Privacy Policy Statement

Policy

The Electronic Health System (eHealth) is established under the Electronic Health System Ordinance (Cap. 625) (eHealth Ordinance). It is operated by the Electronic Health Record (eHR) Office, which is under the Health Bureau and led by the Commissioner for the Electronic Health Record (eHRC). The eHR Office shall commit and take reasonably practicable steps to protect the privacy, confidentiality and security of the personal information in accordance with the requirements of the Personal Data (Privacy) Ordinance (Cap. 486) (PD(P)O) and the guidance provided in the information leaflets and other publications issued by the Office of the Privacy Commissioner for Personal Data as well as any other relevant requirements under the laws of Hong Kong.

Practice

As all personal data contained in eHealth is sensitive data requiring appropriate care and protection, eHR Office has adopted a series of policies, guidelines and best practices for the collection, retention, uses, disclosure, protection and access and correction of personal data contained in the eHealth to ensure compliance with the law:

Collection of personal data

Personal information may be collected from healthcare recipients (HCRs), substitute decision makers (SDMs) or authorized persons (APs) of HCRs, healthcare providers (HCPs) and authorised users for particular purposes.
Personal data for identifying and contacting the persons concerned (e.g. name, identity document number, contact information, etc.) will be collected upon their registration in eHealth.
Personal health data of any HCR in eHealth may only be obtained by the HCPs with sharing consent¹ given voluntarily by the HCR, or their SDM or taken to be given by them under the eHealth Ordinance.
Categories of personal health data collected and shared in eHealth are specified by the eHR Office.
Please make sure that the personal data provided to us is accurate and complete. Failure to provide accurate, complete and current information may affect our provision of services.

Retention of personal data

The personal data retained in eHealth will be used as permitted in accordance with the eHealth Ordinance. Different retention periods are applied to different kinds of personal data collected and held by eHealth in accordance with its Data Retention Policy defined by the eHR Office.
Personal data which is no longer necessary for the purpose for which it is to be used will be erased.

Uses of personal data

Any personal data retained in eHealth will be used as permitted in accordance with the eHealth Ordinance for:

improvement of efficiency, quality, continuity or integration of healthcare provided to the HCR;
ascertaining whether the HCR has made an advance medical directive;
- if the HCR has made an advance medical directive, for assessing whether an instruction in the directive is valid and applicable; or following a valid and applicable instruction in the directive;
research and statistics that are relevant to public health, public safety or the development of medicine, medical treatments or medical devices² ;
disease prevention, control and surveillance by the Department of Health, the Hospital Authority or a health officer under Prevention and Control of Disease Ordinance (Cap. 599);
carrying out of emergency rescue operations or the provision of emergency relief services;
the enrollment of the HCR in any health care programme authorised by the Government in which the HCR has consented to participate; or for administration or for evaluation of such a programme;
formulation of public policies; and
such purposes of use as permitted by or under the laws of Hong Kong, e.g. uses of handling registration or withdrawal in eHealth, court proceedings, criminal investigation, etc.

Disclosure of personal data

Personal data collected may be disclosed, for the purposes described above, to third parties including but not limited to:

HCPs who have obtained sharing consent from the persons for sharing of their personal data for healthcare;
eligible person for use in connection with advance medical directives in accordance with the requirements of the Advance Decision on Life-sustaining Treatment Ordinance (Cap. 651)³ ;
persons approved for carrying out research , or preparing statistics, that are relevant to public health, public safety or the development of medicine, medical treatments or medical devices in accordance with the requirements under the eHealth Ordinance;
the Department of Health, the Hospital Authority or a health officer under Prevention and Control of Disease Ordinance (Cap. 599) to carry out disease prevention, control and surveillance;
HCPs for or in connection with the carrying out of emergency rescue operations or the provision of emergency relief services;
an officer of the Government or a person authorised by the eHRC for (i) enrolment of the HCR in any health care programme authorised by the Government in which the HCR has consented to participate; (b) administration of such a programme; or (c) evaluation of such a programme;
an officer of the Government or a person authorised by the eHRC for the formulation of public policies;
person to whom the eHRC is required to make disclosure under any law or court order applicable in Hong Kong, e.g. court proceedings, criminal investigation, referral to authority for investigation, etc.;
person to whom the eHRC is required to make disclosure when necessary in the public interest;
person or entity whom the eHRC may appoint in writing to assist in performing a function and exercising a power of eHRC pursuant to eHealth Ordinance; and
personnel, agent, adviser, auditor, contractor or service provider engaged by the eHR Office to provide services or advice (e.g. technical, security or data processing service…etc.) in connection with the operations of eHealth.

Security of personal data

The eHR Office will take reasonably practicable steps to ensure the security of personal data and to protect it against any unauthorised or accidental access, processing, erasure, loss or use.

Sharing of information from minors or persons who are incapable of giving consent

If the HCR is a minor or a person aged 16 or above and is incapable of giving consent, the joining consent⁴ and sharing consent of this HCR should be given by the appropriate SDM as required under the eHealth Ordinance.

Outsourcing arrangements

eHealth is developed and maintained by the eHR Office. Any third-party service provider will not have access to personal data stored in the eHealth except when such access is carried out under the supervision of the eHR Office or a contractual agreement with the eHR Office, whereby clear security and confidentiality requirements and obligations exist and such arrangements shall comply with the requirements under Data Protection Principle (DPP)2(3) and DPP4(2) of the PD(P)O.

Data Access Request (DAR) and Data Correction Request (DCR)

Any person, or a relevant person on behalf of the person, may make a request to be informed whether his / her personal data is held and, if such personal data is held, to be supplied a copy of such personal data, and a correction of inaccuracy (if any) in the eHealth in accordance with the PD(P)O.
Requestors for DAR and/or DCR are advised to use the relevant request forms for supplying necessary information in relation to the requests.
A non-excessive fee is chargeable by the eHR Office for complying with a DAR.
When handling a DAR or DCR, the eHR Office will check the identity of the requestor to ensure that he/she is the person legally entitled to make such request.
Please note that the eHR Office may refuse to comply with a DAR and/or DCR in the circumstances specified in the PD(P)O.
DCR for HCR’s personal data (e.g. name, identity document number, date of birth and gender, etc.) in eHealth may be handled by either the eHRC or any registered HCPs with registration function according to the relevant guidelines issued by the eHRC.
DCR for health data of the HCR in eHealth will be referred to and handled by the respective HCP who has contributed such data to eHealth.

A person can submit DAR and DCR to:

Electronic Health Record Registration Office

Address:	Unit 1102, 11/F, Harbourside HQ, 8 Lam Chak Street, Kowloon Bay, Hong Kong
Hotline:	(852) 3467 6300
Fax:	(852) 3467 6099
Email:	ehr@ehealth.gov.hk

Enquiries

Enquiries concerning this Privacy Policy Statement shall be addressed to:

Data Protection Officer
Electronic Health Record Registration Office

Address:	Unit 1102, 11/F, Harbourside HQ, 8 Lam Chak Street, Kowloon Bay, Hong Kong
Hotline:	(852) 3467 6300
Fax:	(852) 3467 6099
Email:	ehr@ehealth.gov.hk

We keep our privacy policy statement under regular review. This statement was last updated on 1 December 2025.

¹Sharing consent given to a HCP or recognized non-Hong Kong public health record system by the HCR or their SDM (if applicable) is to allow (i) the relevant HCP to obtain from eHealth any sharable data of the HCR; (ii) the relevant HCP to provide to a referral HCP any sharable data of the HCR relevant to the healthcare referral; (iii) a referral HCP to obtain from eHealth any sharable data of the HCR relevant to the healthcare referral; (iv) any sharable data of the HCR kept in eHealth to be provided to the recognized non-Hong Kong public health record system. ²Section 29 of the eHealth Ordinance has not yet come into operation. ³The Advance Decision on Life-sustaining Treatment Ordinance (Cap. 651) has not yet come into operation. ⁴Joining consent given by the HCR or their SDM (if applicable) is to (i) allow the eHRC to obtain from a HCP or a recognized non-Hong Kong public health record system any sharable data of the HCR; (ii) allow the eHRC to obtain from a specified HCP any specified health data of the HCR; (iii) allow the eHRC to provide to a HCP or a recognized non-Hong Kong public health record system to which the HCR or the SDM has given a sharing consent any sharable data of the HCR; (iv) if a HCP has made a healthcare referral to another HCP, allow the eHRC to provide to that other HCP any sharable data of the HCR relevant to the healthcare referral; (v) allow a HCP or a recognized non-Hong Kong public health record system to provide to eHealth any sharable data of the HCR.