The access right of each the Electronic Health Record Sharing System (eHealth) user is assigned according to his / her roles and duties in delivering patient care. Each user should only use his / her own account to access eHealth. Below are some tips to help users and user administrators manage the user accounts properly when using eHealth.

Tips for eHealth account user

  • The user account assigned to you belongs to you only. Do not disclose or share your user name, password and security token
  • Change your assigned password immediately after first time log-in. Set a strong password and change it regularly
  • Keep your account login information and security token safe (e.g. avoid writing down your password)
  • Log out eHealth after use
  • Report lost security token to the Electronic Health Record (eHR) Registration Office (RO) or the healthcare provider (HCP) you are working for immediately
  • Report suspicious access to eHR RO or the HCP you are working for immediately

Tips for user administrator

  • Assign individual account for each user and ensure proper use of any means of security log-in measures or devices (e.g. log-in password and security token)
  • Ensure only authorised healthcare professionals can access patients' eHRs
  • Update user information timely
  • Close account for departed user timely
  • Record and manage access rights assigned to each authorised user according to his / her roles and duties
  • Report suspicious access to eHR RO or the HCP you are working for immediately

To safeguard data privacy, all accesses by users to eHealth will be logged and are subject to audit and inspection. Patient will also receive notification through his / her selected communication means (SMS / email / postal mail) whenever his / her eHRs has been accessed.

Frequently asked questions

  • It is a common practice in my clinic / hospital that clerical (or nursing) colleague will share the clinician's clinical system user account to access and print information of patient to facilitate the consultation. Is it acceptable to share account to access eHealth?
    1. eHealth user account is on individual user basis.
    2. For security and privacy concern, sharing of user account is not allowed.
    3. Each access is logged and subject to audit and the patient may receive notification of their records being accessed.
  • What should I do if my eHealth security token is lost?

    You should immediately report to the HCP you are working for or the eHR RO via the HCP Hotline at 3467 6230. (After language selection, please press "2" for eHR account management, then input your Hong Kong identity card number for identity authentication. Next, please press "3" to report loss of security token.)

    After reporting loss, your security token can no longer be used by anyone possessing it. Please contact the user administrator of your HCP for allocation of a new security token for you.

  • Is user administrator required to collect the security token from a departed user after closing his / her eHealth user account?

    A user should not access eHealth under the HCP which he / she has departed from. User administrator should timely close the user account of the departed user under the HCP. Both user administrator and user should be aware that eHealth login information, i.e. token, user name and password are assigned to user individually. Hence, in general, if the departed user has eHealth account(s) created under other HCP(s) he / she is still working for, he / she may keep his / her security token. Otherwise, the user administrator should collect the security token for proper disposal, reallocation to other user after reactivation by eHR RO, or return it to eHR RO.