System Security - Paramount Importance at eHRSS

Role-based Access at a Glance

Healthcare providers can only access the health data of patients under their care with patients' consent. Role-based access control is built in the eHRSS in accordance with the clinical needs and functions of different role-based users. At the initial stage of eHR sharing, healthcare providers can give their doctors, nurses and dentists access rights to personal particulars and health records of patients under their care. Administrative users are not allowed to view health records of patients and can only have limited access rights to personal particulars used for patient registration. When accessing the eHRSS, all healthcare users must first be authenticated by a combination of identification means such as password, digital certificate or authentication token. eHRSS will also verify their professional status through a central database before allowing access.

Audit Control and Access Notification

All access activities will be logged in the eHRSS to allow detection and tracking of improper data access. The eHRSS will also send notifications to patients through short message service (SMS) or email whenever their eHealth Records are accessed. This can help alerting patients on any unauthorised access of their eHealth Records.

Restricted Downloading

As many security incidents are caused by data downloading and subsequent improper handling/use of data, downloading of health data from the eHRSS is mostly restricted in principle to minimise the risk of data leakage and/or misuse. However, limited downloading of health data such as Participant Master Index and allergy/ adverse drug reaction data is allowed for healthcare providers for patient management and essential clinical decisions.

Read next Fun Quiz - Chance to Win a Prize

Last revision date: 30 May 2015