Looking to the e-future – sharing medical records online
The Government’s Electronic Health Record Sharing System (eHRSS) commenced operation on 13 March 2016, providing a platform for medical record sharing between public and private healthcare organisations.
The Government’s Electronic Health Record Sharing System (eHRSS) commenced operation on 13 March 2016, providing a platform for medical record sharing between public and private healthcare organisations. eHRSS has the potential to improve the efficiency of medical practice but, in view of the sensitive nature of the health data collected, stored and shared, doctors must take care to manage the associated risks of online record sharing.
An overview of eHRSS
Currently in Hong Kong, health-related and medical data are created by different healthcare providers at different locations and in different formats. Whilst the Hospital Authority has an electronic medical/patient record, which is accessible by various government hospitals and clinics, a large amount of data is still being kept in paper form. Where healthcare providers have an Electronic Health Record (eHR) system, such systems are generally not capable of data sharing on a large scale, if at all.
The objectives of eHRSS are to enhance continuity of care, promote public-private partnership and improve the quality and efficiency of healthcare service delivery in Hong Kong.
eHRSS is a voluntary system, where patients can register free of charge and consent to their personal health data being accessible to authorised healthcare providers. Upon joining eHRSS, and in consenting to their personal health data being accessible to authorised healthcare providers, patients agree to let a particular healthcare provider view and upload their health records. Patients also agree to the Hospital Authority and Department of Health viewing and uploading their health records.
The key benefits of eHRSS are to enable access to patients’ up to date medical history, reducing duplication of tests, minimising prescription risks, saving investigation time and making healthcare services more efficient.
What you need to know
How to join - eHRSS registration requires a private clinic to join eHRSS and the doctors working at the clinic have to register as a healthcare professional under that clinic. To get access to the eHRSS of another healthcare provider, a Visiting Medical Officer needs to register as a healthcare professional under that other healthcare provider. A group practice can register all or individual healthcare service locations in eHRSS.
Consent to access records - As a participating healthcare provider you will not be automatically granted access and be able to read the data of all registered patients. To safeguard the privacy of data of patients, you must first obtain consent to view and also upload eHR data from either the patient or a substitute decision maker, where the patient is a minor or lacks mental capacity to consent on his own behalf. Consent may be given for one-year or an indefinite term. Consent may be revoked at any time, with the exception of consent given to Hospital Authority and Department of Health.
Points to note when downloading information from eHRSS - Only healthcare recipient’s personal identification information and allergy/adverse reaction information, which are necessary for clinical record management and to support decision making, can be downloaded from eHRSS to local systems of healthcare providers.
The health data contained in the eHR constitutes personal data under the Personal Data (Privacy) Ordinance (Cap 486) and practitioners have a duty to ensure such eHR is kept secure and confidential, with access restricted to a healthcare professional performing “healthcare”, defined as an activity performed for assessing, recording, maintaining or improving an individual’s health, diagnosing an illness/disability or treating an individual’s illness/disability or suspected illness/disability.
Healthcare professionals must exercise professional judgment to interpret the information in eHRSS and to consider how much information should be accessed for reference purposes. The liability of any medical incidents resulting from the unauthorised downloading and leakage of health data will be judged on a case-by-case basis. Not all data in the clinical records will be uploaded. Only such data as is necessary and beneficial for the continuity of healthcare. Data that fall outside the eHR sharable scope, such as billing and insurance plan information, should not be uploaded, stored and shared through eHRSS.
How to access - An eHR-compatible computer system connected to the internet is sufficient for accessing eHRSS and the government is offering free clinic management software (CMS On-ramp) to healthcare providers and CMS Adaptation Modules are available to support the operation of clinics and hospitals to enable safe access to eHRSS. The government will coordinate training programmes for healthcare providers and eHR service providers. Government-developed software is not mandatory and healthcare providers’ electronic medical record systems can be connected to eHRSS if their systems comply with technical and security requirements.
Recommendations to protect the personal data and privacy of patients who join eHRSS - all participating healthcare providers are required to install secured communication modules to connect to eHRSS. Systems should be in place to ensure health data on the system is accurate and up to date, consents to record sharing are valid and only data within the shareable scope are uploaded.
Records and terms of consent to record sharing should be frequently monitored to prevent liability resulting from breaches of data privacy and professional misconduct complaints and disciplinary action.
The eHRSS has the potential to improve the efficiency of medical practices. We advise healthcare providers to make use of the government’s resources, training and technical support to ensure the system is secure and staff receive necessary training to minimise the associated security risks.