PDF《Data Security》

Data Security Data Security 1.

The Hospital Authority owns all clinical data that are create 1. The Hospital Authority owns all clinical data that are created or d or collected in the course of patient care at HA institutions. collected in the course of patient care at HA institutions. 2. Access to the patient data is governed by the principles of p 2. Access to the patient data is governed by the principles of patient atient under care and organizational need under care and organizational need- -to to- -know basis. know basis. 3. All staff are responsible for the safety & confidentiality of 3. All staff are responsible for the safety & confidentiality of the the patient data and to prevent unauthorized use. patient data and to prevent unauthorized use. 4. The person who performs the data export in any means which 4. The person who performs the data export in any means which involves the duplication of individually identifiable patient da involves the duplication of individually identifiable patient data, ta, such as data download, printing or transcription is responsible such as data download, printing or transcription is responsible for the usage and protection of the exported data which must for the usage and protection of the exported data which must comply with the PD(P)O principles and A Draft Paper on comply with the PD(P)O principles and A Draft Paper on Release of Patient Release of Patient' 's Information. s Information. 5. Download of identifiable patient data to any mobile storage d 5. Download of identifiable patient data to any mobile storage device evice such as notebook, USB, PDA, external hard such as notebook, USB, PDA, external hard- -drive must be drive must be prohibited unless approval is granted by HCE. prohibited unless approval is granted by HCE. 6. Appropriate measures must be taken to protect the security of 6. Appropriate measures must be taken to protect the security of the the exported data e.g. using encryption and password, keeping the exported data e.g. using encryption and password, keeping the exported data safely in a secured area. exported data safely in a secured area. 7. All the unused and expired identifiable patient data should b 7. All the unused and expired identifiable patient data should be deleted. e deleted. 8. Identifiable patient data must 8. Identifiable patient data must not not be transferred via internet e be transferred via internet e- -mail. mail. 9. For any loss of patient data, the staff must report to the d 9. For any loss of patient data, the staff must report to the department epartment head immediately. The department head should consider to report head immediately. The department head should consider to report the case to the Police as appropriate. the case to the Police as appropriate. 10. Breach of confidentiality and security is subject to discipl 10. Breach of confidentiality and security is subject to disciplinary inary action. action. 11. Useful Link 11. Useful Link ? ? Mobile Storage Alert Mobile Storage Alert (http:// (http://ntec.home/ntecitd/MobileStorageAlert.htm ntec.home/ntecitd/MobileStorageAlert.htm) ) ? ? Frequently Asked Questions Frequently Asked Questions - - Clinical Data Policy Clinical Data Policy ( (http://informatics.home/mediawiki/index.php/Clinical_Dat http://informatics.home/mediawiki/index.php/Clinical_Dat a_Policy_ a_Policy_- -_Frequently_Asked_Questions _Frequently_Asked_Questions) ) ? ? A Practical Guide to IT Security A Practical Guide to IT Security ( (http://ha.home/infosec/document/A_Practical_Guide_to_I http://ha.home/infosec/document/A_Practical_Guide_to_I T_Security_EN.doc T_Security_EN.doc) ) ? ? Clinical Data Policy Manual Clinical Data Policy Manual ( (http://informatics.home/mediawiki/index.php/Clinical_Dat http://informatics.home/mediawiki/index.php/Clinical_Dat a_Policy_Manual a_Policy_Manual) ) ? ? Electronic Communications Policy Jan