|
Access to the Electronic Health Record Sharing System (eHRSS) by different groups of
healthcare professionals (HCProfs) are enabled by phases. Starting from September 2017,
access has been gradually extended to 6 more groups of HCProfs of the Hospital Authority
(HA), the Department of Health (DH), and all of the 12 local private hospitals. |
|
|
|
Six new groups of HCProfs, including pharmacists, medical laboratory technologists, occupational
therapists, optometrists, radiographers and physiotherapists of HA, DH and private hospitals are now able
to access eHRSS.
|
|
Together with doctors, nurses (including midwives) and dentists who already have eHRSS access at the
initial launch of the system, 10 among the 13 groups of HCProfs specified in the eHRSS Ordinance (Cap
625) now have access right upon obtaining patients’ consent by the corresponding healthcare providers
(HCPs).
|
|
|
|
Access to eHRSS by the 6 new groups of HCProfs in the community, as well as the remaining groups,
namely, dental hygienists, chiropractors and Chinese medicine practitioners, will be enabled at later
stages.
|
|
|
|
More details can be found at
|
http://www.ehealth.gov.hk/en/whats-ehealth/who-can-join.html
|
Obtaining eHR Access
|
|
Participation in eHRSS is on an HCP basis. To obtain access to electronic health records (eHRs) in the system, HCProfs with valid registration status can apply to the HCPs they are working for. The HCPs will then create accounts and grant access right to their HCProfs according to the role-based access control mechanism. HCPs must first obtain consent from patients before HCProfs can access the eHRs of patients under their care on a need-to-know basis.
|
|
Role-based Access Control
|
|
Role-based Access Control is a privacy protection measure related to which types of HCProfs have access rights to which types of data relevant and necessary for providing healthcare to patients. Below are the main features -
|
|
|
Different groups of authorised HCProfs have
different levels of access to data and
functions.
|
|
|
|
|
|
Differentiated access rights are set in
accordance with the clinical need or function
of different groups of HCProfs.
|
|
|
|
|
|
|
|
Access by HCProfs are only allowed to parts of
eHRs that are relevant to their professional
service under the “need-to-know” principle.
|
|
|
|
|
|
All accesses will be logged and subject to
audit and inspection.
|
|
|
|
|
|
How has Role-based Access Control been defined?
|
|
|
|
Drawing on the clinical expertise of different healthcare professions and advice from data standard
experts through task force, domain groups and committees
|
|
|
|
|
|
Seeking the opinions of relevant boards and councils
|
|
|
|
|
|
Engaging key stakeholders including healthcare professional bodies and patient groups
|
|
|
|
|
The latest access rights for different groups of HCProfs are listed at the eHRSS website at |
http://www.ehealth.gov.hk/en/whats-ehealth/access-control.html
|
The access rights will be reviewed from time to time in the light of feedback from HCProfs and patients, the
future addition of new data domains to the eHRSS sharable scope, and other latest development in the
Stage 2 eHR programme.
|
|
|
|