20 / 32
20
PCPD News
私隱專員公署通訊
•
Issue no. 30
公署動態
PCPD in Action
私隱專員就《電子健康紀錄互通系統條例草案》提交意見書
The Commissioner Raises Concerns on the Electronic Health Record Sharing
System Bill
毫無疑問這個電子健康紀錄互通系統
(
在立法會法案委員會討論中
)
可以讓獲
授權的醫護人員取得及互通參與病人的
病歷,令到以病人為本的醫護協作模式
更有效率,但亦同時對保障私隱及個人
資料方面構成重大挑戰。鑑於健康資料
性質非常敏感及私人,私隱專員認為新
法例在病人病歷方面提供的私隱保障,
不能低過現行《個人資料
(
私隱
)
條例》
所提供的保障。
私隱專員並於
2014
年
5
月
21
日向立法
會《電子健康紀錄互通系統條例草案》
委員會及其後法案委員會會議中,提交
了就相關草案的意見書,提出了多項有
關個人資料私隱保障方面的關注包括:
1.
新法例的條文應該向公眾清楚闡
述,這個互通系統會設計成可把病
人病歷的健康資料分門別類,令醫
護專業人員嚴格按「有需要知道」
的情況,才可查閱病人相關的健康
資料。
2.
互通系統應該提供一個「保險箱」,
以儲存病人的某些特別敏感的病歷
資料,及加強控制查閱該些資料。
若有這項功能,病人便可以令個別
醫護提供者,即使已取得病人的一
般同意,也不可自動取覽部分類別
的健康紀錄互通資料。
3.
電子健康紀錄專員可允許「直接或
間接提供醫護服務」的團體和「涉
及提供醫護服務」的政策局或部門
在互通系統登記,該酌情權似乎過
於寬鬆。
4.
即使是「獲書面授權的人士」也不
能代表資料當事人對其儲存於互通
系統的健康資料行使查閱及改正權
利,這安排看來並不合理。
5.
草案建議對於未獲授權經電腦查閱互
通系統內的健康資料訂為罪行;公署
建議應考慮把未獲授權下採用其他
途徑查閱電子健康紀錄的行為或不
當使用該些資料,也同樣訂為罪行。
6.
根據草案,電子健康紀錄專員並無
法律責任檢視已登記的醫護提供者
的電子醫療紀錄系統。公署認為,
這實際上會削弱及貶低電子健康紀
錄專員規管及監管互通系統中共享
及使用健康資料,以及監管參與的
醫護服務提供者遵守新法例的法定
職能。
意見書的全文已刊於
www.pcpd.org.hk/tc_chi/news_events/speech/files/eHR_
summary_legco_paper_c.pdf
。
There is little doubt that the Electronic
H e a l t h R e c o r d S y s t e m ( b e i n g
discussed by the Bills Committee of
the Legislative Council), designed for
access to, and sharing of, participating
patients' health data by authorised
healthcare providers, can provide
collaborative patient-centred care
more efficiently. But it also poses
serious challenges to privacy and data
protection. In view of the very sensitive
and private nature of health data, the
Commissioner recommended that
the new legislation under discussion
provide privacy safeguards to patients'
health data at a level no less than that
provided under the existing Personal
Data (Privacy) Ordinance.
The Commi s s i one r exp r e s s ed h i s
concern about the Electronic Health
Record Sharing System (the "System")
Bill in his submission (the "Submission")
to the Bills Committee on 21 May and
at these subsequent Bills Committee
meetings. The major concerns raised in
the Submission are as follows:-
1. I t s hou l d be made c l ea r t ha t
compartmentalisation of data will
be introduced as a basic design
f ea t u r e o f t he Sy s t em so t ha t
healthcare professionals can access
the health records of a patient only
on a strictly "need-to-know" basis.
2. The Sy s t em shou l d p r ov i de a
"safe deposit box", which allows
the separate storage of certain
particularly sensitive patient data,
with enhanced access control,
thus allowing patients to prevent
some categories of sharable data
from being automatically viewable
by healthcare providers even with
prior generable consent obtained
from the patients.
3. The discretion of the Electronic
Hea l t h Reco r d Commi s s i one r
to allow registration under the
System of bodies who "directly
or indirectly provide healthcare"
a n d g o v e r nme n t b u r e a u s o r
departments involved in "providing
healthcare" seems too wide.
4. Deny i ng pa t i en t s t he r i gh t t o
au t ho r i s e a r ep r e s en t a t ive i n
writing to exercise their data
access and correction rights in
respect of their health data kept in
the System seems unreasonable.
5. In line with the provision in the
Bill to create a specific offence for
unauthorised access to the health
data held in the System through the
use of computers, consideration
should be given to introducing
offences for unauthorised access of
such data by any other means and
for unauthorised use of the data.
6. Relieving the Electronic Health
Re co r d Commi s s i one r o f t he
legal obligation to inspect the
information systems used by the
healthcare providers participating
in the System in effect belittles
and discredits the Commissioner‘s
statutory functions to regulate and
supervise the sharing and use of
the health data kept in the System,
and to supervise the participating
healthcare providers' compliance
with the new legislation.
Full details of the submission are at
www.pcpd.org.hk/english/news_events/speech/files/eHR_summary_legco_
paper_e.pdf
.