What's eHealth

  • What is sharing of electronic health record (eHR)?
    Expand
    1. The Electronic Health Record Sharing System (eHealth) provides health records in electronic format that contain health-related data of individuals.
    2. eHealth provides an efficient platform for healthcare providers to upload and access an individual's health-related data.
    3. Participation in eHR sharing is voluntary. With an individual's sharing consent, healthcare providers may access the individual's eHR for healthcare purpose.
    4. The first stage of the eHR Programme aims to set up the eHR sharing platform for connection among public and private hospitals, clinics, laboratories and radiological examination centres to connect to the eHR sharing platform.
  • What are the objectives of eHR Sharing System?
    Expand

    eHealth is implemented with the following objectives:

    1. Improve efficiency and quality of care: by providing healthcare providers with timely access to comprehensive medical information of patients, and enhancing cost-efficiency by minimizing duplicate investigations.
    2. Improve continuity and integration of care: by providing healthcare providers with access to lifelong health records of patients for holistic care and facilitating referral and follow-up of cases between different levels of care.
    3. Enhance disease surveillance: by allowing prompt provision of data for disease surveillance and by facilitating the compilation of health statistics to support policy formulation and public health research.
    4. Redress public-private imbalance: by facilitating other public-private partnership in healthcare and at individual level, by enabling patient to choose freely between public and private services without worrying about the transfer of medical records.
  • How much has been invested for the development of eHealth?
    Expand

    The full development of eHealth straddles 10 years, starting from 2009-10. In July 2009, the Finance Committee of the Legislative Council (LegCo FC) approved a capital commitment of $702 million for the first stage of the eHR Programme. With the eHealth launched in March 2016, the Government sought LegCo FC's approval in March 2017 for a capital commitment of $422 million for the second stage programme.

  • How will patients be benefited by this programme?
    Expand
    1. The Electronic Health Record Sharing System (eHealth) provides an important healthcare infrastructure for healthcare providers to access a patient's essential health related data for continuous and quality healthcare.
    2. It allows sharing of health information between different healthcare providers, (e.g. hospitals and clinics), enabling more timely treatment and diagnosis and reducing duplicative diagnostic tests.
    3. It enables patients to have more choices for continuous care and services from any chosen healthcare providers (who have participated eHealth) by improving communication and sharing of health information.
  • How will healthcare providers be benefited by this programme?
    Expand
    1. eHealth provides a sharing platform for patients' health records to be shared among healthcare providers, so that healthcare provider can better understand their patients' condition ; and therefore
    2. It improves safety and efficiency of clinical care.
  • What are the benefits for me to participate in eHealth?
    Expand

    eHealth will enhance the quality of care provided to patients by enabling better access by healthcare providers to acquire health information. The healthcare quality benefits will be delivered specifically by:

    1. Reducing the frequency and scale of medication errors;
    2. Providing more efficient and a more effective use of diagnostic tests;
    3. Increasing the speed of treatment, for example by eliminating repeated tests or information requests from a patient; and
    4. Improving the accuracy of diagnosis and patient management through clinical decision support.

Sharable records

  • What information does eHealth contain?
    Expand

    Only data within the sharable scope will be shared in the Electronic Health Record Sharing System (eHealth). The scope of sharable data will be reviewed and updated from time to time. The joining and sharing consent given will remain valid for any changes in sharable scope. The current scope of sharable data includes the following:

    1. Personal identification and demographic data (including name, date of birth and identity document number etc.)
    2. Allergies and adverse drug reactions
    3. Diagnosis, procedures & medication
    4. Encounters / appointments (i.e. summary of appointments / bookings)
    5. Clinical note / summary (i.e. discharge summary)
    6. Birth and immunisation records
    7. Laboratory and radiology reports
    8. Other investigation reports
    9. Healthcare referrals

    The latest scope and details are published in the website of eHealth. Due to technical constraints and readiness of electronic data, individual healthcare providers may only be able to share some but not all data within the sharable scope at initial launch of the system.

  • How is the "sharable data" defined?
    Expand
    1. Sharable scope is defined based on clinical need and data readiness in respective healthcare providers' computer medical systems.
    2. Sharing of such data within the sharable scope should be essential for providing healthcare to the patients.
    3. It was defined in the Domain Groups established under the Steering Committee on Electronic Health Record Sharing in Electronic Health Record (eHR) Office, with wide range of stakeholders and expertise representation. The scope of sharable data will be reviewed from time to time.
  • Is the data in eHealth accurate?
    Expand

    Clinical accuracy of data relies on the healthcare providers and healthcare professionals who collect and document in the course of providing care to the patients. It is the obligation of healthcare providers and healthcare professionals to maintain accurate and up-to-date records of their patients.

    While the healthcare providers should be responsible for verifying the accuracy of all health data uploaded to eHealth, the Commissioner for the Electronic Health Record has devised a series of measures to ensure the quality of data shared in eHealth, including the development of Code of Practice for Using eHR for Healthcare, recognised standards for data sharing and system security policies and control procedures.

  • When will radiology image be shared in eHealth?
    Expand

    The Hospital Authority begins sharing radiology images to eHealth in early 2021.

    Private sector HCPs (hospitals or radiology centres) will begin sharing radiology images in late 2021. HCPs must develop an interface and complete testing with eHealth for sharing radiology images.

    Department of Health is currently developing the necessary infrastructure for radiology image sharing.

  • Will endoscopy record be shared in eHealth? If not, is there any plan to share in near future, especially in the context of the colorectal program?
    Expand
    1. Sharable scope is defined based on clinical need and data readiness in respective healthcare providers' computer medical systems.
    2. Sharing of such data within the sharable scope should be essential for providing healthcare to the patients.
    3. It was defined in the Domain Groups established under the Steering Committee on Electronic Health Record Sharing in eHR Office, with wide range of stakeholders and expertise representation. The scope of sharable data will be reviewed from time to time.
    4. We will consider expanding the scope of endoscopy record sharing in eHealth.

Access control

  • Is there any access control? Who can access patient's information and what patient's information can be accessed?
    Expand

    Healthcare providers can only access the health data of patients under their care and with the patients' consent. Data in the Electronic Health Record Sharing System (eHealth) should be accessed with the clinical needs and according to different role of authorised users. In general, only healthcare professionals are allowed to access health data of patients in eHealth. Administrative users are not allowed to view health records of patients and can only have limited access rights to personal particulars of patients for registration matters.

  • How are access rights in eHealth granted to healthcare professional working in clinic / hospital / institution?
    Expand
    1. Healthcare professionals who need to access to patients' health data in eHealth shall open user accounts in eHealth via the healthcare providers they work for and maintain active professional registration status in respective boards and councils.
    2. Access rights are assigned by respective healthcare providers to individual authorised user.
    3. Access by any healthcare professional shall follow the principle of need-to-know according to their roles in providing healthcare to the patients.
  • What is role-based access control?
    Expand

    Patient privacy and data security have always been the top priorities in eHealth operation.

    Role-based access control is a privacy protection mechanism which controls the types of electronic health records (eHRs) that can be viewed by different healthcare professionals in accordance with their clinical needs and functions in an organisation. Authorised healthcare professionals are pre-defined with different access rights.

  • What is the difference between eHRs that are under "ordinary control" and "restricted control"? What are the access rights of different groups of healthcare professionals?
    Expand

    eHRs which are under "ordinary control" refer to types of data that are accessible by the respective group of healthcare professionals without additional access restrictions, whereas those under "restricted control" are subject to certain additional access controls (e.g. patient's additional consent). Accesses to eHRs by different groups of healthcare professionals are categorised and defined in accordance with their clinical needs and functions in an organisation.

    Please refer to the eHealth webpage for more information about the access rights of different groups of healthcare professionals.

  • Why would healthcare professionals access my eHRs that are under restricted control? Will I be notified if they have accessed these records?
    Expand

    Healthcare professionals providing healthcare to you may request to access your eHRs which are under restricted control on a "need-to-know" basis in order to obtain the additional information necessary to provide appropriate healthcare services to you. Healthcare professionals are required to provide and explain the reason(s) of access to you, and obtain your additional consent1 before accessing these records. You can authorise the access by using your Hong Kong smart identity card or the one-time password sent by the system to you1. You will also receive an additional notification about the access1 via your selected communication means. All accesses will be logged and are subject to audit and inspection.

    1 Applicable to accesses by healthcare professionals in the community only
  • My child is under 16. What should I do if the healthcare professional needs to access his / her eHRs that are under restricted control?
    Expand

    If you are the substitute decision maker (SDM) of the child, the healthcare professional is required to provide and explain the reason(s) of access to you, and obtain your additional consent1 before accessing the child's records. You can provide the one-time password sent by the system to authorise the access1. An additional notification about the access1 will also be sent via the selected communication means.

    For more information about SDM, please refer to "How can I register for my child under 16 or a relative who is unable to give consent on his/her own?".

    1 Applicable to access by healthcare professionals in the community only

Security and privacy

  • How can the Electronic Health Record Sharing System (eHealth) protect data privacy and system security?
    Expand

    Given the sensitive nature of health data, we attach great importance to the data privacy and system security of eHealth. We have put great effort in various aspects including legal, technical and operational / workflow.

    Legal aspect

    1. Apart from the existing Personal Data (Privacy) Ordinance (Cap 486) (PDPO), we have drawn up the Electronic Health Record Sharing System Ordinance (Cap 625) (eHRSSO). eHRSSO has prescribed the use of the electronic health record (eHR), the mechanism to give or withdraw "sharing consent" to individual healthcare providers and the "need-to-know" principle; and specific sanctions were imposed in respect of non-compliance of certain requirements or security breaches and using eHR for direct marketing purposes.

    Technical aspect

    1. We have developed security policies and control procedures, and employed appropriate technologies and measures (e.g. authentication of patient's identity, validation of healthcare professionals registration, firewall, anti-virus software, data encryption and access control, record and notification) to protect the system.

    Operational / workflow aspect

    1. We have established Code of Practice, Conditions of Registration, Participant Information Notice, Procedures and Guidelines with recommendations to users on the safeguard measures and best practices in using eHealth.
  • What is "patient-under-care"?
    Expand
    1. Any authorised user of eHealth shall only access information of any patient for providing healthcare.
    2. Healthcare may include activities performed by a healthcare professional for assessing, recording, maintaining or improving the health, diagnosing and treating an individual.
  • What is "need-to-know"?
    Expand
    1. Any authorised user of eHealth shall only access information of any patient he / she needs to know in the course of providing healthcare to the patient.
    2. Need-to-know for different users shall be justified according to their roles in providing care to the patient.
  • What is an informed consent?
    Expand

    Reasonable steps should be taken to obtain an informed consent by the patient or substitute decision maker (SDM) for decision related to eHealth by:

    1. Providing sufficient, relevant and comprehensible information to the persons concerned (e.g. Participation Information Notice, pamphlets, posters etc.)
    2. Obtaining consent from SDM for patients who are incapable of giving consent; and
    3. Confirming with the patients or their SDM that their consent is voluntary.
  • Who can access my eHR and what kind of information can be accessed?
    Expand
    1. Only staff who works under healthcare providers with your sharing consent, providing you healthcare and with the need-to-know will be allowed to access your health information. All access will be logged and you will receive notification through the communication means you chose whenever your eHR is accessed.
    2. Only the healthcare professional staff taking care of you is allowed to access your health record and on a need-to-know basis.
    3. Administrative staff is not allowed to view health records of patients and can only have limited access rights to personal particulars used for patient registration.
  • What measures are in place to ensure security of eHealth?
    Expand
    1. Technical facilities (e.g. anti-virus, intrusion detection / prevention, firewall, data encryption, user authentication, digital certificates etc.) provide necessary protection to eHealth.
    2. All access activities will be logged in eHealth to allow detection and tracking of improper data access.
    3. Security policies and control procedures are established and appropriate technologies are also employed to safeguard data security and minimise the risk of leakage of personal health data.
    4. Security risk assessment and audit on eHealth are arranged to ensure that eHealth are properly protected against prevailing security threats.
    5. The electronic medical record (eMR) systems of healthcare providers are registered and security compliance is required for they are connected to eHealth.
    6. The Code of Practice, procedures, guidelines and briefings are provided to healthcare providers and their staff for security awareness, and assist them in properly accessing to and using patient's information.
  • What will happen to a patient's eHR in eHealth if he/she died?
    Expand
    1. No access by any healthcare provider is allowed to the patient's eHR after the patient has passed away.
    2. Records will be kept and protected in accordance with eHealth Data Retention Policy.
  • Will the Government be able to view all clinical records stored in my local systems once I joined eHealth?
    Expand

    No. Connection to eHealth does not mean opening up the access rights of your local eMR system by the Government or any eHealth users.

  • When will short message service (SMS) access notification be issued to patients?
    Expand

    Unless explicitly not required by patients, eHealth will send notifications to patients through any of the following means: SMS, postal mail or email whenever their eHR are accessed. This can help alerting patients on any potential unauthorised access of their eHR.

    1. For access by the Hospital Authority (HA) / Department of Health (DH) / private hospitals, a batch notification of record access over previous 24 hours will be sent at a specified time (such as 7:00 pm).
    2. For access by other healthcare provider, individual notification will be sent upon access is made.
  • What is the purpose of Electronic Health Record Sharing System Ordinance (Cap 625) (eHRSSO)?
    Expand
    1. It provides for the establishment of the Electronic Health Record Sharing System (eHealth).
    2. It provides legal base for sharing and using of data and information contained in eHealth.
    3. It sets out legal requirements for protection of eHealth, data and information.
  • Have other places in the world put in place similar legislation for electronic health record (eHR) as in Hong Kong?
    Expand
    1. eHR launched around the world in general are under protection of privacy acts.
    2. Some countries include relevant amendments in their health-related acts (e.g. Health and Social Care Act 2012 in United Kingdom).
    3. Some countries put in place specific health information acts (e.g. Health Information Act 2001 in Alberta, Canada) and put in relevant amendments in its privacy act (e.g. Personal Information Act in British Columbia, Canada).
    4. Some countries put in place eHR specific legislation for its system (e.g. Personally Controlled Electronic Health Record System in Australia, i.e. the PCEHR Act 2012).
  • Are the operation and uses of data in eHealth subject to Personal Data (Privacy) Ordinance (Cap 486) (PDPO)? What are the differences between the regulations under PDPO and eHRSSO?
    Expand
    1. PDPO is applicable for personal data contained in eHealth.
    2. Definition of "minor" is a person below 16 years of age in eHRSSO, whereas it is under 18 years of age under PDPO.
    3. Regarding the execution of duties for Data Correction Request under PDPO, eHRSSO sets out that the Commissioner for the Electronic Health Record can make and annex a note when the healthcare provider who provides eHealth the data that is under data correction request by the requestor is unable to comply with requirements under PDPO.
  • Under what situations will a person be subject to legal proceeding under eHRSSO?
    Expand

    A person commits an offence and is liable to legal proceeding if he / she:

    1. Knowingly obtains unauthorised access to, damage or modify data or information contained in an eHR
    2. Knowingly impairs operation of eHealth
    3. Evades a data access request or data correction request by altering, falsifying or destroying the data or information contained in an eHR
    4. Knowingly makes an untrue statement to enable the person to give a joining consent or sharing consent
    5. Knowingly contravenes a condition for research or statistics
    6. Uses another person's data or information contained in an eHR or a copy for direct marketing
  • What are the levels of penalties for offences under eHRSSO?
    Expand
    1. Knowingly obtain unauthorised access to, damage or modify data or information contained in an eHR
      1. Unauthorised access to data in eHR; penalty HK$100,000
      2. Damage or modification of data in eHR; imprisonment for 2 years
      3. Unauthorised access to, modification or impairment to accessibility, reliability, security or processing of data in eHR with criminal or dishonest intent; imprisonment for 5 years
    2. Knowingly impairs operation of eHealth; imprisonment for 10 years
    3. Evade a data access request or data correction request by altering, falsifying or destroying the data or information contained in an eHR; penalty HK$100,000
    4. Knowingly makes an untrue statement to enable the person to give a joining consent or sharing consent; penalty HK$100,000
    5. Knowingly contravenes a condition for research or statistic; penalty HK$100,000
    6. Uses another person's data or information contained in an eHR or a copy for direct marketing
      1. Directing marketing - uses; penalty HK$500,000 and imprisonment for 3 years
      2. Directing marketing - provides; penalty HK$500,000 and imprisonment for 3 years (not for gain); penalty HK$1,000,000 and imprisonment for 5 years (for gain)

 

You and your family

  • Why my electronic health record (eHR) in the Electronic Health Record Sharing System (eHealth) may not be a complete health record of my own?
    Expand
    1. A healthcare provider who joined eHealth and has a registered patient's sharing consent can only share his / her data within the sharable scope to eHealth. This does not cover other data in the provider's own medical records.
    2. Data held by a healthcare provider who has not joined eHealth will not be shared.
    3. Data held by a healthcare provider who joined eHealth but does not have the patient's sharing consent will not be shared.
    4. Participation in eHealth is voluntary and a registered patient may withdraw at any time. On withdrawal, registered healthcare providers will not be able to continue to share and update the patient's records in eHealth.

How to register?

  • What should I do if I would like to join eHealth?
    Expand

    Patient may voluntarily participate in eHealth. You can register in-person at any registration centres of the Hospital Authority (HA), Department of Health (DH), Electronic Health Record (eHR) Registration Office, or registration centres of private healthcare providers providing healthcare to you. You can also register through online, fax, postal mail or drop-in box and then complete the identity verification next time you visit any registration centres in HA or DH, eHR Registration Office, or a registered private healthcare provider next time you receive healthcare. Besides, you can login "iAM Smart" e-ME to fill in your personal information to register through online and complete identity verification at the same time.

  • Can I join eHealth if I am not a Hong Kong citizen and do not own a Hong Kong identity card (HKIC)?
    Expand

    Any patient who does not hold a HKIC (香港身份證) but holds an alternative identity document permitted under the Electronic Health Record Sharing System Ordinance (Cap 625) (eHRSSO) can apply to join eHealth:

    • Adoption Certificate (領養證明書)
    • Birth Certificate – Hong Kong (香港出生證明書)
    • Certificate of Exemption (豁免登記證明書)
    • Travel documents (such as documents issued by People's Republic of China or other countries / regions) (例如由中華人民共和國或其他國家/地區發出之旅遊證件)
    • One-way Permit (中華人民共和國前往港澳通行證(單程證))
    • Two-way Permit (中華人民共和國往來港澳通行證(雙程證))
    • Recognizance Form (擔保書(行街紙))
    • Macao identity card (澳門身份證)
    • Re-entry Permit (回港證)*
    • Document of Identity for Visa Purposes (簽證身份書)*
    • Consular Corps Identity Card (領事團身份證)

    *Note: For children under the age of 12 who do not have HKIC or Hong Kong Birth Certificates

  • When will my registration being effective? Do I need to "activate" my eHR after submission of application for registration?
    Expand
    1. If you have submitted your application in person, your eHR may be shared once your registration is in effect (i.e. no need to be activated).
    2. If you have submitted your application online or in written form (postal mail, fax or drop-in box), you may complete the identity verification with your identity document (e.g. HKIC) when you next visit a registered private healthcare provider providing healthcare to you. You may also complete the identity verification by visiting any eHR registration centres in HA or DH, or eHR Registration Office. If you used "iAM Smart" e-ME to fill in your personal information to register through online, your identity would also be verified at the same time. Please note that identity verification is an important privacy protection measure which authenticates your identity to start sharing your eHR in the eHealth. Afterwards, your registration in eHealth will be effective and you will receive a notification of your successful registration.
  • What do I need to do after registering in eHealth? How can my medical record be shared in eHealth?
    Expand

    Upon successful registration, you can further give sharing consent to individual private healthcare provider who is registered with eHealth to access your medical record under the sharable scope in the eHR sharing platform. Your records within sharable scope in HA, DH and registered healthcare providers that you have granted consent will be shared.

  • What is substitute decision maker (SDM)? Who needs a SDM?
    Expand

    For (a) a patient under 16 (a minor), or (b) a patient aged 16 or above and who is of any of the descriptions (1) – (4) below, an eligible SDM can act on the person's behalf in the person's best interest on the following relevant occasions: giving joining consent and sharing consent, renewal or revocation of a sharing consent, and request for withdrawal of participation in eHealth.

    1. Mentally incapacitated as defined by Mental Health Ordinance (Cap 136) (MHO) s2(1)
    2. Incapable of managing his or her own affairs
    3. Incapable of giving joining consent at the relevant time
    4. Incapable of giving sharing consent at the relevant time
    Persons incapable of giving consent Persons who may act as SDM
    (a) Patient under 16 (a minor)
    1. Parents
    2. Guardian1
    3. Persons appointed by court to manage the affairs of the patient
    4. Family members or person residing with the patient
    5. Healthcare provider
    b) Patient who is 16 years old or above and is incapable of giving the person's own consent
    1. Guardian2
    2. Director of Social Welfare or any other person under MHO3
    3. Persons appointed by court to manage the affairs of the patient
    4. Family members or person residing with the patient
    5. Healthcare provider

    * Remarks: If you are registering for a person who is aged 16 or above and you are not the guardian or person appointed by court, you have to provide relevant medical evidence to prove the person is unable to provide consent.

     

    1 Appointed under Guardianship of Minors Ordinance (Cap 13) or appointed by court 2 Appointed under Mental Health Ordinance (Cap 136) 3 Under MHO s44A(1)(i), 44B(2A) or 59T(1) or 44B(2B) or 59T(2)
  • How can I register for my child under 16 or a relative who is unable to give consent on his / her own?
    Expand

    You can register for a minor (under 16) or an individual who is aged 16 or above and meets any of the following descriptions as his / her SDM:

    1. Mentally incapacitated as defined by Mental Health Ordinance (Cap. 136) s2(1);
    2. Incapable of managing his or her own affairs;
    3. Incapable of giving joining consent at the relevant time as defined in eHRSSO; or
    4. Incapable of giving sharing consent at the relevant time as defined in eHRSSO.

    As an SDM, you may act on a patient's behalf for eHealth registration matters including -

    1. giving of joining consent and / or sharing consent;
    2. renewal or revocation of a sharing consent; and
    3. request for withdrawal of participation in eHealth.
  • What are my responsibilities as an SDM when handling eHealth registration matters on behalf of a patient?
    Expand
    1. You shall act on the patient's behalf and be responsible for all matters regarding the eHealth registration for the patient in the circumstances.
    2. You shall ensure that you are an eligible SDM for the patient in accordance with the requirements as set out in eHRSSO.
    3. You shall ensure that the patient meets the conditions for requiring an SDM as set out in eHRSSO.
    4. You shall be accompanying the patient and have regard to his / her best interest in the circumstances.
    5. You shall be responsible for providing and updating the information of the patient and yourself in eHealth and receiving notifications through means chosen for communication when the electronic health record of the patient is accessed.
  • How can I submit an eHealth registration application as the SDM for a patient?
    Expand
    1. You can register on behalf of a patient in person, submit an online application, or submit a written form through fax, postal mail or drop-in box. Please ensure that you are accompanying the patient when the eHealth registration application is made or submitted, i.e. when giving the consent in person at a registration centre, submitting the online application form, or signing on the written application form and sending it to the eHR Registration Office.
    2. Please take note of the responsibilities of an SDM when handling eHealth registration matters on behalf of a patient (please refer to the above)
  • If a parent (SDM) gives joining consent on behalf of a child under 16 to join eHealth, when the concerned patient turns 16, will previous consents given expire automatically? What if the patient wishes to continue or terminate participation in eHealth?
    Expand
    1. Consents previously given by the parent remain valid and effective after the patient turns 16 or thereafter.
    2. The patient over 16 years old can choose to amend his / her registration in eHealth (e.g. to register by himself/herself, withdraw the registration, change or revoke a sharing consent given to a healthcare provider).

Sharing consent

  • What is the access key for?
    Expand

    (1) You can use your access key to manage sharing consents given to healthcare providers (HCPs) (except the Hospital Authority (HA) and the Department of Health (DH), to which sharing consent is taken to be automatically given upon joining the Electronic Health Record Sharing System (eHealth)) including:

    • giving sharing consent to a participating HCP;
    • renewing the one-year sharing consent given to an HCP;
    • changing the type of sharing consent given to an HCP (i.e. from "one-year" to "indefinite sharing consent" or vice versa); and
    • revoking the sharing consent given to an HCP.

    (2) The access key can be used by the following means –

    By phone

    • You can call a participating HCP providing healthcare to you to manage the sharing consent for this HCP (e.g. to give your sharing consent to this HCP) using your access key after identity authentication.

    By eHealth patient hotline 3467 6300

    • You can use your access key to manage sharing consent via this 24-hour Interactive Voice Response System (IVRS) after identity authentication.

    In person

    • You can use your access key, after identity authentication, to manage your sharing consent for a participating HCP when you receive healthcare from that HCP.
  • When do I receive an access key?
    Expand

    Upon successful registration with eHealth or identity verification (for applications submitted online, by fax, post or drop-in box), you will receive an 8-digit access key through a confirmation letter and / or your selected communication means (SMS / e-mail / postal mail).

  • What should a substitute decision maker (SDM) be aware of when he / she uses the access key on behalf of a patient?
    Expand

    When using the access key to manage sharing consent on behalf of a patient, an SDM should be aware and ensure that -

    1. at the time of managing the sharing consent, the SDM is accompanying the patient and has regard to the best interests of him / her, and the SDM will be responsible for all matters for the patient in the circumstance;
    2. it is to the best knowledge and belief of the SDM that at the time of managing the sharing consent, the patient is under the age of 16; or is aged 16 or above and is mentally incapacitated, incapable of managing his / her own affairs, or incapable of giving a sharing consent;
    3. he / she is an eligible SDM in accordance with the requirements as set out in Electronic Health Record Sharing System Ordinance (eHRSSO); and
    4. he / she has read and understood the "Participant Information Notice", in particular "Important Notes for SDM Handling Registration Matters on Behalf of a Healthcare Recipient (HCR)", and the "Personal Information Collection Statement".
  • I have forgotten my access key. How can I generate a new one?
    Expand
    1. If you have forgotten, lost or would like to reset your access key, you can generate a new one by using the 醫健通eHealth App or the 24-hour IVRS of the eHealth hotline for general public at 3467 6300.
    2. Upon successful generation, you will receive a new access key via your selected communication means and the old key will become invalid.
  • What should I do if I have to update my information?
    Expand

    In person

    You should bring your identity document to Electronic Health Record Registration Office (eHR RO), Registration Centres in the Hospital Authority or the Department of Health or eHealth participating private healthcare provider providing healthcare to you.

     

    By fax, post or drop-in box

    You can complete and submit the Information Update Consent Form to the eHR RO by one of the following channels.

    • Fax: 3467 6099
    • Post / Drop-in box: Unit 1193, 11/F, Kowloonbay International Trade & Exhibition Centre, 1 Trademart Drive, Kowloon Bay, Hong Kong

     

    Other means (applicable to update of contact details only)

    You can update your contact details such as telephone No. and communication means via the 醫健通eHealth App or the eHealth hotline for general public at 3467 6300 after identity verification.

  • Can I withdraw from the system?
    Expand
    1. Yes, you can withdraw from the system at any time whenever you consider necessary.
    2. Please refer to this form for more information.
    3. Notification will be issued to you via your selected communication means to confirm successful withdrawal.
  • What will happen to my health record if I withdraw from the programme?
    Expand
    1. Upon your successful withdrawal, all consents given by you to healthcare providers for sharing of your eHR data in eHealth will not be applicable.
    2. Your health record in eHealth will be protected and cannot be accessed by any healthcare provider.
    3. Your health record will be deleted 3 years after withdrawal.
  • Do I have the right to access my health information stored in the system?
    Expand

    Yes. Under Personal Data (Privacy) Ordinance (Cap. 486) (PDPO), any individual can enquire and ask for a copy of his/her personal data in eHealth and make request for correction if necessary (Data Access Request (DAR) and Data Correction Request (DCR)).

  • How can I get a copy of my personal data in eHealth? How long is the processing time for getting a copy and is there any handling fee for that?
    Expand
    1. You can complete and submit DAR Form in person, by mail or by fax to eHR Registration Office:
      1. Address: Unit 1193, 11/F, Kowloonbay International Trade & Exhibition Centre, 1 Trademart Drive, Kowloon Bay, H.K.
      2. Hotline (General Enquiry): 3467 6300
      3. Fax: 3467 6099
    2. eHR RO will provide the DAR report as soon as reasonably practicable (within 40 days).
    3. Type and duration of eHealth records required can be indicated in the DAR form. An handling charge (HK$94) shall be charged for handling DAR and compiling different formats of DAR report plus the following material charge:
      1. Each USB thumb drive onwards (32GB): HK$37; or
      2. Each DVD (4.7GB) onwards: HK$1.6; or
      3. Each sheet of A4 paper onwards: HK$0.1 (single or double-sided printing)
  • What should I do if I was told by a healthcare provider that some of my eHR data is not correct?
    Expand
    1. For health records, you can approach the healthcare provider who has provided the record to eHealth for a correction (a) under normal record management procedures of the healthcare provider concerned or (b) through making a DCR under PDPO.
    2. As for personal particulars, you can approach either eHR Registration Office, any registration centres in HA or DH, or registration centres of provide healthcare providers providing healthcare to you.
  • How long is radiology image kept in eHealth?
    Expand

    In order to balance the practical use and storage of image data, the images can only be viewed in eHealth for 3 years from the examination date.

 

Healthcare provider and professional

How to register?

  • What should I do if I want to join the Electronic Health Record Sharing System (eHealth)?
    Expand
    1. eHealth registration is on healthcare provider (HCP) (organisation) basis.
    2. If you are the owner / authorised person of your clinic (e.g. solo-practice or small group practice), you can first apply for registering your clinic as a HCP in eHealth and open a user account under which to use eHealth.
    3. If you work under a HCP, access would be granted to you by the healthcare organisation you work for.
  • What the organisation should do if it would like to register in eHealth?
    Expand

    Any HCP who would like to register in eHealth should:

    1. Contact the Electronic Health Record (eHR) Registration Office (RO) for more information regarding administrative and technical arrangement.
    2. Read the Electronic Health Record Sharing System Ordinance Cap. 625 (eHRSSO), the Code of Practice for Using eHR for Healthcare (COP), and Conditions of Registration to understand related responsibilities and expected practices for participation.
  • We are a group practice with satellite clinics all over Hong Kong, is it possible for us to register some of our clinics in eHealth only?
    Expand
    1. eHealth registration is HCP (organisation) basis.
    2. HCPs can register all or some of the healthcare institution / clinic locations (or healthcare service locations) providing care under its supervision to join eHealth.
    3. HCPs will be responsible for administrative arrangement, supervision and monitoring of eHR access by its healthcare professionals (HCProfs) and sharing of records via their clinical computer record system at all registered locations.
  • I am working in solo practice which is a small clinic. Although I support the idea of eHealth and eHR sharing, I have no spare capacity and resource to set up patient registration function in my clinic. Can I still register in eHealth?
    Expand
    1. HCPs fulfilling certain conditions will be allowed to perform the registration procedures to help their patients to join eHealth.
    2. eHR Office does not expect all HCPs, especially that HCP in solo-practice or small group practice, to be responsible for patient registration function.
    3. They can inform patients to enrol eHealth via mail, internet or in person at designated eHR registration centres for registration (list of registration centres can be found here).
    4. HCPs are welcome to join eHealth notwithstanding whether they perform patient registration function.
  • I have my own clinic and I am also a visiting medical officer (VMO) in some private hospitals, should I register myself as a HCP or a HCProf under my clinic or the private hospitals?
    Expand
    1. eHealth registration is HCP (organisation) basis. For the clinic owned by the doctor, the clinic (e.g. Dr Chan Tai Man Clinic) should be registered as a HCP.
    2. HCProfs (e.g. doctors and nurses) working under the HCP (the Clinic) shall maintain an authorised user accounts through their HCP to use eHealth.
    3. If the doctor (e.g. Dr Chan Tai Man in this case) also needs to access eHR of patients in another HCP, e.g. in private hospital as a VMO, Dr Chan Tai Man needs to open a user account via the private hospital with eHealth as well.
    4. Despite a HCProf may have separate user accounts under different HCPs (e.g. in this case under a clinic and a private hospital), in order to streamline the authentication process for eHR, each HCProf can use the same log-in password for authentication at different HCPs (i.e. clinic or hospital).
  • My clinic is not ready to share record to eHealth, can my clinic join?
    Expand
    1. HCPs and HCProfs are welcome to join eHealth and view their patients' eHR in eHealth even they do not use any electronic medical record system and have no health record to be shared to eHealth yet.
    2. However, it is still advisable for HCPs and HCProfs to explore implementation or upgrade of their record systems for sharing.
    3. There are software solutions available in the market. eHR Office also has developed simple Clinical Management Systems (CMS On-Ramp software package and CMS Adaptation Modules) for private sectors to facilitate computerisation of their record systems and make health information of their patients sharable in eHealth in the long run.
  • What is the suggested way to handle the situation where some but not all doctors in a clinic want or are ready to join eHealth? Can the clinic still be registered?
    Expand
    1. An authorised person of the clinic (HCP) can still apply to join eHealth.
    2. After effective registration, the HCP may set up accounts for their HCProfs and administrative staff in eHealth.
    3. It is up to the HCP to consider and decide setting up of accounts for his / her HCProfs and administrative staff on a need-to-know basis.
  • Can I change the conditions of registration of HCPs?
    Expand

    No. The conditions listed in the registration agreement are set out by the Commissioner for the eHR (eHRC) for all HCPs.

Technical requirements

  • There is no electronic medical record (eMR) system in my clinic. How can I access to the Electronic Health Record Sharing System (eHealth)?
    Expand
    1. eHealth can be assessed through a computer connected to internet according to the requirements by Electronic Health Record (eHR) Office.
    2. The computer shall be enabled by appropriate software package supplied by eHR Office.
    3. Internet connection could be ordinary commercial grade.
    4. Healthcare professionals (HCProfs) need to maintain an authorised user account via their healthcare providers (HCPs).
    5. HCProfs shall log on using appropriate security and authentication means.
  • Do HCPs need to invest a lot on computer hardware and software in order to connect to eHealth?
    Expand
    1. Basic requirements include a computer connected to internet for access to eHealth.
    2. Appropriate certification / security software package will be provided by eHR Office (free of charge) to enable the computers to access eHealth.
    3. Reader for Hong Kong identity card (free of charge) will be provided by eHR Office for patient registration and giving sharing consent.
    4. HCProfs will be given appropriate authentication means, e.g. password, to securely log on to the system.
    5. For uploading health information from HCP's own eMR systems uploading to eHealth (if applicable), there will be specific requirements on computer system security and data sharing standards and interoperability.
  • Is it a pre-requisite to use Clinical Management System (CMS) On-ramp or other software provided by the eHR Office or any eMR systems in order to join eHealth and Public-Private Partnership (PPP) programmes (e.g. Colorectal Cancer Screening Program)?
    Expand
    1. Participation in eHealth serves as a facilitation in participating PPP.
    2. There is no absolute pre-requisite for using any eMR system to join eHealth or PPP. Minimal IT requirements for connecting with eHealth are set out by eHR Office.
    3. Data required to be collected for certain PPP e.g. Colorectal Cancer Screening program will be directly captured in the PPP platform (not directly from any local eMRs).
  • Can I access eHealth using a computer notebook connected to internet when I am providing home care to patients?
    Expand

    Yes. You can access eHealth through your notebook computer installed with software package for safe access to eHealth. Due to security concerns, mobile devices, e.g. mobile phones or tablets, cannot access eHealth at present. You should observe relevant security guidelines in particular using eHealth outside ordinary clinical settings e.g. using a public network.

  • Can eHealth be accessed through notebook or laptop computers and outside ordinary clinical settings, e.g. at home?
    Expand

    eHealth can be accessed through notebook or laptop computers and in settings where appropriate. However, please be aware of the safety and best practices regarding security and privacy protection when such access is outside ordinary clinical settings.

  • What should a HCP do to ensure secured connection for HCP?
    Expand

    There are 3 different connection modes, namely, modes A, B and C, for connecting to eHealth. Participating HCPs may choose a connection mode that best suits their eMR system to connect to eHealth, e.g.

    1. Private hospitals may choose mode A;
    2. Private hospitals and some of the group practices / clinics with eMR systems may choose mode B;
    3. Solo practices may choose mode C.

    For connection mode A, certified eMR system of the HCPs must be connected to eHealth via dedicated leased line or Virtual Private Network (VPN) connection through pre-registered gateway with digital certificate recognised by eHealth. eHealth would rely on the eMR system to perform well-proven and reliable user login control. Connection mode A allows a seamless integration between eHealth and the eMR system which eliminates the need for end-users to separately login.

    For connection mode B, the eMR system must be connected to eHealth with fixed IP address or with registered security module called Encapsulated Linkage Security Application (ELSA) for connecting to eHealth. The user authentication takes place at both the eMR system and eHealth. Connection mode B allows integration between eHealth and the eMR system to a lesser degree, since the end-users are required to login to eHealth by a second factor credential.

    For connection mode C, the user workstations must be connected to eHealth with fixed IP address or ELSA. The user authentication process will only be performed at eHealth. Mode C users are required to login using login name and password and user-selected second factor authentication means (such as SMS One-Time Password). During the initial phase, most solo practices may not have compatible eMR systems to connect to the sharing platform yet. They would access eHealth via mode C.

  • Is HCP required to carry out regular security audits on their eMR / electronic patient record systems?
    Expand

    Participating HCPs using different ways to connect to eHealth will be subject to respective security compliance requirements below:

    1. HCP with mode A connection is required to submit Security Assessment Checklist yearly and Security Risk Assessment Audit (SRAA) report bi-yearly;
    2. HCP with mode B connection is required to submit Security Assessment Checklist yearly; and
    3. HCP with mode C connection is required to observe the Code of Practice for Using eHR for Healthcare (COP).
  • We have patients visited us and we may use our computer system every day. We are a bit concerned if eHR Office will come to our clinics and perform ad hoc or regular security audit checking which may affect our clinics' operation?
    Expand
    1. Performing audit is a general requirement for any computer system connecting with eHealth for information sharing as set out in the COP and Conditions of Registration in eHealth.
    2. eHR Office shall carry out such audit on required basis and most probably in case for complaint and investigation.
    3. Commissioner for the eHR will try to minimise disturbance to clinical operation to HCPs as far as possible.
  • Does my computer need to be upgraded to view the radiology images in eHealth?
    Expand

    No extra requirement is required for viewing radiology images, if your computer already meets the minimum hardware and software requirements for eHealth. Take note that a stable internet connection is important for viewing images smoothly and a bandwidth of at least 50Mbps is recommended.

Resources - Code of Practice

  • What are the purposes of the Code of Practice for Using eHR for Healthcare (COP)?
    Expand
    1. To provide practical, technical and operational recommendations
    2. To recommend measures to safeguard security and privacy of the Electronic Health Record Sharing System (eHealth)
    3. To illustrate the principles and good practice for using eHealth
  • What is the nature of the COP?
    Expand

    The COP issued by the Commissioner for the Electronic Health Record (eHRC) is not a subsidiary legislation and it is administrative in nature.

    It helps eHealth participants (including healthcare providers (HCPs), authorised users and researchers) to understand the requirements regarding the operation of the system and provides practical guidance and examples of best practice for using the system in secure and proper manner. Similar Code of Practices have been issued in other countries such as the United Kingdom, Australia and Canada.

    Compliance is encouraged and other reasonable ways of practice (other than those laid down in the COP) in line with the principles are also acceptable.

  • Who should read the COP?
    Expand

    The following staff of HCPs who wishes to participate in eHealth or use electronic health record (eHR) should read the COP:

    1. Management executives
    2. Administrative staff
    3. Technical staff
    4. Healthcare professionals (HCProfs)

    Management executives in HCPs shall understand the roles and responsibilities of HCPs at organisational level in participating eHealth and making sure their staff and any authorised users (including administrative, technical and professional) comply with various sections in the COP.

    The COP also provides HCProf the best practice in accessing and sharing of their patients' clinical records in eHealth.

  • How was the COP developed?
    Expand
    1. The COP was developed by the eHR Office under the Food and Health Bureau (FHB).
    2. The following materials were referenced:
      1. Various local and overseas regulations
      2. Code of Practice / guidelines for eHR issued by renowned organisations
    3. In the course of development of the COP, eHR Office has taken into consideration autonomy, culture and existing practice of the industry and HCProfs.
  • What consultation processes did the COP go through?
    Expand
    1. The COP was developed by the eHR Office under FHB.
    2. During development, comments from various key stakeholders including Hospital Authority (HA), Department of Health (DH), private sectors, Department of Justice, Office of the Privacy Commissioner for Personal Data, patient groups etc. have been sought.
    3. Before it was endorsed and approved, the initial draft was circulated in various working groups formed under FHB eHR Office, professional bodies and healthcare organisations for feedback.
  • What is the relationship between the COP and the Electronic Health Record Sharing System Ordinance (Cap. 625) (eHRSSO)?
    Expand
    1. The COP provides good practice recommendations while eHRSSO stipulates legal requirements.
    2. HCPs and authorised users of the system may find alternative ways of meeting the requirements and of adopting good practice. However, if they do not take any measures, they risk breaking the law.
  • What are the differences in the level of compliance between eHRSSO and the COP?
    Expand
    1. Compliance to eHRSSO is a legal obligation.
    2. The COP is a professional, ethical and administrative best practice.
    3. The provision of the COP intends to facilitate interpretation and compliance with eHRSSO. All existing related ordinances and regulations shall remain applicable.
  • What are the differences between the COP issued by eHRC, the Code of Professional Conduct issued by the Medical Council of Hong Kong and the Code of Practice issued by the Privacy Commissioner?
    Expand
    1. The COP issued by eHRC:
      1. The COP issued by eHRC under eHRSSO would not be a subsidiary legislation and would be purely administrative in nature.
      2. It would help eHealth participants (including HCPs, healthcare staff, and technical staff) to understand better the requirements for regulations and provide practical guidance and best practice for using the System in secure and proper manner.
      3. As set out in eHRSSO, if eHRC reasonably suspects a breach of the COP, he may suspend / cancel the registration of the HCP. Mere breach of the COP in itself is not an offence.
    2. Medical Council's Code of Professional Conduct:
      1. The Code of Professional Conduct issued by the Medical Council serves as a guide for ethics and professional conduct for doctors.
      2. It is not a legal document but can serve as a reference for Medical Council in inquiry.
      3. Breach of the Code of Professional Conduct itself may not constitute an offence but would subject the doctor concerned to the Council's inquiry, which could potentially lead to the professional registration of the HCProfs being cancelled by the Council.
    3. Code of Practice issued by Privacy Commissioner:
      1. As set out in Personal Data (Privacy) Ordinance (Cap. 486) (PDPO), a Code of Practice may be published for providing guidance in respect of any PDPO requirement.
      2. As stipulated in section 13 of PDPO, a breach of a Code of Practice by a data user will give rise to a presumption against the data user in any legal proceedings under PDPO.
      3. If a Code of Practice provision which is relevant and necessary to a breach of a PDPO provision and this PDPO provision is not otherwise complied with in another means, then the PDPO breach may be taken as proven.
  • What are the different purposes of the Professional Conduct / Code of Practices of my profession and that for eHealth?
    Expand
    1. The COP issued by eHRC is an administrative Code of Practice for participating HCPs and their healthcare staff to properly use eHealth.
    2. Any Professional Conduct / Code of Practices issued by respective HCProf boards and councils about the requirements for professional practice shall remain applicable in all circumstances.
  • What is the consequence of non-compliance with the COP?
    Expand
    1. The COP is administrative in nature and is not legal binding. Non-compliance does not constitute an offence under eHRSSO by itself.
    2. Depending on the fact and action committed in relation to such non-compliance with the COP, eHRC is empowered to carry out any disciplinary actions including suspension and cancellation of registration of a HCP in eHealth.
    3. A person may be at risk if he / she violates general requirements, e.g. not following certain computer security recommendations, and the person may be requested to take appropriate action and rectification.
  • Where can I find the most updated version of the COP?
    Expand
    1. eHR Office shall keep updating the COP and make it available for public access.
    2. The most updated version is available at eHealth website.

Patient Support - Obtaining sharing consent

  • What should I do if I have to access the electronic health records of my patient which are under restricted control? Will my patient be notified when I have accessed these records?
    Expand

    If the patient is aged 16 or above and is capable of giving consent, you should:

    1. explain the reason(s) of access to the patient and obtain his / her additional consent1 before accessing these records;
    2. ask the patient to authorise the access1 by inserting his / her smart Hong Kong identity card (HKIC) into the HKIC reader or inputting the system-generated one-time password sent to the patient;
    3. select the data type(s) that you would like to access and input the reason(s) for access in the system.

    If the patient is under the age of 16, or is aged 16 or above but incapable of giving consent, you should:

    1. explain the reason(s) of access to the substitute decision maker (SDM) of the patient and obtain the SDM's additional consent1 before accessing these records;
    2. ask the SDM to authorise the access1 by inputting the system-generated One-Time Password sent to the SDM;
    3. select the data type(s) that you would like to access and input the reason(s) for such access in the system.

    The patient or his / her SDM will receive a notification via the selected communication means when the patient's eHRs have been accessed. If accesses have been made to eHRs that are under restricted control by community-based healthcare professionals, the patient or his / her SDM will receive an additional notification through the selected communication means.

    1 Applicable to accesses by healthcare professionals in the community only
  • Is there a better way to provide training to our staff at clinics in carrying out "identity verification" and "Sharing Consent" related procedures for patients and provide them with clearer concepts on "Indefinite" and "One Year" sharing consent?
    Expand

    eHealth users of healthcare provider can log in the system and view the training material for essential functions of the system e.g. how to verify patient’s identity and give sharing consent in eHealth.

Patient Support - View and share electronic health records

  • What is the liability if I miss some relevant information in eHealth in taking care of my patient?
    Expand
    1. eHealth is designed to provide an additional platform for sharing information of patients among healthcare providers (HCPs) and healthcare professionals (HCProfs). There is no difference in liability in the case of reading written medical records provided by other authorities or patients.
    2. According to the Code of Practice for Using Electronic Health Record for Healthcare (COP) (Section 3.3), HCProfs shall exercise professional judgement to interpret the information on eHealth and to consider how much information shall be accessed for reference purposes.
    3. Such judgement should be exercised on a case-by-case approach and based on the need for providing care to individual patient.
  • I don't have time to read through the whole electronic health record (eHR) of each of my patients. Can I refuse my patient's request to access his / her eHR?
    Expand
    1. It is the duty of any eHR HCProf and professional judgement to access whether and how much information is required to be read from eHealth for their patients.
    2. HCProfs shall judge on a case-by-case approach.
    3. eHR is for reference purpose only.
  • There is some "confidential" or "sensitive" information in my patients' record that my patients may not want to be shared in eHealth. Can I censor them and not share to eHealth?
    Expand
    1. The sharable scope of data at current stage to be uploaded and shared in eHealth is defined through a due process in consultation with relevant experts and stakeholders. Only information that is within the sharable scope, readily available and conforming to the standard requirements can be shared for the sake of patient care and safety.
    2. Filtering information uploaded to the system according to patient's request is currently not available in eHealth.
    3. In eHealth Stage 2, features to allow patients to request for restriction on the scope of sharing of their data will be explored and developed.
  • I have concern about the health records of my patients being read by many people who don't understand healthcare but challenge my treatment to the patients. How is this addressed?
    Expand
    1. Access to eHealth is under stringent control.
    2. Only authorised HCProfs with the patient's prior sharing consent are allowed to access eHealth.
    3. Authorised HCProfs are allowed to access only records of patient-under-care and with need-to-know for the purpose of providing direct patient care.
    4. This is explicitly put in the COP (issued by the Commissioner for the eHR (eHRC)) that "HCProfs shall exercise diligence of care and caution in explaining the content of information accessed through eHR to patients and / or guardian or relatives and not to use them for alleging challenges or criticism in whatever means to disparage or depreciate the professional skills, knowledge services or qualification of other HCProfs and / or HCPs". Similar spirit is noted in various Codes of Practices and Professional Code of Conducts issued by various HCProf boards and councils.
  • I am worried that my patients may request me to access their eHRs and challenge the services provided by other HCProfs. How can I respond to them?
    Expand
    1. You should explain to the patients that the purpose of eHealth is for supporting direct patient care but not to retrieve information to challenge or comment the services provided by other HCProfs.
    2. According to the COP (Section 3.4) and the Professional Conduct and medical ethics,
      1. It is inappropriate to use the information obtained from eHealth to allege challenges or criticism in whatever means to disparage or depreciate the professional skills, knowledge, services or qualification of other HCProfs and / or HCPs.
      2. HCProfs, however, are not prohibited from making fair and honest comments on another HCProf if the professional conduct or competence of him / her may be called into question.
  • What should I do if I identify an error in a patient's eHR?
    Expand
    1. If you identify an error in a patient's eHR that is not contributed by you, you should clarify with the patient and ask him / her to approach the HCP who has contributed such data to eHealth.
    2. If you identify an error in a patient's eHR that you have provided to eHealth, you are advised to contact eHR Registration Office (RO) immediately.
  • Will the Government be able to view the clinical record of my patients once I share their records from my electronic medical record (eMR) system to eHealth?
    Expand
    1. No. Viewing of eHR is only allowed for HCProfs who have obtained patient's sharing consent for healthcare purpose.
    2. The Government and the eHR Office only act as the platform owner and will not access patient's records unless under special circumstances in investigations, legal proceedings or related matters.
  • Can patient access data in eHealth? I am worried that patient without medical knowledge accessing health data in eHealth may misinterpret the information in it.
    Expand
    1. (1) Apart from HCProfs who can access eHRs in eHealth, patients can also view parts of their eHRs in eHealth, e.g. medications, appointments, allergy and vaccine records, through the 醫健通eHealth App. For more information about the 醫健通eHealth App, please visit the following link (app.ehealth.gov.hk).
    2. Under Personal Data (Privacy) Ordinance (Cap. 486) (PDPO), patient (data subject or relevant person on his / her behalf) may enquire and request a copy of personal data kept in eHealth through Data Access Request (DAR).
    3. Patient should be reminded to seek medical advice for interpreting information in his / her record.
  • I worry that patient may launch a legal proceeding against any HCPs / HCProf based on the health record shared in eHealth if patient is allowed to access their record in eHealth.
    Expand
    1. It should be noted that according to PDPO, patient (data subject or relevant person on his / her behalf) may enquire and ask for a copy of personal data kept in eHealth DAR. The same principles apply to manual records or eHRs kept by any HCPs.
    2. eHealth contains only those records that are in standardised format and within sharable scope.
    3. In general, legal proceedings require detailed records kept locally by the HCPs concerned, for which the request for a copy should be through formal mechanism in accordance with the data access mechanism provided under the PDPO.
  • Can I charge a patient if he / she requests me to access and explain to him / her the eHR?
    Expand
    1. You should exercise professional judgement when assessing your patient's clinical condition and deciding the type of information you need to make reference to, such as medical records or other health information of your patient.
    2. It is voluntary and free of charge for HCPs and patients to join eHealth. The Government and the Hospital Authority does not charge HCPs for using eHealth. Electronic Health Record Sharing System Ordinance (Cap. 625) (eHRSSO) also does not provide that an HCP can charge a patient for accessing / sharing his / her eHR in the course of providing healthcare.
    3. It has come to our notice that codes of professional conduct / practice have been issued by boards and councils of healthcare professions for reference and compliance by the respective HCProfs. For example, we note that with regard to the charging of fees by doctors, the Code of Professional Conduct issued by the Medical Council of Hong Kong (MCHK) stipulates that the consultation fees of a doctor should be made known to patients on request, and a doctor should not charge or collect an excessive fee. In determining whether a fee is excessive, as we have been given to understand, MCHK will consider the difficulty, costs and special circumstances of the services performed and the time, skill and experience required; as well as the average fee customarily charged in Hong Kong for similar services, etc.
  • How timely should I upload the sharable data from the eMR system in my hospital / clinic to eHealth?
    Expand
    1. In general, HCPs shall upload the health data in their medical record systems to eHealth for sharing as soon as possible and reasonable after each episode of care.
    2. The timeliness to process the data before it is shared to eHealth may be justified with various clinical reasons (e.g. quality check, authorisation of certain reports and processes required in completing the patients' records etc.) and technical reasons (e.g. data consolidation, retrieval, checking and packaging etc.).
    3. Individual HCPs shall approach the eHR RO (Hotline: 3467 6230) to discuss and agree on the arrangement for data uploading.
  • Is it a must to share data and is there any legal liability for not sharing data if I have joined eHR as a HCP / HCProf?
    Expand
    1. The requirement to share data is set out in the Conditions of Registration of HCPs in eHealth.
    2. Most HCPs will continue to maintain their own medical record systems after the launch of eHealth. Not all the health information contained in the medical records kept by them will be uploaded and shared under eHealth. Only those data within the sharable scope for sharing will be shared to eHealth.
    3. There is no obligation for HCPs to share their patients' record if they are not electronically readily available for sharing. However, registered HCPs with eMR system ready for providing data to eHealth shall provide all data within sharable scope according to a schedule as agreed with eHRC.
    4. It is advisable for HCPs to consider implementing or upgrading their eMR systems for sharing. There are free eMR packages provided by the eHR Office available for private sectors to enable sharing of information with eHealth. The eHR Office also works with major vendors of clinic software to enhance their products to support data sharing with eHealth.
  • Will patients know what data is shared by HCP's eMR system?
    Expand

    To promote transparency and respect patients' rights, the data categories that can be uploaded by HCP's eMR system will be published at the eHealth website.

  • What patient's information can be downloaded from eHealth to local eMR / electronic patient record (ePR) system?
    Expand

    Only limited and restricted downloading of patient's information such as Participant Master Index (e.g. name, identity document type and number, date of birth, sex) and allergy / adverse drug reaction data from eHealth to HCP is allowed.

  • I am concerned that the day-to-day clinical notes in my clinic containing preliminary and unconfirmed findings in the course of managing my patients are required to be shared in eHealth automatically and thus creating confusion to other HCProfs.
    Expand

    The day-to-day clinic visit note is not shared in the current scope of data sharing in eHealth. The clinical note summary being shared refers mainly to discharge summary of an inpatient record upon discharge.

  • Can I access patient's information at any time? What patient's information can be accessed?
    Expand
    1. You should access the information of patients only when the patient is under your care.
    2. You should judge the need to access the patient's information on case-by-case approach.
    3. You should be aware that the patient may receive notification once his / her record is accessed.
  • Can I access a patient's eHR whom I do not have sharing consent but is unconscious and in emergency?
    Expand
    1. You may request for emergency access to the patient's eHR only if the patient is unable to give sharing consent (e.g. unconscious) and also under the following circumstances in which the lack of access to the patient's eHR would likely:
      1. cause serious harm to the physical or mental health of the patient;
      2. cause serious harm to the physical or mental health of any other individual; or
      3. prejudice the carrying out of emergency rescue operations or provision of emergency relief services.
    2. All access and use of eHR (including emergency access) in eHealth must be under proper authorisation and will be logged and subject to audit.
  • Can I use patient's information for pre-attendance care or post discharge follow up when patient is not physically with me?
    Expand
    1. Before patient actually receives care e.g. before attendance or pre-admission, access to the patient's eHR is acceptable but shall be cautious. It is advisable to inform the patient in advance (e.g. upon appointment booking) about such possible access.
    2. After patient having received care and having been discharged, it is acceptable to access the patient's eHR if it is indicated. It is also advisable to inform the patient in advance the possible access.
    3. HCProf should be aware that the patient will receive notification for access to his / her eHR.
  • Can I use patient's information for writing medical report?
    Expand
    1. In general, you should make use of your own clinical records for writing up medical reports for patients. Information on eHealth should be used for reference only. Any information extracted from eHealth and included in a patient's medical report should be clearly referenced.
    2. eHR is for reference purpose only and you shall exercise care in case you have to use information from eHealth for such reference.
  • Can I use patient's information for handling complaint?
    Expand

    Use of a patient's eHR for handling complaints should be handled with caution. Separate consent needs to be obtained from the patient, or his / her substitute decision maker (SDM), before any information in the patient's eHR is used or disclosed to third parties for handling a complaint. You should also note that the patient or his / her SDM will be sent a notification every time the patient's eHR is accessed.

  • Should I challenge other HCProf's treatment merely by making reference to the information in the patients' eHR?
    Expand

    No. According to COP (Section 3.4), the Professional Conduct and medical ethics, HCProfs shall not use information on eHealth for alleging challenges or criticism in whatever means to disparage or depreciate the professional skills, knowledge, services or qualification of other HCProfs and / or HCPs. However, if you suspect that certain information of the patient in eHealth may not be accurate, you should advise the patient to seek clarification with the HCPs contributing such information to eHealth.

  • What should I do if patients request me to access their eHRs and print / download all information for them?
    Expand

    You should inform patients to approach the eHR RO to get a copy of their personal health data stored in eHealth through the DAR under PDPO.

  • What should I do if the relatives / friends / employer of my patients request me to access eHR of that patient concerned?
    Expand
    1. HCProfs shall ensure access to a patient's eHR complies with the "need-to-know" and "patient-under-care" principles.
    2. Moreover, according to PDPO, you should not disclose to a third party any data without patient's consent, hence prior and express consent shall be obtained before disclosure of the clinical information of your patient.
    3. HCProfs shall explain to the person requesting them that eHRSSO only allows access to the patient's eHR for permitted uses.
  • Is it permitted to put down the information of the relatives of my patients in my record? Will it be taken as a violation to PDPO if the record is shared in eHealth and disclosed to the patient or other persons in the DAR report?
    Expand
    1. As required under the PDPO, information in patients' records should be collected on a reasonable basis and not in an excessive manner.
    2. Reasonable caution should be exercised in handling personal information related to other individuals in patients' records.
    3. HCProfs have the responsibility to exercise judgement on how much information of other individuals shall be documented in the patients' records, with the consent from the other individuals concerned sought as far as practicable and feasible.
  • Can I print out or directly capture the information from eHealth to my own clinical record?
    Expand
    1. You should clearly indicate the source of information, date / time of the information being accessed when copying information from eHealth to your own clinical records.
    2. You should be aware that information printed out may be outdated and not comprehensive.
    3. According to the COP (Section 2.5), you should ensure proper filing and record keeping of any printed health records of patients from eHealth. You should also act in accordance with the record management policies of your healthcare organisation.
  • Will anyone inform us if our patients request to correct the data of his / her eHR that is provided by us in eHealth?
    Expand

    Patient who submits Data Correction Request (DCR) (according to PDPO) on health data in eHealth to eHR RO will be referred to the HCP who has provided such data to eHealth for review and decision.

Technical support - Access eHealth

  • What is ELSA?
    Expand

    ELSA (Encapsulated Linkage Security Application) is a communication software module developed for the protection of the connection between your workstation and eHealth. It also allows you to connect to eHealth with a single sign-on. It is provided freely to participating eHealth healthcare providers (HCPs) but you will be asked to read and agree to the ELSA licence terms before installation.

  • How can I access eHealth?
    Expand

    If you work in a private solo clinic, you can connect to eHealth via the eHealth provided software "ELSA" or other eHealth certified electronic medical record system. If your healthcare organisation has IT support, you may consult their advice on how to connect to eHealth. Please contact the Registration Office for further assistance.

  • What operating system and browser versions are supported?
    Expand

    eHealth has been tested for the following combinations of popular operating systems and browsers. This does not mean that eHealth cannot run on other environments, it only means that since we have not fully tested them on those environments, the systems may not behave as what we have intended, e.g. the screen displays may be distorted, the system performance may be degraded.

    Software environment Versions
    Operating system
    • Microsoft Windows 10
    • Microsoft Windows 8.1 (Classic view)
    • MacOS 10.15 (Catalina)
    Web browser
    • Microsoft Internet Explorer 11 (IE11)
    • Microsoft Edge
    • Safari 13
    Java Runtime Environment (JRE) (Only required for use with Hong Kong identity card (HKIC) reader to read smart HKIC
    • Oracle JRE 8 up to 8u231
    Note: For macOS, JRE 8 (8u20) or later versions must be used for HKIC reader
  • What if my personal computer (PC) does not meet the minimum hardware requirement?
    Expand

    eHealth does not require significant hardware resources and could normally run on small capacity PCs. However, if your PC does not meet the minimum hardware requirement, you may experience system performance degradation and you may need to close other applications while using eHealth.

  • What if my PC does not meet the software requirement?
    Expand

    Under most environments, eHealth will run but you may find that some screen displays are distorted, some buttons cannot be clicked, or the system performance may be degraded.

  • Is Windows 7 (or earlier versions) and / or Internet Explorer (IE) 10 (or earlier versions) supported?
    Expand

    Microsoft has ended support for these products which means that Microsoft will no longer publicly distribute security updates for them anymore (please refer to the Microsoft official websites for further details). As a result, your PC could be vulnerable to harmful viruses, spyware, and other malicious software. From the security point of view, they are not an officially supported platform for eHealth and you are strongly advised to upgrade to a supported platform so as to protect the valuable information on your PC.

    Software environment Versions
    Operating system (non-supported) Microsoft Windows 7
    Microsoft Windows Vista
    Microsoft Windows XP
    Web browser (non-supported) Microsoft IE 10
    Microsoft IE 9
    Microsoft IE 8
    Microsoft IE below 8
  • Which Mac OS and Safari versions are supported?
    Expand

    eHealth has been tested and are functional on macOS 10.13 (High Sierra) and macOS 10.14 (Mojave) with Safari 12. Java 8u20 and later versions are required if HKIC reader is used to read the smart HKIC.

  • Does the Image Viewer support multiple monitors?
    Expand

    Yes, the Image Viewer supports multiple monitor display. For example, user can drag the pop-up windows, with eHR Viewer on one side and Image Viewer on the other side.

Technical support - Reset user password

  • What is the password format requirement?
    Expand
    First Password
    • Length of password must be between 8 - 18 characters
    • Cannot be the same as any of your last 6 passwords
    • Contain at least 3 of the following 4 character groups:
      • English uppercase characters (A through Z)
      • English lower case characters (a through z)
      • Numerals (0 through 9)
      • Non-alphabetic character (excluding ^,()=&"><|)
    Second Password
    • Alphanumeric (i.e. letter (A-Z, a-z) and / or number (0-9) format)
    • Length of password must be between 8 - 20 characters.
    • Must not contain your surname or given names
    • Must not contain the word "password"
    • Must not contain your user name and first password
    • Must not contain 3 or more repetitive characters (e.g. aaaaa, 888)

Technical support - Hong Kong identity card reader

  • When and why is Java required?
    Expand

    eHealth requires the use of Java to interface with your local devices, such as Hong Kong identity card (HKIC) reader. Java is required ONLY if you need to use HKIC reader to read the patients' smart HKIC for patient registration and sharing consent input.

  • Can I use Microsoft Edge browser if I want to use HKIC reader to read the smart HKIC?
    Expand

    Yes, you can use Microsoft Edge browser if you want to use smart card reader to read the smart HKIC.

  • Why is the use of HKIC reader to read smart HKIC seems to be slower than before?
    Expand

    There was reported performance problem related to Java 8 Update 60 (8u60) which led to slow responses when starting up devices such as HKIC readers. Oracle has resolved this problem with Java 8 Update 74 (8u74). You are recommended to upgrade to Java 8 Update 74 (8u74) or later to avoid the performance issue.

  • Why is there a browser warning stating that "Java was blocked because it is out of date" when using Microsoft Internet Explorer (IE)?
    Expand

    Microsoft introduced a security feature since September 2014 to warn users about out-of-date Java Runtime Environment (JRE) on their workstation. IE will issue the following warning if your workstation is installed with a previous Java JRE version and a web application such as eHealth uses your JRE:

    Java(TM)
    • Click <Run this time> button to run Java without update and you can immediately continue your current transaction. This warning will show up again next time when your JRE is used; or
    • Click <Update> button to update Java. This may take some time and after the update, this warning will not show again until the next Java release is available.
  • Can the warning "Java was blocked because it is out of date" be stopped?
    Expand

    To stop the display of this warning against eHealth, you can add eHealth as a trusted site in your IE 11 setting following the instructions below:

    1. Click the <gear icon> and select <Internet options>.
      Internet options
    2. Select <Security> tab, then click on <Trusted sites> icon, and then <Sites> button.
      Security
    3. Input "https://apps.core.ehr.gov.hk/" and press <Add>, then <Close>.
      Trusted sites
    4. Restart the browser.
  • Why is there a prompt for me to update Java every few months?
    Expand

    Java updates are released every few months. With every new updates (since Java JRE 7u10), Oracle would issue a reminder to users that the previous Java version has expired and a new version is available for update. You are allowed to select "Update", "Block" or "Later" to continue. We recommend you to select "Update" to keep the Java JRE up to date to minimise your workstation's security vulnerabilities.

    Java Update Needed

    You have three options:

    • <Update (recommended)> button: Update Java and this may take some time. After the update, this prompt will not show up again till the next update is available.
    • <Block> button: Block Java. The Card Reader will not function.
    • <Later> button: Run Java without update. This prompt will show up again next time when Java is used. You can check the <Do not ask again until the next update is available> box and the prompt will not appear until the next update is available.
  • How can I check the Java version on my PC (Windows 7)?
    Expand
    1. Open <Control Panel> from <Start> menu.
    2. Select <Programs>.
      Programs
    3. Select <Java>.
      Select Java
    4. Click <About>.
      Click About
    5. Java Version is displayed as below.
      Java Version
  • How can I check the Java version on my PC (Windows 8.1)?
    Expand
    1. For Machine with touch screen: Swipe in from the right edge of the screen.
    2. For Machine without touch screen: Move the mouse pointer to upper right corner and wait for 1 second.
    3. Select <Settings>.
    4. Select <Control Panel>.
    5. Select <Programs>.
      Programs
    6. Select <Java>.
      Select Java
    7. Click <About>.
      Click About
    8. Java Version is displayed as below.
      Java Version
  • How can I check the Java version on my PC (Windows 10)?
    Expand
    1. Open <Control Panel> from <Start> menu.
    2. Select <Programs>.
      Programs
    3. Select <Java>.
      Select Java
    4. Click <About>.
      Click About
    5. Java Version is displayed as below.
      Java Version
  • How can I check the Java version on my Mac?
    Expand
    1. Open <System Preferences> from <Apple> menu.
    2. Select <Java>.
      Select Java
    3. Click <About>.
      Click About
    4. Java Version is displayed as below.
      Java Version

Technical support - About printing

  • Is Java required for printing?
    Expand

    From 23 June 2016, Java is no longer required for printing.

  • Why are there headers and footers overlapping with the contents of my printouts?
    Expand

    Headers and footers are printed by defaults on some browsers and they may overlap with the contents of your documents. You can remove the header and footer by changing your browser settings.

  • Why does a single page document span across two pages when printed?
    Expand

    All printouts in eHealth are formatted to "A4" paper size. If your printer is set to other paper sizes, the printouts may not fit to the page as designed. You can follow the steps below to change the default paper size to "A4".

    1. Click Windows button, then select <Devices and Printers>.

      Devices and Printers
    2. Right click on the "default" printer icon (the one with a green tick), then select <Printing preferences> menu item.

      Printing preferences
    3. Change paper size to <A4> and then click the <Apply> button. Note that the printing preferences layout might vary depending on your printer model and driver.
  • How can I remove the headers and footers from my printouts on Internet Explorer (IE) 11?
    Expand
    1. Click on the <gear icon>, select <Print>, then <Page Setup…> in the menu.

      Page Setup
    2. Change all options under the <Headers and Footers> section to <-Empty-> and click <OK> button.

      Headers and Footers
  • Why does a single page document span across two pages when printed?
    Expand

    All printouts in eHealth are formatted to "A4" paper size. If your printer is set to other paper sizes, the printouts may not fit to the page as designed. You can follow the steps below to change the default paper size to "A4".

    1. Click the <Mac icon>, then select <System Preferences…> menu item.

      System Preferences
    2. In System Preferences, select <Printers & Scanners> icon.

      Printers & Scanners
    3. In Printer & Scanners, click on <Default paper size> drop down menu and select <A4>. Click the red circle button on the top-left corner to exit.

      Printers & Scanners
    4. Restart all browsers.
  • How can I remove the headers and footers from my printout on Safari?
    Expand
    1. Click <File>, then <Print…> menu item.

      Print
    2. Un-check <Print headers and footers> then click <Cancel>.

      Print headers and footers

Support - Manage accounts

  • It is a common practice in my clinic / hospital that clerical (or nursing) colleague will share the clinician's clinical system user account to access and print information of patient to facilitate the consultation. Is it acceptable to share account to access the Electronic Health Record Sharing System (eHealth)?
    Expand
    1. eHealth user account is on individual user basis.
    2. For security and privacy concern, sharing of user account is not allowed.
    3. Each access is logged and subject to audit and the patient may receive notification of their records being accessed.
  • What should I do if my eHealth security token is lost?
    Expand

    You should immediately report to the healthcare provider (HCP) you are working for or the Electronic Health Record (eHR) Registration Office (RO) via the HCP Hotline at 3467 6230. (After language selection, please press "2" for eHR account management, then input your Hong Kong identity card number for identity authentication. Next, please press "3" to report loss of security token.)

    After reporting loss, your security token can no longer be used by anyone possessing it. Please contact the user administrator of your HCP to change the Second Authentication Factor to One-Time Password and unlock the account for you.