1. Registration as healthcare providers in eHRSS and promulgation of eHRSS

1. Healthcare providers meeting the registration requirements set out in Electronic Health Record Sharing System Ordinance (Cap. 625) ("eHRSSO" or "the Ordinance") may apply to the Commissioner for the Electronic Health Record ("the Commissioner" or "eHRC") for registration in eHRSS.
2. Healthcare providers should maintain an updated registration record, including their business registration, contact persons, details of participating hospital(s) or clinic(s) and service locations, etc. They should inform eHRC timely for changes in business nature and clinical services and provide all necessary supporting information for verification.
3. Healthcare providers should withdraw from eHRSS if they no longer fulfil the registration requirements, e.g. change of nature of services or termination of business.
4. Healthcare providers should observe the conditions of registration of healthcare providers in eHRSS set by the eHRC (See Policies, Guidelines & Procedures and other relevant information released by electronic health record office (eHR) for participating in eHRSS).
5. Healthcare providers should be aware that their registration may be suspended or cancelled by eHRC due to breaching of any specified requirement set out by eHRC. Any such suspension or cancellation in registration may affect access and use of their healthcare recipients’ records in eHRSS.
6. Healthcare providers should follow recommendations by the eHR Office for promulgation of eHRSS.
7. Healthcare providers should be aware that the eHR Office may from time to time update the information of prescribed healthcare providers¹ through various platforms (e.g. on internet: www.ehealth.gov.hk) for public awareness.

¹ Information may include name, service location of healthcare providers and scope of data being shared to eHRSS

 

2. Handling registration of healthcare recipient

1. Healthcare providers should observe the requirements set out by the eHRC for registering healthcare recipients in eHRSS (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHRSS).
2. Healthcare providers should ensure accurate capture and verification of healthcare recipients information during registration.
3. Healthcare providers should submit a copy and retain appropriate original supporting documents of the healthcare recipients for verification.
4. Healthcare providers should observe the conditions (See SDM arrangement for eHR sharing) which would allow a Substitute Decision Maker (SDM) to act for healthcare recipients who are incapable of giving consent in registration and related matters.
5. Healthcare providers should ensure their administrative staff handle healthcare recipients’ and/or SDM’s Hong Kong Identity Card with care and in accordance with the guideline issued by the PCPD for handling healthcare recipient registration and consent matters.
6. Healthcare providers should take reasonable steps to ensure healthcare recipients and their SDMs understand and agree with the purpose of using their personal data for:
   1. Giving consent to join eHRSS;
   2. Giving sharing consent to healthcare providers; and
   3. Updating registration information (e.g. healthcare recipient withdrawing from eHRSS or revoking consent to a healthcare provider) and related matters.
7. Healthcare providers should update registration information of their healthcare recipients and their SDMs if necessary and timely inform the eHR Office (e.g. healthcare recipient’s names, sex, date of birth, number of Hong Kong Identity Card or other travel documents).

 

3. Obtain healthcare recipient's consent for eHR access

1. Healthcare providers should obtain explicit, informed consent from healthcare recipient or his/her SDM (if applicable) for:
   1. healthcare recipient registration in eHRSS and
   2. sharing of healthcare recipient's health information through eHRSS
2. Healthcare providers should take the following actions to ensure healthcare recipient’s or his/her SDM’s consent (if applicable) is valid and well-informed by:
   1. Providing sufficient, relevant and comprehensible information (e.g. Participant Information Notice, pamphlets, posters, etc.)
   2. Obtaining consent from SDM for healthcare recipient who is incapable of giving consent (See SDM arrangement for eHR sharing); and
   3. Confirming with the healthcare recipient or his/her SDM that the consent is voluntary.
3. Healthcare providers should be aware of the general principles of handling consent by healthcare recipients:
   1. A healthcare recipient can give consent to register with or withdraw from eHRSS, and to give or revoke sharing consent unless he/she is a minor under age 16 or if he/she is an adult and there is evidence that he/she is incapable of giving consent.
   2. For minors and healthcare recipients who are incapable of giving consent, consent should be given by their SDMs.
4. Healthcare providers should verify the identities of the HCR and AP, who handles registration and consent matters on behalf of the HCR.
5. Healthcare providers should verify the identity of the SDM and confirm with the SDM that he/she has read and understood the Participant Information Notice, in particular the Important Notes for SDM Handling Registration Matters On Behalf of an HCR.
6. Healthcare providers should be acquainted with the types of persons eligible to act as a SDM for a particular class of healthcare recipient as stipulated by eHRSSO (See SDM arrangement for eHR sharing), who may give a substitute consent for that class of healthcare recipient to register with or withdraw from eHRSS and to give sharing consent to healthcare provider(s).
7. Healthcare providers should always request the healthcare recipient’s own expressed preference. If the healthcare recipient clearly expresses his/her intent, the healthcare providers should carefully assess whether his/her case indeed requires any SDM.
8. Healthcare providers should be aware that where there is no other eligible SDM available and the healthcare providers consider that it is in the best interest for the healthcare recipients, the healthcare providers can choose to give consent for registration and sharing in eHRSS (healthcare providers should appoint designated person under their charges to assume the role and perform the tasks serving as the SDM of the healthcare recipients).
9. Healthcare providers should be aware that there are two types of Sharing Consent: “Indefinite Sharing Consent” & “One-year Sharing Consent”.
10. Healthcare providers should be aware that “Indefinite Sharing Consent’ is in effect until it is revoked or the registration of the healthcare recipient is withdrawn or cancelled.
11. Healthcare providers should be aware that “One-Year Sharing Consent” to healthcare providers is valid for one year unless it is revoked or the registration of the healthcare recipient is withdrawn or cancelled.
12. Healthcare providers should not share health information of healthcare recipients who have withdrawn from registration or revoked their sharing consent through eHRSS.
13. It is advisable that healthcare providers should inform healthcare recipients, as far as practicable, before accessing their eHR and be aware that healthcare recipients will receive a notification from eHRSS for access to their eHR in the form chosen by the healthcare recipients including but not limited to the following:
    1. electronic message [e.g. Short Message Service (SMS)];
    2. postal mail; and
    3. email
14. Healthcare providers should provide healthcare recipients with access to their organisations’ privacy policy document(s) and information about the kinds of data from their health record system that will be shared and the purposes of sharing to eHRSS.

 

4. Healthcare providers to manage any authorised person's user account

1. Healthcare providers should be responsible for creating and maintaining user accounts for any authorised users² in eHRSS including checking and updating their healthcare professionals’ registration status for validation in a timely manner.
2. Healthcare providers should seek agreement from the authorised users, if necessary, for creation of their user accounts in eHRSS and verification of their professional registration status for access to eHRSS.
3. Healthcare providers should close the accounts of departed persons in eHRSS in a timely manner after their last day of service.
4. Healthcare providers should issue appropriate authentication means (e.g. log-in passwords), according to the guidelines issued by the eHR Office to their healthcare professionals to access eHRSS (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHRSS).
5. Healthcare providers should ensure that only authorised healthcare professionals with the “need-to-know” can access the eHR of healthcare recipients under their care in accordance with their pre-defined professional roles and access rights.
6. Healthcare providers should take reasonable and practical steps to ensure that their authorised users respect and have adequate awareness and knowledge of personal privacy, information confidentiality and system security³.
7. Healthcare providers should ensure that their authorised users are aware that using healthcare recipients’ information from eHRSS for direct marketing is forbidden.
8. Healthcare providers should take reasonable and practicable steps to ensure their healthcare professionals properly use security controls (e.g. log-in passwords).
9. Healthcare providers should appoint appropriate administrative and technical staff, as contact person(s) to communicate with the eHR Office for matters related to eHRSS operation including user account management. (Please see Roles and Responsibilities of User Administrator in eHRSS)
10. Healthcare providers should supervise and monitor staff carrying out administrative and technical duties, including but not limited to:
    1. Registering and managing registration information of healthcare providers in eHRSS;
    2. Registering and managing registration information of healthcare recipients in eHRSS;
    3. Registering and managing registration information of healthcare professionals in eHRSS; and
    4. Performing regular reporting, exceptional reporting and cooperating with the eHR Office in audit on eHRSS operations.

² Authorised user may include any person authorised by respective healthcare provider, who has clinical, administrative or technical duties and uses or supports operation of eHRSS ³ Reasonable and practical steps may include setting out confidentiality as an obligation under the terms of employment and human resource management policy and providing regular staff training and reminders and notice to staff

 

5. Manage healthcare providers' own clinical records

1. Healthcare providers should maintain clear and updated clinical records for their healthcare recipients. eHR should not be taken as a replacement of a healthcare providers’ own health records.
2. Healthcare providers should ensure the data in their medical record system is accurate for sharing.
3. Healthcare providers should share the health information of their healthcare recipients who have given consent for sharing of their health records in eHRSS if the information is readily and electronically available and within sharable scope (See Sharable clinical data in initial phase of eHRSS sharing) after each episode of care as soon as possible.
4. Healthcare providers should be aware that any data obtained from eHRSS shall become part of the healthcare providers’ health records and they should define and follow their own data retention policy in accordance with PD(P)O (Cap 486).
5. Healthcare providers should ensure proper filing and record keeping of any health records of healthcare recipients printed or obtained from eHRSS according to the healthcare providers’ own record management policies and prevent them from unauthorised access.

 

6. Ensure general system security

1. Healthcare providers should implement and monitor proper use of security measures in eHRSS set out by the eHR Office from time to time:
   1. Keep and access enabled computers (i.e. with appropriate certification software) only in secured physical locations (e.g. access within secured workplace, clinic or office) and avoid access to eHRSS in public area such as internet cafe or public library;
   2. Keep and maintain security in wired and wireless network for computers connecting to eHRSS;
   3. Keep computer system and software updated with latest security patches applied;
   4. Use only licensed / legal computer software and with latest security patches applied and avoid using peer-to-peer software (e.g. Foxy or BitTorrent, etc.);
   5. Install appropriate anti-virus and anti-spyware software;
   6. Ensure authorised users log off eHRSS and local Electronic Medical Record (eMR) systems after use;
   7. Enable automatic screen-lock or screen-saver with password protection on computer workstation and set up reasonable idle time;
   8. Ensure authorised users observe password policies (e.g. use of strong password with regular updates, avoid writing down or sharing of password; change eHRSS assigned password immediately after successful login for the first time);
   9. Record and manage access rights assigned to all authorised users according to their roles in delivering healthcare to the healthcare recipients;
   10. Assign individual account for each user and ensure him/her will use properly any means of security log-on measures (e.g. log-in passwords) and protect against unauthorised use (e.g. sharing with others); and
   11. Provide security and privacy awareness training to authorised users to ensure their proper use of eHRSS in accordance with appropriate security and privacy requirements.
2. Healthcare providers should cooperate with the eHR Office for auditing or investigations in relation to the operation of eHRSS if necessary.
3. Healthcare providers should maintain relevant system audit logs about access to eHRSS through their eMR systems, if applicable (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHRSS).
4. Healthcare providers should perform regular monitoring and audit on system behaviour for identification of abnormality, intrusion and potential system fault or user misbehaviour, if applicable.
5. Healthcare providers should report as soon as possible to the eHR Office any suspected security incidents, privacy incidents and suspected security weakness related to assess and use of eHRSS.

 

7. Make data sharing to eHRSS secured⁴

1. Healthcare providers should endeavour to comply with standards, policies and requirements on security and data sharing issued by eHRC (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHRSS).
2. Healthcare providers should perform self-assessment and tests with eHR Office for data readiness and interoperability before sharing information to eHRSS (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHRSS).
3. Healthcare providers should perform system connection testing with the eHR Office for data sharing according to security requirements and other specifications (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHRSS).
4. Healthcare providers should provide amended and updated records in their eMR to eHRSS if previous records have been shared to eHRSS.
5. Healthcare providers should perform periodic Security Risk Assessment and Audit (SRAA) of their own eMR systems, if applicable, or perform appropriate security assessment and fix any identified security loop holes according to the requirements specified by the eHR Office for system connection (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHRSS). Any identified security risks or non-conformance with the security requirements should be rectified in a timely manner.

⁴ This section applies for sharing of data from local electronic medical record system to eHRSS

 

8. Handling data access request (DAR) and data correction request (DCR)

1. Healthcare providers should advise healthcare recipients to approach the eHR Office for Data Access Request for personal data contained in eHRSS.
2. Healthcare providers should handle Data Correction Request in accordance with the relevant provisions in PD(P)O (Cap 486) and eHRSSO.
3. Healthcare providers should be aware that Data Correction Request for demographic data (e.g. name, number of identity documents, date of birth or sex) in eHRSS can be handled by both the eHR Office or a prescribed healthcare provider
4. Healthcare providers should be aware that Data Correction Request for the healthcare recipients’ health data in eHRSS should be reviewed by the healthcare providers who have contributed and shared that health information to eHRSS according to established workflow for handling such requests by the eHR Office (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHRSS).
5. Healthcare providers should update and provide corrected health records to eHRSS as soon as possible once an error of their healthcare recipient’s health record is noted and rectified.
6. Healthcare providers should exercise careful judgement to handle the data correction request and to inform the healthcare recipients and the eHR Office the result of such requests and the reason of refusal if the request is refused.
7. Healthcare providers should make a note and attach a note to the healthcare recipient’s record and provide to eHRSS if the Data Correction Request is refused and the data to which it relates is an expression of opinion according to the PD(P)O (Cap 486).