Hong Kong, Shenzhen set the trend for greater data flow in the Greater Bay Area with the exchange and integration of cross-border medical records. Chai Hua reports from Shenzhen and Wang Yuke from Hong Kong.

Data flow poses a dilemma in the development of the Guangdong-Hong Kong-Macao Greater Bay Area: While data security, privacy concerns and different systems between the nine cities of Guangdong province and the two special administrative regions require a regulated one, convenience, mutual recognition of systems on both sides and further integration within the cluster demand a free one.

When it comes to exchanging individual medical information — one of the most sensitive types of data, things become even harder. But Hong Kong and Shenzhen are swapping electronic medical records and making sure Hong Kong Hospital Authority patients can receive regular treatment in Shenzhen during the pandemic.

Some institutions, both private and public ones, don’t know if they are allowed to share their data, what data or how to share them

Guo Renzhong, an academic at the Chinese Academy of Engineering who was an adviser in the drafting of the Shenzhen Special Economic Zone Data Regulations

Due to the strict quarantine measures between Hong Kong and the Chinese mainland, the Hong Kong government launched a Support Scheme this year that allows encrypted copies of the medical records of Hong Kong Hospital Authority patients to be sent to the University of Hong Kong-Shenzhen Hospital — a comprehensive public hospital built by the Shenzhen municipal government and one of HKU’s two teaching hospitals.

“This is a breakthrough in cross-border data integration,” said Lo Chung-mau, chief executive of the hospital. More than 10,000 patients have used the scheme, with zero reports of their medical data having been improperly used so far.

With a patient’s consent, the Electronic Health Record Sharing System or eHealth, developed by the Hong Kong government, will send an encrypted copy of the patient’s medical record to HKU-SZH. To protect the privacy of patients, the hospital must ensure that only designated personnel can access the medical records when necessary.

Lo said the data exchange is partial in content and degree. For instance, the shared information currently covers only part of it, including hospitalization reports, medication history and examination reports. Detailed surgical reports and imaging data are not included. However, such an arrangement could mean wasting medical resources and putting patients at more risk in some cases, such as examinations involving radiation.

Moreover, he believes what’s more important is strengthening linkage of the computer systems in Hong Kong and Shenzhen, or the “true connection”, as he called it. At present, it takes three to seven days to apply for, approve and transfer a patient’s medical files in encrypted form, but if an emergency operation is involved, it is impossible to get the patient’s medication status in time, and this could delay treatment.

“The timely and comprehensive intercommunication of data information implies mutual recognition of examining data — an imperative step in unifying standards and medical quality in the Greater Bay Area,” said Lo.

He hopes the Hong Kong and Shenzhen authorities consider cross-border data when planning related systems and regulations.

The breakthrough in the exchange of cross-border electronic medical records marks the epitome of data flow in the Greater Bay Area.

Suen Wai-mo, CEO of data service provider ClusterTech. (PHOTO PROVIDED TO CHINA DAILY)

Applying to other fields

As collaboration and business activities increase in the 11-city cluster, data protection is a pressing issue to address, said Qin Sizhao, dean and chair professor of Data Science at the City University of Hong Kong.

Trust is hard won, but is a paramount element before any industry can monetize or gain valuable insights from its consumer data

Suen Wai-mo, CEO of data service provider ClusterTech

Cross-border collaboration potentially makes it easier to leak private information and for criminals to get away with using the information inappropriately, warned Qin, who is also director of the Hong Kong Institute for Data Science. Despite the risk of privacy infringement, he insists that cross-border data sharing should be encouraged because “the more data is shared, the more rewards will be reaped by both sides”.

In the same vein, the sharing of electronic medical records can be extended to other domains to facilitate cross-border commuting and streamline coordination at border checkpoints. For example, if Hong Kong’s Octopus card and Shenzhen’s equivalent “Shenzhen Tong” could be digitally synchronized without sharing a cardholder’s identity, it will help mitigate unwanted congestion on trains, he said.

Qin is convinced there will be more refined measures and regulations hammered out collectively by the authorities on both sides to bolster information security. “As we use it, we will make it better over time,” he said.

Shenzhen has made strides in promoting the opening and usage of data through legislation. Last month, the Shenzhen municipal people’s congress issued the country’s first basic and comprehensive local legislation on personal data management — the Shenzhen Special Economic Zone Data Regulations.

Guo Renzhong, an academic at the Chinese Academy of Engineering who was an adviser in the drafting of the new regulations, said the rules will guide and stimulate the development and utilization of data, rather than restricting them and they also could help Shenzhen in opening up more data and developing a digital economy and smart city.

“Shenzhen is in the vanguard in building a smart city, the key to which is sharing data. But some institutions, both private and public ones, don’t know if they are allowed to share their data, what data or how to share them,” Guo told China Daily, adding that he believes such hesitation could lead to wasting data resources.

Regulations offer protection

However, the boundary between the freedom in accessing data and privacy is tricky, and could be easily trespassed, admitted Suen Wai-mo, CEO of ClusterTech — a Hong Kong company dedicated to providing services and products in massive data processing, large-scale computing, in-depth analysis and artificial intelligence.

As collaboration and business activities increase in the 11-city cluster, data protection is a pressing issue to address

Qin Sizhao, dean and chair professor of Data Science at the City University of Hong Kong, and director of Hong Kong Institute for Data Science

Technically, multilayer encryption not only helps protect people’s private information from being unearthed, but also instills trust in them so they will have no qualms about sharing data. “After all, data is an essential element we rely on to study society, population and the environment,” Suen reckoned.

Trust is hard won, but is a paramount element before any industry can monetize or gain valuable insights from its consumer data, he added. Legal frameworks that enforce the legitimate use of personal information across all industries have never been so important until the digital economy takes hold.

The European Union acted ahead of the curve in launching the first-of-its-kind General Data Protection Regulation, which took effect in 2018. The GDPR mandate stipulates the provisions and requirements for the processing of individual data and addresses the transfer of personal data outside the EU. Not only does it standardize and regulate the practice of data controllers, it also promises people’s control and rights over their own information because several articles are dedicated to emphasizing the imperative of “an informed and unambiguous consent” from data subjects before using them.

The United Kingdom launched its Data Protection Act 1998, while China passed the Data Security Law, which will take effect in September.

With the prospect of increased collaboration between businesses and across industries in the Greater Bay Area, data transfer and sharing are bound to occur, warranting the region’s answer to GDPR, said Suen.

Guangdong province issued the country’s first data element market-oriented allocation reform document last month, proposing to support Shenzhen in building a data element trading platform in the 11-city cluster, as well as a data element cooperation pilot zone in Guangzhou’s Nansha district.

“If a big data center is to set up in the Greater Bay Area, Hong Kong, as a gateway connecting the mainland and the world, will help mainland cities to adopt a mindset of data privacy protection that the EU countries have adhered to, and propel the enactment of a Greater Bay Area equivalent of the GDPR,” Suen said.

Key points of the Shenzhen Special Economic Zone Data Regulations:

• Operators of apps will not be able to refuse core functions or services to people who do not accept personal data usage agreements.

• Users will have the right to refuse customized recommendations based on analyses of their profiles.

• The legislation forbids the use of big data analysis to impose discriminatory pricing on users, with violators facing fines of up to 50 million yuan (US$7.74 million).

• Alternatives to biometric technologies, such as face recognition, fingerprint verification, voice unlock and iris recognition, need to be provided.

• The data generated and processed by organizations that provide public services, including education, health, public transportation, water and power, should be open to the public as much as possible without any fees.

Contact the writers at grace@chinadailyhk.com