instructed the authority to formulate clear guidelines for its staff as soon as possible to protect patient privacy.