Guides on Proper and Secure Use of eHRSS

6 allied health professionals standing

The Electronic Health Record (eHR) Office has recently drummed up publicity and education surrounding the security and management of the Electronic Health Record Sharing System (eHRSS) accounts. Collaterals and guides have been released to strengthen understanding of how to use eHRSS properly and securely.
Patient privacy and data security have always been the top priorities in eHRSS operation, and healthcare providers have indispensable roles and responsibilities in this respect. While eHRSS has built in strong security measures to protect data privacy, every account user and user administrator of eHRSS is obliged to protect the security and privacy of patients’ health records by observing proper use and management of their accounts, and accesses to data and information in the system. They need to also beware of and take appropriate measures to guard against potential security threats to ensure that patients’ records will not be compromised.
 
Unauthorised access to eHRSS is unlawful and strictly prohibited
 
Useful Tips on eHRSS User Account Management
Each authorised user of eHRSS is assigned a unique account for accessing the system according to his/ her roles and duties in delivering patient care. As one of the major rules to safeguard eHRSS data privacy and minimise security risks, a user should access eHRSS only with his/ her own account. Below are some important tips for account users and user administrators -
 
  •  
   Don’t disclose or share user name, password and security token
  •  
   Keep account login information and security token safe (e.g. avoid writing down the password)
  •  
   Report lost security token and suspicious access immediately
 
  •  
   Ensure only authorised healthcare professionals (HCProfs) can access patients’ eHRs
  •  
   Close the accounts for departed user timely
  •  
   Report suspicious access immediately
 
An e-leaflet highlighting the above messages has been produced for HCPs’ reference. Entitled "Keep Your User Account Safe", the e-leaflet can be viewed and downloaded at the eHRSS website.
 
 
Cyber Security Tips
To help HCPs protect patients’ information and eHRs when using computers connected to eHRSS via the Internet, a new "Cyber Security Tips" corner has been set up on the eHRSS website to provide some useful tips and reference information on cyber security. Apart from general advice, specific tips on the following are covered:
 
  •  
   prevent malware infection
  •  
   defend against ransomware attacks
  •  
   secure mobile devices
  •  
   prepare for security incident handling
 
Frequently Asked Questions
The Frequently Asked Questions page of the eHRSS website has also been enriched to include common questions from HCPs and HCProfs regarding the use of eHRSS accounts and security requirements. To know more, please visit the below pages -
 
Use of eHRSS by HCProfs

https://www.ehealth.gov.hk/en/healthcare-provider-and-professional/support/technical-support/view-eHRs.html
 
Operation and Security

https://www..ehealth.gov.hk/en/whats-ehealth/security-and-privacy.html
 
Download eHealth News (PDF Version)

Read next
eHRSS Updates
BackTop