The access right of each the Electronic Health Record Sharing System (eHealth) user is assigned according to his / her roles and duties in delivering patient care. Each user should only use his / her own account to access eHealth. Below are some tips to help users and user administrators manage the user accounts properly when using eHealth.
Tips for eHealth account user
- The user account assigned to you belongs to you only. Do not disclose or share your user name and password
- Change your assigned password immediately after first time log-in. Set a strong password and change it regularly
- Keep your account login information safe (e.g. avoid writing down your password)
- Log out eHealth after use
- Report suspicious access to eHR RO or the HCP you are working for immediately
Tips for user administrator
- Assign individual account for each user and ensure proper use of any means of security log-in measures or devices (e.g. log-in password)
- Ensure only authorised healthcare professionals can access patients' eHRs
- Update user information timely
- Close account for departed user timely
- Record and manage access rights assigned to each authorised user according to his / her roles and duties
- Report suspicious access to eHR RO or the HCP you are working for immediately
To safeguard data privacy, all accesses by users to eHealth will be logged and are subject to audit and inspection. Patient will also receive notification through his / her selected communication means (SMS / email / postal mail) whenever his / her eHRs has been accessed.
Related information
- Safe Use of User Account Leaflet
- Code of Practice for Using Electronic Health Record for Healthcare
- Roles and Responsibilities of User Administrator in eHRSS
- User Account Creation Request Form
- Cyber Security Tips
- Electronic Health Record Sharing System and Your Personal Data Privacy (10 Privacy Protection Tips)
- Personal Data (Privacy) Ordinance and Electronic Health Record Sharing System (Points to Note for Healthcare Providers and Healthcare Professionals)
Frequently asked questions
-
It is a common practice in my clinic / hospital that clerical (or nursing) colleague will share the clinician's clinical system user account to access and print information of patient to facilitate the consultation. Is it acceptable to share account to access eHealth?Expand
- eHealth user account is on individual user basis.
- For security and privacy concern, sharing of user account is not allowed.
- Each access is logged and subject to audit and the patient may receive notification of their records being accessed.
-
What should I do if my eHealth security token is lost?Expand
You should immediately report to the HCP you are working for or the eHR RO via the HCP Hotline at (852) 3467 6230. (After language selection, please press "2" for eHR account management, then input your Hong Kong identity card number for identity authentication. Next, please press "3" to report loss of security token.)
After reporting loss, your security token can no longer be used by anyone possessing it. Please contact the user administrator of your HCP to change the Second Authentication Factor to One-Time Password and unlock the account for you.