Protection of data privacy and system security

Given the sensitive nature of health data, we attach paramount importance to data privacy and system security of the Electronic Health Record Sharing System (eHealth), and have put great effort to safeguard them. In addition to the establishment of an eHealth-specific legislation, security measures are implemented in technical and operational aspects.

  • Role-based access control
    Role-based Access Control

    It is a built-in differentiated access control to regulate the access of authorised healthcare professionals, with features as follows:

    1. Different authorised healthcare providers have different levels of access to data and functions.
    2. Pre-defined differentiated access rights set in accordance with the clinical need or function of different healthcare professionals.
    3. Access to parts of electronic health record (eHR) only relevant to their professional service under the "need-to-know" principle.
    4. All access will be logged properly and subject to audit and inspection.
  • Data validation and encryption
    Data Validation and Encryption
    1. Imported eHR data will be validated to avoid inputting errors.
    2. Important patient demographic data such as HK identity card number, date of birth and sex, and other significant data like drug code will all be validated.
    3. All eHR data in the databases, files, archives and during transmission is encrypted.
    4. High-security encryption will be applied to guard against unauthorised access.
  • Authentication of patients and healthcare providers
    Authentication of Patients and Healthcare Providers


    1. Identified by a centralised Person Master Index to ensure health data are correctly associated with individual concerned.
    2. Authenticated patients properly for giving consent and authorisation.

    Healthcare providers

    1. Identified and authenticated through a centralised database to ensure eHR data uploaded are attributed correctly.
    2. All activities through the eHealth, including access and changes to data, are logged properly.
    3. Verify the professional status of all healthcare professionals participating in eHR sharing.
  • Security monitoring and audit
    Security Monitoring and Audit

    Healthcare providers

    1. Perform regular audits on their own electronic medical record / electronic patient record (eMR / ePR) systems.
    2. Mitigate any security breaches or loopholes and report to eHR Commissioner promptly.
    3. Log all access to the eHealth to facilitate regular or random audits.

    eHR Commissioner

    1. Perform security audits on the eMR / ePR systems and the internal access control of healthcare providers.
    2. Suggest mitigating measures for healthcare providers.
  • Access notification to patients
    Access notification to patients

    Patients will receive notification via short message service (SMS) or other means under the following scenarios -

    1. Access to patient's eHR with consent.
    2. Access to patient's eHR which is under restricted control with additional consent*.
    3. Attempt to access patient's eHR after expiry of patient's consent to healthcare providers.
    4. Access to patient's eHR without consent under exceptional circumstances (e.g. emergency situations).
    5. Security concern that may affect patient's eHR.
    *Applicable to healthcare professionals in the community only, system will send an additional notification to the patient after access
  • Restricted downloading of electronic health record (eHR) data
    Restricted downloading of eHR data
    1. To minimise the risk of data leakage, downloading of eHR data is restricted.
    2. Only Person Master Index data and allergy / adverse reaction information can be downloaded as they are essential to seamless authentication of patients and vital clinical decision support.
    3. Other eHR data, such as diagnosis and episode summary, can only be viewed from the eHealth, but not downloaded.
  • Safeguard the patient rights
    Safeguard the patient pights
    1. Patient Information Notice will be provided to patient.
    2. Healthcare providers can only share patients' eHR data with their express and informed consent.
    3. Patients or their substitute decision makers may request for data access and correction.

eHealth Quiz Challenge

Frequently asked questions

  • What is "patient-under-care"?
    1. Any authorised user of eHealth shall only access information of any patient for providing healthcare.
    2. Healthcare may include activities performed by a healthcare professional for assessing, recording, maintaining or improving the health, diagnosing and treating an individual.
  • What is "need-to-know"?
    1. Any authorised user of eHealth shall only access information of any patient he / she needs to know in the course of providing healthcare to the patient.
    2. Need-to-know for different users shall be justified according to their roles in providing care to the patient.
  • Who can access my eHR and what kind of information can be accessed?
    1. Only staff who works under healthcare providers with your sharing consent, providing you healthcare and with the need-to-know will be allowed to access your health information. All access will be logged and you will receive notification through the communication means you chose whenever your eHR is accessed.
    2. Only the healthcare professional staff taking care of you is allowed to access your health record and on a need-to-know basis.
    3. Administrative staff is not allowed to view health records of patients and can only have limited access rights to personal particulars used for patient registration.
  • What measures are in place to ensure security of eHealth?
    1. Technical facilities (e.g. anti-virus, intrusion detection / prevention, firewall, data encryption, user authentication, digital certificates etc.) provide necessary protection to eHealth.
    2. All access activities will be logged in eHealth to allow detection and tracking of improper data access.
    3. Security policies and control procedures are established and appropriate technologies are also employed to safeguard data security and minimise the risk of leakage of personal health data.
    4. Security risk assessment and audit on eHealth are arranged to ensure that eHealth are properly protected against prevailing security threats.
    5. eMR systems of healthcare providers are registered and security compliance is required for their connection to eHealth.
    6. Code of Practice, procedures, guidelines and briefings are provided to healthcare providers and their staff for security awareness, and assist them in properly accessing to and using patient's information.