Electronic Health Record Sharing System (eHRSS) is established under the Electronic Health Record Sharing System Ordinance (Cap 625) (eHRSSO). It is operated by the Electronic Health Record (eHR) Office, which is under the Food & Health Bureau and led by the Commissioner for the Electronic Health Record (eHRC). The eHR Office shall commit and take reasonably practicable steps to protect the privacy, confidentiality and security of the personal information in accordance with the requirements of the Personal Data (Privacy) Ordinance (PD(P)O) and the guidance provided in the information leaflets and other publications issued by the Office of the Privacy Commissioner for Personal Data as well as any other relevant requirements under the laws of Hong Kong.
All personal data contained in eHRSS is sensitive data requiring appropriate care and protection. eHR Office has adopted a series of policies, guidelines and best practices for the collection, retention, uses, disclosure, protection and facilitation of access and correction of personal data contained in the eHRSS to ensure compliance with the law:
Collection of personal data
- Personal information shall be collected from healthcare recipients (HCRs), substitute decision makers (SDMs), or authorised persons (APs), healthcare providers (HCPs) and authorised users for particular purposes.
- Personal data for identifying and contacting the persons concerned (e.g. name, identity document number, contact information…etc.) shall be collected upon their registration in the eHRSS.
- Personal health data of any HCR may be shared by the HCPs with Sharing Consent1 given voluntarily by the HCR and in relation to sharing of his/her health data in eHRSS.
- Categories of personal health data collected and shared in eHRSS shall be specified by the eHR Office.
Retention of personal data
- The personal data shall be retained for uses in accordance with the eHRSSO . Different retention periods shall be applied to different kinds of personal data collected and held by the eHRSS in accordance with its Data Retention Policy defined by the eHR Office.
- Personal data which is no longer necessary for the purpose for which it is to be used shall be erased.
Uses of personal data
- Any personal data shall be used as permitted in accordance with the eHRSSO for:
- Improvement of efficiency, quality, continuity or integration of healthcare provided to the HCR;
- Research and statistics that are relevant to public health or public safety subject to prescribed conditions;
- Disease control and surveillance by the Department of Health, the Hospital Authority or a health officer under Prevention and Control of Disease Ordinance (Cap 599); and
- Such purposes of use as permitted by or under the laws of Hong Kong e.g. uses of handling registration or withdrawal in eHRSS, court proceedings, criminal investigation, etc.
Disclosure of personal data
- Except with prior consent by the persons concerned, eHR Office shall not transfer or disclose any collected personal information to any third party except as stated below:
- healthcare providers who have obtained sharing consent from the persons for sharing of their personal data for healthcare;
- person carrying out research and statistics approved in accordance with the requirements under eHRSSO;
- the Department of Health, the Hospital Authority or a health officer under Prevention and Control of Disease Ordinance (Cap 599) to carry out disease control and surveillance;
- person to whom we are required to make disclosure under any law or court order applicable in Hong Kong e.g. court proceedings, criminal investigation, referral to authority for investigation, etc.;
- person or entity whom we may appoint in writing to assist in performing a function and exercising a power of eHRC pursuant to eHRSSO; and
- personnel, agent, adviser, auditor, contractor or service provider engaged by us to provide services or advice (e.g. technical, security or data processing service…etc.) in connection with our operations.
Security of personal data
- eHR Office shall take reasonably practicable steps to ensure the security of personal data and to protect it against any unauthorised or accidental access, processing, erasure, loss or use.
Sharing of information from minors or adults and is incapable of giving consent
- Joining Consent2 and Sharing Consent shall be given by appropriate SDM as required under the eHRSSO.
- eHRSS is developed and maintained by the eHR Office. Any third-party service provider shall not have access to personal data stored in the eHRSS except when such access is carried out under the supervision of the eHR Office or a contractual agreement with the eHR Office, whereby clear security and confidentiality requirements and obligations exist and such arrangements shall comply with the requirements under DPP2(3) and DPP4(2) of the PD(P)O.
Data Access Request (DAR) and Data Correction Request (DCR)
- Sharing Consent given by the HCR or the SDM (if applicable) is for the prescribed healthcare provider to share the data of the HCR through the eHRSS with other prescribed HCR(s) who also have obtained a Sharing Consent from the HCR or the SDM.
- Joining Consent given by the HCR or the SDM (if applicable) is for the eHRC to share data with prescribed healthcare providers who has obtained Sharing Consent from the HCR or the SDM.