Intern Dentist Investigated by Police for Unauthorized Access to 16 Medical Records

*Image source: Press Releases of the Government of the Hong Kong Special Administrative Region

DentalGoodNews｜Recently, the Department of Health of Hong Kong issued a notice that a contract intern dentist employed under non-civil service terms is suspected of unauthorized access to medical records of 16 individuals who were not their patients through the dental clinic's clinical medical information management system and eHealth (Electronic Health Record Sharing System). The Department of Health has referred the case to law enforcement agencies for criminal investigation.

According to the notice, the Department of Health previously received a referral inquiry from a member of the public via the eHealth Application and Enquiry Centre. The citizen reported receiving a text message indicating that their eHealth records had been accessed by Department of Health healthcare personnel, despite never having used Department of Health services. The relevant authorities immediately launched an investigation and preliminarily found that the contract intern dentist involved had accessed medical records of non-patients multiple times without authorization, and claimed that all 16 individuals concerned were their acquaintances.

Currently, the contract intern dentist involved has been suspended from duty. The Department of Health has notified the Office of the Privacy Commissioner for Personal Data, the Commissioner of Electronic Health Records, and the Dental Council of Hong Kong regarding the incident, and has informed the affected individuals.

According to Hong Kong's Dentists Registration Ordinance (Cap. 156), local dental graduates must complete internship before formal registration for practice. The internship system is designed to help graduates accumulate experience in actual clinical work environments, familiarize themselves with local practice conditions, and enhance their ability to communicate with patients and make clinical judgments. The Department of Health stated that intern dentists must undergo two weeks of training upon employment, covering professional conduct and codes of behavior.

*Image source: Hong Kong eHealth official website

The authorities stated that eHealth is Hong Kong's territory-wide electronic health record sharing platform. When accessing patients' electronic health records, healthcare professionals must pay attention to protecting patient privacy and comply with relevant laws. According to the Department of Health's internal guidelines, healthcare professionals may only access medical records in the clinical medical information management system and eHealth after obtaining patient consent and meeting the principles of "Need to Know" and "Patient Under Care." All access records are logged for future verification.

In response to the incident, the University of Hong Kong's Faculty of Dentistry stated that it will strengthen relevant training for dental students and intern dentists in information technology security. The Department of Health will also review and optimize existing internal system security measures, and reiterated that all staff and healthcare personnel must strictly comply with information technology security regulations and internal guidelines for using eHealth.

The Department of Health emphasized that the authorities have always attached great importance to the conduct and discipline of employees (including contract personnel). If improper behavior by staff is discovered or suspected, the Department will conduct a serious investigation and handle it in accordance with established mechanisms in a lawful and fair manner.