Electronic Health Record Sharing System (Amendment) Ordinance 2025

Supports the Enhancements and Sustainable Development of eHealth

The Electronic Health Record Sharing System (Amendment) Ordinance 2025 (the Amendment Ordinance) will come into effect on 1 December 2025. The following key amendments are available for reference.

• 1. Building a comprehensive personal electronic health record (eHR) for citizens

  Expand

  Streamlined Consent Mechanism

  Once citizens agree to join eHealth, their healthcare providers (HCPs) will be able to deposit health data into their personal eHealth accounts.

  Citizens will continue to retain full control over their personal data and can grant individual HCPs access to their eHealth records at their own will. (Citizens can manage their "Sharing Consent" at any time through the eHealth App.)

  

  Safeguard Citizens' Rights to Obtain Important Electronic Health Records

  Empower the Secretary for Health to require specified HCPs to deposit important specified health data into the personal eHealth accounts of citizens registered with eHealth.

  In principle, we will accord priority to eHRs that are essential in supporting diagnosis, preventing medical errors, and avoiding contradictory or duplicated medical treatments, for example:

  

  Allergies and Adverse Drug Reactions

  

  Prescription

  

  Laboratory and Radiology Reports

  

  Immunisation Records

• 2. Support the Development of Primary Healthcare and Service Process Management

  Expand

  Expand the scope of healthcare professionals (HCProfs) who can access health data on eHealth

  The 13 types of statutorily registered healthcare professionals currently are:

  

  Pharmacist

  

  Dentist

  

  Dental Hygienist

  

  Doctor

  

  Midwife

  

  Nurse

  

  Medical Laboratory Technologist

  

  Occupational Therapist

  

  Optometrist

  

  Radiographer

  

  Physiotherapist

  

  Chiropractor

  

  Chinese Medicine Practitioner

  

  Expand to healthcare professionals under the Department of Health's "Accredited Registers Scheme for Healthcare Professions"

  

  Speech Therapist

  

  Audiologist

  

  Dietitian

  

  Educational Psychologist

  

  Clinical Psychologist

  Expand to other specified HCProfs provide healthcare in healthcare facilities controlled or managed by the Government and the Hospital Authority (e.g. District Health Centres under the Primary Healthcare Commission, Chinese Medicine Clinics cum Training and Research Centres and The Chinese Medicine Hospital of Hong Kong).

  

  

  With citizens' consents, these HCProfs may access their health data on eHealth when providing healthcare for them.

  

  Facilitate citizens' access and use of electronic medical documents

  Providing a clear legal framework for governing electronic medical documents issued or authenticated through eHealth. Designate eHealth as the only platform for issuing certain medical documents under appropriate circumstances, in order to facilitate the centralised management and support the usage of these documents.

• 3. Supporting citizens in using healthcare services across the boundary

  Expand

  Under the condition of sufficient protection of data privacy and system security as well as due compliance with specified requirements and conditions, recognise individual HCPs and public health record systems outside Hong Kong.

  If citizens uses services at a recognised HCP outside Hong Kong, he/she can choose to authorise the HCP to access their eHealth records securely and deposit the health records of the services received into their personal eHealth account.

  HCPs outside Hong Kong can only access and deposit citizens' eHealth records when a citizen registered with eHealth provides explicit consent when using its services. Under no other circumstances will eHealth records be transmitted across the boundary.

  
• 4. Streamline the Legal Provisions for Accessing and Using eHealth Data

  Expand

  Include refining the legal provisions specify that citizens and specified categories of related persons (e.g., parents of minors and authorised caregivers) may provide to and obtain from eHealth the records of the citizen, thereby empowering citizens' self-management of health records.

  

• Patient

  Expand
  • Guardianship of Minors Ordinance (Cap. 13)
  • Immigration Ordinance (Cap. 115)
  • Mental Health Ordinance (Cap. 136)
  • Births and Deaths Registration Ordinance (Cap. 174)
  • Registration of Persons Ordinance (Cap. 177)

• Healthcare provider

  Expand
  • Hospital Authority Ordinance (Cap. 113)
  • Societies Ordinance (Cap. 151)
  • Medical Clinics Ordinance (Cap. 343)
  • Residential Care Homes (Elderly Persons) Ordinance (Cap. 459)
  • Residential Care Homes (Persons with Disabilities) Ordinance (Cap. 613)
  • Companies Ordinance (Cap. 622)
  • Private Healthcare Facilities Ordinance (Cap. 633)

• Healthcare professionals

  Expand
  • Pharmacy and Poisons Ordinance (Cap. 138)
  • Dentists Registration Ordinance (Cap. 156)
  • Ancillary Dental Workers (Dental Hygienists) Regulations (Cap. 156 sub. leg. B)
  • Medical Registration Ordinance (Cap. 161)
  • Midwives Registration Ordinance (Cap. 162)
  • Nurses Registration Ordinance (Cap. 164)
  • Medical Laboratory Technologists (Registration and Disciplinary Procedure) Regulations (Cap. 359 sub. leg. A)
  • Occupational Therapists (Registration and Disciplinary Procedure) Regulations (Cap. 359 sub. leg. B)
  • Optometrists (Registration and Disciplinary Procedure) Regulation (Cap. 359 sub. leg. F)
  • Radiographers (Registration and Disciplinary Procedure) Regulation (Cap. 359 sub. leg. H)
  • Physiotherapists (Registration and Disciplinary Procedure) Regulation (Cap. 359 sub. leg. J)
  • Chiropractors Registration Ordinance (Cap. 428)
  • Chinese Medicine Ordinance (Cap. 549)

• Others

  Expand
  • Personal Data (Privacy) Ordinance (Cap. 486)
  • Prevention and Control of Disease Ordinance (Cap. 599)

• What are the benefits of the streamlined consent mechanism?

  Expand
  • The streamlined consent mechanism facilitates private healthcare providers (HCPs) in depositing health data in citizens' personal eHealth accounts, allowing citizens to establish a more comprehensive electronic health record (eHR).
  • Citizens retain full control over their personal data and can grant individual private HCPs access to their eHealth records.
• Will the Joining Consent and Sharing Consent given by citizens before the Amendment Ordinance takes effect be affected?

  Expand
  • The Joining Consent and Sharing Consent given by citizens prior to the commencement of the Amendment Ordinance will continue to remain in effect.
  • Citizens may give the new Joining Consent after the Amendment Ordinance comes into effect to adopt the streamlined consent mechanism.
  • Citizens can opt into the streamlined consent mechanism through the eHealth App, the HCPs providing services to them, the eHealth Registration Centres, etc.
• How can citizens who have registered with eHealth give the Joining Consent and Sharing Consent under the Amendment Ordinance?

  Expand
  • Citizens who have registered with eHealth can give the Joining Consent and Sharing Consent under the Amendment Ordinance through the eHealth App, by mail, by fax, by visiting the Electronic Health Record Registration Office, or relevant HCPs.
• If citizens do not agree to the streamlined consent mechanism, will it affect their access to healthcare services?

  Expand
  • If citizens do not agree to the streamlined consent mechanism, it will not hinder their access to healthcare services.
  • The streamlined consent mechanism not only facilitates citizens in managing their personal eHR, but also enables HCPs to obtain more complete and real-time medical information, enhancing the accuracy and safety of diagnoses, ultimately providing citizens with a higher quality and more personalised healthcare service experience.
• How can HCPs support the streamlined consent mechanism?

  Expand
  • We have completed technical preparations and introduced new features in the eHealth system and/or relevant Electronic Medical Record Systems (EMRS), assisting HCPs in identifying whether citizens have given consent to individual private HCPs for depositing and/or accessing their eHealth records.
  • Private HCPs can consult their EMRS suppliers to enquire about the new features.
• After the Amendment Ordinance comes into effect, what should HCPs pay attention to when handling eHealth registration and related matters for Healthcare Recipients (HCRs) / their Substitute Decision Makers (SDMs) (If applicable)?

  Expand

  After the Amendment Ordinance comes into effect, eHealth will update the related documents. HCPs should use the latest eHealth forms (if applicable), "Participant Information Notice" and "Personal Data Collection Statement" to ensure that HCRs/their SDM read and understand the updated documents.

• Are HCPs required to deposit citizens' eHRs in eHealth after the Amendment Ordinance comes into effect on 1 December 2025?

  Expand
  • After the Amendment Ordinance takes effect on 1 December 2025, the Secretary for Health will be empowered to require specified HCPs to deposit specified important health data in the personal eHealth accounts of citizens. The specified health data, specified HCPs, and the specified period for providing the health data will be implemented later through subsidiary legislation.
  • Should there be a need to implement the requirement, we will ensure technical readiness and fully communicate with stakeholders on the detailed implementation arrangements.
  • We encourage private HCPs to adopt or upgrade to EMRS that are connected with eHealth as early as possible and deposit citizens' eHRs in their eHealth accounts, facilitating citizens to access, manage, and use such records in their healthcare journeys.
• How will the Government define specified health data? How will it ensure the accuracy and timeliness of the data deposited by HCPs?

  Expand
  • We will refer to relevant overseas experiences, the types of data currently deposited in the eHealth, the needs of HCPs and patients, and consult stakeholders to define specified health data.
  • We will revise the "Code of Practice for Using Electronic Health Record for Healthcare" as necessary in the future to provide detailed guidance for HCPs.
• How will the Government assist private HCPs in complying with the requirement to provide specified health data to eHealth?

  Expand
  • Provide technical support and collaborate with EMRS vendors and other HCPs to conduct system enhancements, thereby achieving seamless eHR sharing between private healthcare systems and eHealth.
  • Launch the eHealth+ Connectivity Support Scheme to encourage private HCPs in adopting EMRS that are connected with eHealth and deposit eHRs of citizens seamlessly with their authorisation.
  • Launch the eHealth+ Connectivity Accreditation Scheme to help citizens identify HCPs' capabilities in depositing records in eHealth, facilitating them to select suitable HCPs.
  • Explore the provision of simplified technical solutions for HCPs and healthcare professionals that are less prepared for digitalisation.
• Can citizens request HCPs not to deposit specified eHRs in eHealth?

  Expand
  • The data currently deposited in the eHealth within the scope of sharable data has been stipulated after consulting relevant professional representatives and stakeholders. To ensure the quality of healthcare and patient safety, we encourage that data within the scope of sharable data, which is readily available for review and meets the relevant standards, be deposited in citizens' eHealth accounts. This facilitates citizens and their authorised HCPs to access it when necessary. Citizens can decide whether to allow individual private HCP to view their eHealth records.
  • The Government launched the eHealth+ Connectivity Accreditation Scheme to help citizens identify HCPs' capabilities and extent in depositing records in eHealth. Citizens can choose suitable HCP after referring to the relevant information to ensure that their medical records can be deposited in their personal eHealth accounts.
• How does the Amendment Ordinance expand the scopes of healthcare professionals (HCProfs) who can access health data on eHealth?

  Expand
  • Currently, there are 13 types of statutorily registered HCProfs who can access health data in eHealth with citizens' consent. These include pharmacists, doctors, nurses, midwives, medical laboratory technologists, occupational therapists, optometrists, radiographers, physiotherapists, chiropractors, and Chinese medicine practitioners.
  • According to the Amendment Ordinance, eHealth will expand the scope of HCProfs to include HCProfs registered with an accredited professional body under the Department of Health's "Accredited Registers Scheme for Healthcare Professions". These include speech therapist, clinical psychologist, educational psychologist, audiologist, and dietitian. The expanded scope of HCProfs will also include specified HCProfs that provide healthcare in healthcare facilities managed or controlled by the Government, the Hospital Authority (HA), an HA subsidiary, or engaged by an HCP specified by the Commissioner for the Electronic Health Record, such as HCProfs providing primary healthcare services at the District Health Centres.
• How the Amendment Ordinance support and regulate cross-border sharing of medical information?

  Expand
  • The Government will, in compliance with legal regulations and under the premise of safeguarding data security and patent privacy, recognise individual HCPs and public health record systems outside Hong Kong, enabling citizens to use their eHRs across the boundary in a more convenient and secure manner.
  • If an individual citizen uses services at a recognised HCP outside Hong Kong, he/she can choose to authorise the HCP to securely access his/her eHealth records and deposit the health records into his/her personal eHealth account after receiving services, with a view to enhancing the quality and safety of cross-boundary healthcare services. HCPs outside Hong Kong can only access and deposit citizens' eHealth records when a registered citizen provides explicit consent when using its services. Under no other circumstances will eHealth records be transmitted across the boundary.
• What is the legal status of electronic medical certificates under the Amendment Ordinance? Do they regulate the issuance and use of electronic medical certificates?

  Expand
  • The Amendment Ordinance provides a legal framework to support the electronic issuance and management of electronic medical documents (such as medical certificates, prescriptions, and healthcare referrals), ensuring that these electronic documents have the same legal validity as paper documents.
  • The Government may designate eHealth as the only platform for issuing certain medical documents, centralising the management of relevant electronic medical documents, simplifying the usage process, and enhancing data integrity and security.
  • The Government will clearly regulate the issuance process of electronic medical certificates, ensuring that they are issued by qualified HCProfs through eHealth, and will adopt electronic signature technology to guarantee the authenticity and integrity of the documents.
• Have other places in the world put in place similar legislation for electronic health record (eHR) as in Hong Kong?

  Expand
  1. eHR launched around the world in general are under protection of privacy acts.
  2. Some countries include relevant amendments in their health-related acts (e.g. Health and Social Care Act 2012 in United Kingdom).
  3. Some countries put in place specific health information acts (e.g. Health Information Act 2001 in Alberta, Canada) and put in relevant amendments in its privacy act (e.g. Personal Information Act in British Columbia, Canada).
  4. Some countries put in place eHR specific legislation for its system (e.g. Personally Controlled Electronic Health Record System in Australia, i.e. the PCEHR Act 2012).
• Are the operation and uses of data in the Electronic Health Record Sharing System (eHealth) subject to Personal Data (Privacy) Ordinance (Cap. 486) (PDPO)? What are the differences between the regulations under PDPO and eHRSSO?

  Expand
  1. PDPO is applicable for personal data contained in eHealth.
  2. Definition of "minor" is a person below 16 years of age in eHRSSO, whereas it is under 18 years of age under PDPO.
  3. Regarding the execution of duties for Data Correction Request (DCR) under PDPO, eHRSSO sets out that the Commissioner for the Electronic Health Record (eHRC) can make and annex a note when the healthcare provider who provides eHealth the data that is under data correction request by the requestor is unable to comply with requirements under PDPO.
• What are the levels of penalties for offences under eHRSSO?

  Expand
  1. Knowingly obtain unauthorised access to, damage or modify data or information contained in an eHR
     1. Unauthorised access to data in eHR; penalty HK$100,000
     2. Damage or modification of data in eHR; imprisonment for 2 years
     3. Unauthorised access to, modification or impairment to accessibility, reliability, security or processing of data in eHR with criminal or dishonest intent; imprisonment for 5 years
  2. Knowingly impairs operation of eHealth; imprisonment for 10 years
  3. Evade a data access request or data correction request by altering, falsifying or destroying the data or information contained in an eHR; penalty HK$100,000
  4. Knowingly makes an untrue statement to enable the person to give a joining consent or sharing consent; penalty HK$100,000
  5. Knowingly contravenes a condition for research or statistic; penalty HK$100,000
  6. Uses another person's data or information contained in an eHR or a copy for direct marketing
     1. Directing marketing - uses; penalty HK$500,000 and imprisonment for 3 years
     2. Directing marketing - provides; penalty HK$500,000 and imprisonment for 3 years (not for gain); penalty HK$1,000,000 and imprisonment for 5 years (for gain)