Enhancing patient privacy protection under Hong Kong's Electronic Health Record Sharing System

Rebecca Ong, Sandy Sabapathy

Research output: Journal article publicationJournal articleAcademic researchpeer-review


While it is true that the expanded use of health information and electronic health records (eHRs) can help deliver better healthcare, there remains the need to reconcile citizens’ legitimate concerns for privacy protection and confidentiality in the use of their personal health data, and the potential for violation of their privacy. Under the Hong Kong’s Electronic Health Record Sharing System (eHRSS), the eHR of the individual patient can be accessed and shared between healthcare providers for healthcare-related purposes. Although the Electronic Health Record Sharing System Ordinance (Cap 625) (the ‘eHRSSO’) and the Personal Data (Privacy) Ordinance (Cap 486) (the ‘PD(P)O’) provide protection for personal data and patients’ privacy, the eHRSS has come under greater scrutiny given the rise in data breaches experienced globally and in Hong Kong. The article’s objective is twofold. It first examines the eHRSS specifically with regard to some of the more pertinent provisions of the eHRSSO and the PD(P)O, to critically evaluate the extent to which these provisions ensure and protect patient privacy. Thence it offers suggestions and recommendations as to how protection for patient privacy can be enhanced and, indeed, altogether better ensured.

Keywords electronic health record sharing, patient’s privacy, patient’s autonomy, confidentiality, consent
Original languageEnglish
Pages (from-to)4-30
Number of pages27
JournalCommon Law World Review
Issue number1
Publication statusPublished - 9 Apr 2020

Cite this