1. Registration as healthcare providers in eHealth and promulgation of eHealth

1. HCPs meeting the registration requirements set out in the eHealth Ordinance may apply to the eHRC for registration in eHealth.
2. HCPs should maintain an updated registration record, including the business registration, contact persons, details of participating hospital(s) or clinic(s) and service locations, etc. They should inform the eHRC timely for changes in business nature and clinical services and provide all necessary supporting information for verification.
3. HCPs should withdraw from eHealth if they no longer fulfil the registration requirements, e.g. change of nature of services or termination of business.
4. HCPs should observe the conditions of registration of HCP in eHealth set by the eHRC (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHealth).
5. HCPs should be aware that their registration may be suspended or cancelled by the eHRC due to breaching of any requirement specified by the eHRC. Any such suspension or cancellation of registration may affect access and use of their HCRs’ records in eHealth.
6. HCPs should follow recommendations given by the eHR Office for promulgation of eHealth.
7. HCPs should be aware that the eHR Office may from time to time update the information of Relevant HCPs¹ through various platforms (e.g. on internet: www.ehealth.gov.hk) for public awareness.

¹ Information may include name, service location of HCPs and scope of data being shared to eHealth.

 

2. Handling registration of healthcare recipient

1. HCPs should observe the requirements set out by the eHRC for registering HCRs in eHealth (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHealth).
2. HCPs should ensure accurate capture and verification of HCRs’ information during registration.
3. HCPs should submit a copy and retain appropriate original supporting documents of the HCRs for verification.
4. HCPs should observe the conditions (See SDM arrangement for eHR sharing) which would allow a SDM to act for an HCR who is incapable of giving consent in registration and related matters.
5. HCPs should ensure that their administrative staff handle an HCR’s and/or his/her SDM’s Hong Kong Identity Card with care and in accordance with the guideline(s) issued by the PCPD when handling the HCR’s registration and consent matters.
6. HCPs should take reasonable steps to ensure that an HCR and his/her SDM understand and agree with the purpose of using their personal data for:
   1. giving consent to join eHealth;
   2. giving Sharing Consent to HCP; and
   3. updating registration information (e.g. withdrawal from eHealth or revoking consent to an HCP) and related matters.
7. HCPs should update registration information of an HCR and his/her SDM if necessary and timely inform the eHR Office (e.g. HCR’s name, sex, date of birth, number of Hong Kong Identity Card or other travel documents).

 

3. Obtain healthcare recipient's consent for eHR access

1. HCPs should obtain explicit, informed consent from an HCR or his/her SDM (if applicable) for:
   1. The HCR’s registration in eHealth (including the giving of a Joining Consent); and
   2. Sharing² of the HCR’s Sharable Data through eHealth.
2. HCPs should take the following actions to ensure that the HCR’s or his/her SDM’s consent (if applicable) is valid and well-informed by:
   1. Providing sufficient, relevant and comprehensible information (e.g. Participant Information Notice, pamphlets, posters, etc.)
   2. Obtaining consent from SDM of the HCR who is incapable of giving consent (See SDM arrangement for eHR sharing); and
   3. Confirming with the HCR or his/her SDM that the consent is voluntary.
3. HCPs should be aware of the general principles of handling consent given by HCR:
   1. An HCR can give consent to register with or withdraw from eHealth, and give or revoke Sharing Consent, unless he/she is a minor under age 16 or if he/she is an adult and there is evidence that he/she is incapable of giving consent.
   2. For a minor or an HCR who is incapable of giving consent, consent should be given by his/her SDM.
4. HCPs should verify the identity of an HCR and his/her Authorized Person (if applicable) who submits forms on behalf of the HCR or SDM (if applicable) who handles registration and consent matters on behalf of the HCR.
5. HCPs should verify the identity of a SDM and confirm with the SDM that he/she has read and understood the Participant Information Notice, in particular the Important Notes for SDM Handling Registration Matters on Behalf of an HCR.
6. HCPs should be acquainted with the types of persons eligible to act as a SDM for a particular class of HCR as stipulated by the eHealth Ordinance (See SDM arrangement for eHR sharing), who may give a substitute consent for that class of HCR to register with or withdraw from eHealth and to give Sharing Consent(s) to HCP(s).
7. HCPs should always request an HCR’s own expressed preference where possible. If the HCR clearly expresses his/her intent, the HCP should carefully assess whether his/her case indeed requires any SDM.
8. HCPs should be aware that where there is no other eligible SDM available and the HCP considers that it is in the best interest for the HCR, the HCP can choose to give consent for registration (including Joining Consent) and sharing in eHealth, by appointing a designated person under its charge to assume the role and perform the tasks serving as the SDM of the HCR.
9. HCPs should be aware that Sharing Consent being given after the effective date of the amendements to the eHealth Ordinance, i.e. 1 December 2025, will be in effect until the HCR’s registration is withdrawn from eHealth or cancelled by the eHRC or the consent is revoked. However, if a Sharing Consent is given before the said effective date, the former relevant provisions continue to apply in relation to the consent on or after the effective date as if the former relevant provisions had not been amended, i.e. it can be an “Indefinite Sharing Consent” or a “One-year Sharing Consent”.
10. HCPs should be aware that Sharing Consent given by an HCR to the HCP is in effect until it is being revoked or the registration of the HCR is being withdrawn or cancelled.
11. HCPs should not share health information of HCRs who have withdrawn from eHealth or whose registration has been cancelled.
12. It is advisable that HCPs should inform an HCR, as far as practicable, before accessing his/her eHR and be aware that the HCR will receive a notification from eHealth of the access to his/her eHR in a form chosen by the HCR, including but not limited to the following:
    1. Electronic message [e.g. Short Message Service (SMS) and notification in eHealth App];
    2. Postal mail; and
    3. Email.
13. HCPs should provide HCRs with access to their organisation’s privacy policy document(s) and information about the kinds of data from their health record system that will be shared and the purposes of sharing to eHealth.

² If a Sharing Consent is given before the effective date of the amendments to the eHealth Ordinance (i.e. 1 December 2025), the former relevant provisions continue to apply in relation to the consent on or after the said effective date as if the former relevant provisions had not been amended by the Electronic Health Record Sharing System (Amendment) Ordinance 2025.

 

4. Healthcare providers to manage any authorised user's user account

1. HCPs should be responsible for creating and maintaining user account(s) for any authorized user³ in eHealth, including checking and updating their HCProfs’ registration status for validation in a timely manner.
2. HCPs should seek agreement from the authorized user(s), if necessary, for the creation of user account(s) in eHealth and verification of the professional registration status of user(s) (if applicable) for access to eHealth.
3. HCPs should close the account of any departed person in eHealth in a timely manner after the last day of service of the person.
4. HCPs should issue appropriate authentication means (e.g. log-in passwords), according to the guidelines issued by the eHR Office to their HCProf(s) to access eHealth (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHealth).
5. HCPs should ensure that only authorized HCProfs with the “need-to-know” can access the eHR of HCRs under their care in accordance with the pre-defined professional role(s) and access rights.
6. HCPs should take reasonable and practical steps to ensure that their authorized user(s) respect(s) and has/have adequate awareness and knowledge of personal privacy, information confidentiality and system security⁴.
7. HCPs should ensure that their authorized user(s) is/are aware that using HCRs’ information from eHealth for direct marketing is forbidden.
8. HCPs should take reasonable and practicable steps to ensure that the HCProf(s) is/are properly observing the security control measures (e.g. using log-in passwords properly).
9. HCPs should appoint appropriate administrative and technical staff as contact person(s) to communicate with the eHR Office for matters relating to eHealth operation, including user account management (Please see Roles and Responsibilities of User Administrator in eHealth).
10. 2.4.10. HCPs should supervise and monitor their staff in carrying out administrative and technical duties, including but not limited to:
    1. Registering and managing registration information of HCP in eHealth;
    2. Registering and managing registration information of HCRs in eHealth;
    3. Registering and managing registration information of HCProf in eHealth; and
    4. Performing regular reporting, exceptional reporting and cooperating with the eHR Office in audit on eHealth operations.

³ Authorized user may include any person authorized by respective HCP, who has clinical, administrative or technical duties and uses or supports operation of eHealth. ⁴ Reasonable and practical steps may include setting out confidentiality as an obligation under the terms of employment and human resource management policy and providing regular staff training and reminders and notice to staff.

 

5. Manage healthcare providers' own clinical records

1. HCPs should maintain clear and updated clinical records for the HCRs. eHR should not be taken as a replacement of HCP’s own health records.
2. HCPs should ensure the data in their medical record systems are accurate for sharing.
3. HCPs should provide the health information of an HCR after each episode of care as soon as possible if the information is readily and electronically available and within the sharable scope (See Sharable clinical data in eHealth sharing), and the HCR has given a Relevant Joining Consent or a Relevant Sharing Consent to this HCP which was given before 1 December 2025 and remains in effect.
4. HCPs should be aware that any data obtained from eHealth shall become part of the HCP’s health records and HCPs should define and follow their own data retention policy in accordance with the PD(P)O.
5. HCPs should ensure proper filing and record keeping, according to their own record management policies, of any HCR’s health records which are obtained from eHealth, and prevent unauthorized access of these health records.

 

6. Provision of specified health data to eHealth by specified HCPs

1. The eHRC may require Specified HCPs who provide healthcare services in Hong Kong and possess specified Health Data of Registered HCRs to deposit the specified Health Data into eHealth. This requirement applies when the Registered HCR has given either a Relevant Sharing Consent to the Specified HCP or a Relevant Joining Consent, except where the Registered HCR has explicitly issued a notice prohibiting data sharing to eHealth.
2. Specified HCPs must ensure the establishment and maintenance of appropriate technical systems and controls that enable the secure, accurate, and timely provision of specified Health Data to eHealth in accordance with the technical and operational requirements prescribed by the eHRC.
3. Specified HCPs should deposit the data in the prescribed form and manner determined by the eHRC within specified timeframes, thereby ensuring that timely and accurate data is available in the HCRs’ eHealth accounts.
4. Specified HCPs must fully respect and adhere to any explicit refusal notices from Registered HCRs and must refrain from depositing any specified Health Data without valid consent (i.e. a Relevant Sharing Consent or a Relevant Joining Consent).
5. In cases where the eHRC determines that a Specified HCP has contravened the data provision requirement, the eHRC may issue a written enforcement notice specifying the nature of the contravention, the relevant Health Data, the affected Registered HCRs, the deadline and manner for compliance, and inform the Specified HCP of the right to appeal. The Specified HCP must either comply with the notice or submit an appeal within the designated period.
6. Specified HCPs are required to maintain comprehensive records of data provision activities, consents obtained or refusal notices received, in accordance with good governance practices and to facilitate any audit or investigation as mandated by the eHRC.

 

7. Ensure general system security

1. HCPs should implement and monitor proper use of security control measures in eHealth set out by the eHR Office from time to time, which shall include the following:
   1. Keep and access enabled computers (i.e. with appropriate certification software) only in secured physical locations (e.g. access within secured workplace, clinic or office) and avoid access to eHealth in public area such as internet cafe or public library;
   2. Keep and maintain security in wired and wireless network for computers connecting to eHealth;
   3. Keep computer system and software updated with latest security patches applied;
   4. Use only licensed / legal computer software and with latest security patches applied and avoid using peer-to-peer software (e.g. Foxy or Bit Torrent, etc.);
   5. Install appropriate anti-virus and anti-spyware software;
   6. Ensure authorized users log off eHealth and local Electronic Medical Record (eMR) systems after use;
   7. Enable automatic screen-lock or screen-saver with password protection on computer workstation and set up reasonable idle time;
   8. Ensure authorized users observe password policies (e.g. use of strong password with regular updates, avoid writing down or sharing of passwords; change eHealth assigned passwords immediately after successful login for the first time);
   9. Record and manage access rights assigned to all authorized users according to the roles in delivering healthcare to the HCPs;
   10. Assign individual account for each authorized user and ensure that he/she will properly use the account with security log-on measures (e.g. log-in passwords) and protect it against unauthorized use (e.g. sharing with others); and
   11. Provide security and privacy awareness trainings to users regularly, ensuring the proper use of eHealth in accordance with appropriate security and privacy requirements.
2. HCPs should cooperate with the eHR Office for audit or investigation which is in relation to the operation of eHealth, if necessary.
3. HCPs should maintain relevant system audit logs about access to eHealth through local eMR system(s), if applicable (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHealth).
4. HCPs should perform regular monitoring and audit on system behaviour for identification of abnormality, intrusion and potential system fault or user misbehaviour, if applicable.
5. HCPs should report, as soon as possible, to the eHR Office any suspected or confirmed security incidents, privacy incidents and suspected or confirmed security weakness relating to the access or use of eHealth.

 

8. Make data sharing to eHRSS secured⁵

1. HCPs should endeavour to comply with standards, policies and requirements on security and data sharing issued by the eHRC (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHealth).
2. HCPs should perform self-assessment and test with the eHR Office for data readiness and interoperability before sharing information to eHealth (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHealth).
3. HCPs should perform system connection test with the eHR Office for data sharing according to security requirements and other specifications (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHealth).
4. HCPs should provide the amended and updated records in local eMR to eHealth, if any, of the relevant records were previously shared to eHealth.
5. HCPs should perform periodic Security Risk Assessment and Audit (SRAA) of their own eMR system(s), if applicable, or perform appropriate security assessment and fix any identified security loop holes according to the requirements specified by the eHR Office for system connection (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHealth). Any identified security risks or non-conformance with the security requirements should be rectified in a timely manner.

⁵ This section applies for sharing of data from local electronic medical record system to eHealth.

 

9. Handling data access request and data correction request

1. HCPs should advise an HCR to approach the eHR Office for Data Access Request (DAR) for personal data being shared in eHealth.
2. HCPs should handle Data Correction Request (DCR) in accordance with the relevant provisions in PD(P)O and eHealth Ordinance.
3. HCPs should be aware that DCR for demographic data (e.g. name, number of identity documents, date of birth or sex) in eHealth can be handled by either the eHR Office or a Prescribed HCP.
4. HCPs should be aware that DCR for the HCR’s health data in eHealth should be reviewed by the HCP who contributed and shared that related health information to eHealth, according to the established workflows for handling such requests by the eHR Office (See Policies, Guidelines & Procedures and other relevant information released by eHR office for participating in eHealth).
5. HCPs should update and provide corrected health record(s) to eHealth, as soon as possible, once an error of the HCR’s health record is noted and rectified.
6. HCPs should exercise careful judgement to handle the DCR and to inform the HCR and the eHR Office the result of such request and the reason of refusal, if the request is being refused.