Enhancing patient privacy protection under Hong Kong's Electronic Health Record Sharing System

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review

View graph of relations


Related Research Unit(s)


Original languageEnglish
Pages (from-to)4-30
Number of pages27
Journal / PublicationCommon Law World Review
Issue number1
Publication statusPublished - Mar 2020


While it is true that the expanded use of health information and electronic health records (eHRs) can help deliver better healthcare, there remains the need to reconcile citizens' legitimate concerns for privacy protection and confidentiality in the use of their personal health data, and the potential for violation of their privacy. Under the Hong Kong's Electronic Health Record Sharing System (eHRSS), the eHR of the individual patient can be accessed and shared between healthcare providers for health-related purposes. Although the Electronic Health Record Sharing Ordinance (Cap 625) (the eHRSSO) and the Personal Data (Privacy) Ordinance (Cap 486) (the 'PD(P)O) provide protection for personal data and patients' privacy, the eHRSS has come under greater scrutiny given the rise in data breaches experienced globally and in Hong Kong. The article's objective is twofold. It first examines the eHRSS specifically with regard to some of the more pertinent provisions of the eHRSSO and the PD(P)O, to critically evaluate the extent to which these provisions ensure and protect patient privacy. Thence if offers suggestions and recommendations as to how protection for patient privacy can be enhanced and, indeed, altogether better ensured.

Research Area(s)

  • electronic health record sharing, patient’s privacy, patient’s autonomy, confidentiality, consent