Hidden Title

  back to main page

Guides on Proper and Secure Use of eHRSS

a lock on a notebook

The Electronic Health Record (eHR) Office has recently drummed up publicity and education surrounding the security and management of the Electronic Health Record Sharing System (eHRSS) accounts. Collaterals and guides have been released to strengthen understanding of how to use eHRSS properly and securely.


Patient privacy and data security have always been the top priorities in eHRSS operation, and healthcare providers have indispensable roles and responsibilities in this respect. While eHRSS has built in strong security measures to protect data privacy, every account user and user administrator of eHRSS is obliged to protect the security and privacy of patients’ health records by observing proper use and management of their accounts, and accesses to data and information in the system. They need to also beware of and take appropriate measures to guard against potential security threats to ensure that patients’ records will not be compromised.

a protecter hand caught a thief hand
Unauthorised access to eHRSS is unlawful and strictly prohibited
Useful Tips on eHRSS User Account Management
Each authorised user of eHRSS is assigned a unique account for accessing the system according to his/ her roles and duties in delivering patient care. As one of the major rules to safeguard eHRSS data privacy and minimise security risks, a user should access eHRSS only with his/ her own account. Below are some important tips for account users and user administrators -
Tips for eHRSS Account Users
  Don’t disclose or share user name, password and security token
  Keep account login information and security token safe (e.g. avoid writing down the password)
  Report lost security token and suspicious access immediately
Tips for User Administrators
  Ensure only authorised healthcare professionals (HCProfs) can access patients’ eHRs
  Close the accounts of departed users timely
  Report suspicious access immediately

An e-leaflet highlighting the above messages has been produced for HCPs’ reference. Entitled "Keep Your User Account Safe", the e-leaflet can be viewed and downloaded at the eHRSS website.

Cyber Security Tips

To help HCPs protect patients’ information and eHRs when using computers connected to eHRSS via the Internet, a new "Cyber Security Tips" corner has been set up on the eHRSS website to provide some useful tips and reference information on cyber security. Apart from general advice, specific tips on the following are covered:

  prevent malware infection
  defend against ransomware attacks
  secure mobile devices
  prepare for security incident handling


An e-leaflet highlighting the above messages
Frequently Asked Questions
The Frequently Asked Questions page of the eHRSS website has also been enriched to include common questions from HCPs and HCProfs regarding the use of eHRSS accounts and security requirements. To know more, please visit the below pages -
Use of eHRSS by HCProfs


Operation and Security


Download eHealth News (PDF Version)

ehrss updates
Read next
eHRSS Updates
Ms Clara Cheung
Keeping eHRSS and Your Electronic Medical Records Safe from Cyber Security Threats
Cyber security on eHRSS
Mr Edmond Lai
Cyber Security in Healthcare
Mitigating cyber security risks in the healthcare sector
six difference people
Building and Experiencing the User-Centric Patient Portal
Patient Portal design and usability review
a small city in a 'heart' shape
eHRSS for District Health Centres
A key enabler for DHC service delivery
ehrss updates
eHRSS Updates
Latest publicity and engagement activities
a maze
Fun Quiz
Chance to win a prize
Download Previous eHealth News
subscribe ehealth newsletter

Explanation of WCAG 2.0 Level Double-A Conformance