Privacy Policy Statement


Electronic Health Record Sharing System (eHRSS) is established under the Electronic Health Record Sharing System Ordinance (Cap 625) (eHRSSO). It is operated by the Electronic Health Record (eHR) Office, which is under the Food & Health Bureau and led by the Commissioner for the Electronic Health Record (eHRC). The eHR Office shall commit and take reasonably practicable steps to protect the privacy, confidentiality and security of the personal information in accordance with the requirements of the Personal Data (Privacy) Ordinance (PD(P)O) and the guidance provided in the information leaflets and other publications issued by the Office of the Privacy Commissioner for Personal Data as well as any other relevant requirements under the laws of Hong Kong.


All personal data contained in eHRSS is sensitive data requiring appropriate care and protection. eHR Office has adopted a series of policies, guidelines and best practices for the collection, retention, uses, disclosure, protection and facilitation of access and correction of personal data contained in the eHRSS to ensure compliance with the law:

Collection of personal data

Retention of personal data

Uses of personal data

Disclosure of personal data

Security of personal data

Sharing of information from minors or adults and is incapable of giving consent

Outsourcing arrangements

Data Access Request (DAR) and Data Correction Request (DCR)


We keep our privacy policy statement under regular review. This statement was last updated on 27 February 2018.

  1. Sharing Consent given by the HCR or the SDM (if applicable) is for the prescribed healthcare provider to share the data of the HCR through the eHRSS with other prescribed HCR(s) who also have obtained a Sharing Consent from the HCR or the SDM.
  2. Joining Consent given by the HCR or the SDM (if applicable) is for the eHRC to share data with prescribed healthcare providers who has obtained Sharing Consent from the HCR or the SDM.