Enhancing patient privacy protection under Hong Kong's Electronic Health Record Sharing System

While it is true that the expanded use of health information and electronic health records (eHRs) can help deliver better healthcare, there remains the need to reconcile citizens' legitimate concerns for privacy protection and confidentiality in the use of their personal health data, and the potential for violation of their privacy. Under the Hong Kong's Electronic Health Record Sharing System (eHRSS), the eHR of the individual patient can be accessed and shared between healthcare providers for health-related purposes. Although the Electronic Health Record Sharing Ordinance (Cap 625) (the eHRSSO) and the Personal Data (Privacy) Ordinance (Cap 486) (the 'PD(P)O) provide protection for personal data and patients' privacy, the eHRSS has come under greater scrutiny given the rise in data breaches experienced globally and in Hong Kong. The article's objective is twofold. It first examines the eHRSS specifically with regard to some of the more pertinent provisions of the eHRSSO and the PD(P)O, to critically evaluate the extent to which these provisions ensure and protect patient privacy. Thence if offers suggestions and recommendations as to how protection for patient privacy can be enhanced and, indeed, altogether better ensured.