1. Practical guidelines for use of eHealth
This Code of Practice (COP) is issued by the Commissioner for the Electronic Health Record (“the Commissioner” or “eHRC”) under section 52 of the Electronic Health System Ordinance (Cap. 625) (“eHealth Ordinance”).
This COP serves as an important guideline for Healthacre Providers (HCPs) and Healthcare Professionals (HCProfs) to comply with the requirements of the eHealth Ordinance. It sets out the major principles, standards and best practices for using eHealth in a secure and proper manner and it should not be regarded as exhaustive. While some flexibility in approach is allowed, it is strongly recommended to adhere to the practices outlined herein to safeguard the security and privacy of Health Data for all participants. Failure to implement appropriate measures may elevate the risk of security or privacy incidents and could ultimately jeopardize the continued access to eHealth.
Mere non-compliance with this COP by itself does not render the person to any criminal proceeding unless such action of breach in itself constitutes an offence under the eHealth Ordinance or other ordinances.
This COP issued by the eHRC is different from documents / codes with similar titles issued by other regulatory bodies for governing the conduct and behaviour of HCProfs or by the Office of the Privacy Commissioner for Personal Data (Privacy Commissoner) for overall protection of personal data under the Personal Data (Privacy) Ordinance (PD(P)O) (Cap. 486).
2. Target audience
Section 2 - COP for Management Executives, Administrative and Technical Staff using eHealth provides general and practical guidance for Management Executives, Administrative and Technical Staff working in HCPs who have participated in eHealth.
Section 3 - COP for Healthcare Professionals using eHealth provides general and practical guidance specific for HCProfs using eHealth for sharing health information for providing healthcare to Healthcare Recipients (HCRs).
3. Use of code of Practice
Reading this COP facilitates understanding and compliance with the eHealth Ordinance and other relevant ordinances to safeguard HCRs’ privacy and confidentiality for using eHealth. In compiling this COP, reference has been made to similar guidelines issued by various authorities and renowned organisations overseas where electronic medical or patient record systems have been implemented (See References for developing this Code of Practice).
Participants are recommended to read this COP in conjunction with the eHealth Ordinance, PD(P)O and other references quoted throughout this document. Other useful references include guidelines, notices, newsletters and relevant updated information issued by the Electronic Health Record (eHR) Office (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHealth). Participants are also reminded to refer to the Codes of Practice and Guidelines issued by the Office of the Privacy Commissioner regarding protection of personal data privacy (See Reference from the office of the Privacy Commissioner for Personal Data (PCPD)).
The eHRC may, from time to time, revise the whole or any part of this COP and publish further guidelines and other requirements for operation of eHealth. Latest version of the document can be accessed at the website of eHealth (www.ehealth.gov.hk).
4. Definition of terms
Authorised Person (AP)
Means a person who is authorized by the HCR to submit forms in relation to registration and consent matters on behalf of the HCR under the requirements of the eHealth Ordinancea
Commissioner for the Electronic Health Record (eHRC)
Means the public officer appointed under section 48 of eHealth Ordinance (Cap. 625) to operate and maintain eHealth
Data Access Request (DAR)
Means a request under section 18 of PD(P)O (Cap 486)
Data Correction Request (DCR)
Means a request under section 22(1) of PD(P)O (Cap 486)
Data Sharing
Means the act of providing or obtaining any sharable data of a Registered HCR through eHealth
Electronic Health System (eHealth or System)
Means the information infrastructure for keeping the eHRs of Registered HCRs, sharing and using of data and information contained in those eHRs, and for providing support in connection with, or facilitating, the provision of healthcare to Registered HCRs or health management by Registered HCRs
Electronic Health System Ordinance (Cap. 625) (eHealth Ordinance)
Means the ordinance which provides for the establishment of eHealth, the sharing and using of data and information, and the protection of eHealth, data and information; and to provide for incidental and related matters, which is amended by the Electronic Health Record Sharing System (Amendment) Ordinance 2025 with effect from 1 December 2025
Electronic Health Record (eHR)
Means, in respect of any Registered HCR, the record of data and information of the Registered HCR (or any part of it) kept in eHealth; and, in respect of any HCR who was once registered, but is no longer registered, the record of data and information in relation to such HCR that was kept in eHealth
Electronic Health Record Office (eHR Office)
Means the administrative office set up under the eHRC or engaged by the eHRC for operation and administration of the Electronic Health Record Sharing System
Electronic Health Record Sharing System (eHRSS)
Means the administrative office set up under the eHRC or engaged by the eHRC for operation and administration of eHealth
Health Data
Means the data and information relating to the health condition of, or to the healthcare provided or to be provided to, the HCR; or (if applicable) any life-sustaining treatment that is not to be provided to the HCR as stated in an instruction in an advance medical directive (as defined by section 2(1) of the Advance Decision on Life-sustaining Treatment Ordinance) of the HCR
Healthcare Professional (HCProf)
Means, in relation to this COP, a Hong Kong healthcare professional as specified in Access to eHealth by Healthcare Professionals
Healthcare Provider (HCP)
Means a person that provides healthcare in Hong Kong or elsewhere
Healthcare Recipient (HCR)
Means an individual for whom healthcare has been performed, is performed, or is likely to be performed in Hong Kong or elsewhere
Index Data
Means the personal particulars of the HCR that identify the HCR for the operation of eHealth
Identifiable
Means the identity of the HCR is ascertainable from the data or information
Joining Consent (being given before 1 December 2025)
Joining Consent being given by an HCR or a SDM (if applicable) before 1 December 2025, i.e. the effective date of the amendments to the eHealth Ordinance pursuant to the Electronic Health Record Sharing System (Amendment) Ordinance 2025, is for the eHRC to: (i) share data with a Prescribed HCP which has obtained a Sharing Consent from the HCR; and (ii) (if the Prescribed HCP has made a healthcare referral to another Prescribed HCP) share with that other Prescribed HCP the HCR’s sharable data relevant to the healthcare referral.
Non-identifiable
Means identity of an HCR is unascertainable from the data or information
PD(P)O
Means the Personal Data (Privacy) Ordinance (Cap. 486)
Personal Data
Means any data, according to PD(P)O:
- relating directly or indirectly to a living individual;
- from which it is practicable for the identity of the individual to be directly or indirectly ascertained; and
- in a form in which access to or processing of the data is practicable
Prescribed Healthcare Provider (Prescribed HCP)
Mean:
- the Department of Health;
- the Hospital Authority;
- the Primary Healthcare Commission;
- a healthcare facility managed or controlled by the Government, by the Hospital Authority, or by an HA subsidiary; or
- a registered HCP
Privacy Commissioner
Means the Privacy Commissioner for Personal Data established under section 5(1) of the PD(P)O
Registered Healthcare Recipient (Regsitered HCR)
Means an HCR who is registered under section 8(1) of eHealth Ordinance
Relevant Healthcare Provider (Relevant HCP)
Mean:
- a Prescribed HCP; or
- a recognized non-Hong Kong HCP
Relevant Joining Consent
Means a joining consent given by a Registered HCR or a SDM (if applicable) on or after 1 December 2025, i.e. the effective date of the amendments to the eHealth Ordinance pursuant to the Electronic Health Record Sharing System (Amendment) Ordinance 2025, for the eHRC to: (i) obtain from a Relevant HCP or a recognized non-Hong Kong public health record system any Sharable Data of the Registered HCR; (ii) obtain from a Specified HCP any specified Health Data of the Registered HCR; (iii) provide a Relevant HCP or a recognized non-Hong Kong public health record system, to which the Registered HCR has given a Sharing Consent, any Sharable Data of the Registered HCR; and (iv) (if a Prescribed HCP has made a healthcare referral to another Prescribed HCP) provide to that other Prescribed HCP the Registered HCR’s Sharable Data relevant to the healthcare referral.
Relevant Sharing Consent
In relation to a Specified HCP, means a Sharing Consent given before 1 December 2025.
Sharable Data
Means the Index Data and the Health Data of an HCR and any other data or information of the HCR that is, in the eHRC’s opinion, necessary for the proper functioning of the eHealth.
Sharing Consent
Means a consent given by a Registered HCR or a SDM on behalf of an HCR (if applicable) to a Relevant HCP or a recognized non-Hong Kong public health record system under section 12 of eHealth Ordinance.
Specified Healthcare Provider (Specified HCP)
means an HCP who is required to provide specified data of an HCR to eHealth in the form and manner specified by the eHRC and within the specified period, pursuant to section 26Q of the eHealth Ordinance.
Substitute Decision Maker (SDM) (see SDM arrangement for eHR sharing)
Means an eligible person giving consent on behalf and in the name of an HCR under the requirements of eHealth Ordinance.
Use
In relation to data or information in an eHR, includes disclosure or transfer of the data or information.