Professional Documents
Culture Documents
CONFIDENTIALITY
Wong Hei Yi
18/11/2020
26 October 2022
CONSENT
! “I will respect the secrets that are confided in me, even after
the patient has died” - 1948 modification of the Hippocratic
Oath, 5th Requirement
BASIS OF DUTY
Equity & Common Law
! Prince Albert v Strange (1849) 1 Mac & G 25, 41
ER 1171 – Lord Chancellor granted an injunction to
restrain publication of a catalogue which would
expose details or original etchings of the Plaintiff
based on property right, breach of trust, confidence,
and contract.
BASIS OF DUTY
Human Rights Law
! Campell v MGN Ltd Prince Albert v Strange [2004] 2
AC 457 – “This stems not only from the confidentiality of
the doctor-patient relationship ... As the Euopean Court of
Human Rights put in in Z v Finland 25 EHRR 371,
405-406, para 95: ‘Respecting the confidentiality of health
data is the vital principle in the legal systems of all the
Contracting Parties to the Convention…’ – per Baroness
Hale
REGULATIONS OF LOCAL INSTITUTIONS
Hospital Authority Data Privacy Guideline
1. Patient under care
2. Organization-need-to-know
PERSONAL DATA (PRIVACY) ORDINANCE
(CAP.486)
Use of personal data Not for purpose other than for which it is
collected unless with further consent
Security of personal data All practical steps taken to ensure protection
against unauthorized access / process / erasure
Information to be As to the data user’s policies and practices
available
Access to personal data Right of data subject to ascertain whether data
user is in hold of his personal data, to request
access, to be address within reasonable time,
make corrections, and be provided with reasons
for rejection
Part Content
1 Standard preliminary provisions of statutes.
2 Establishment of Privacy Commissioner of Personal
Data and his functions & powers.
3 Code of Practice.
4 Data user returns and the register of data users.
5 Access to and correction of personal data.
6 Prohibition of matching and transferral of personal
data outside HK.
6A Use of personal data in direct marketing and provision
of such.
7 Inspection, complains and investigations.
8 Exemptions
9 Offences and compensation
10 Miscellaneous matters
Sections Content
2 Defines “data user” to be person(s) who controls the
collection, holding, processing or use of data, & “data
subject” to be the person who is the subject of data.
4 Data user shall not engage in act contravenes a DPP as
stipulated in Sch.1 of the PD(P)O.
18 Data Access Request (DAR).
19 Requires supply of personal data held to be made
available within 40 days or written explanations to be
provide in case of non-compliance.
20 Grounds for refusal of DAR.
22 Correction of inaccurate data.
26 Erasure of data once no longer required unless
prohibited by law or for public interest.
28 Reasonable fee to be charged of making DAR or
correction.
SIX DATA PROTECTION PRINCIPLES (DPP)
(Cont’d):
! Laboratory and Radiology Reports
! Healthcare Referrals