Patient data sharing in Hong Kong gaining traction, but challenges remain

Hong Kong’s electronic health record system enabled data sharing across providers, but privacy and security fears linger

Electronic health record (eHR) systems have shown clear benefits in healthcare. With each electronic health record file acting as a longitudinal, life-long record of an individual patient – detailing the patient’s medical history, test results and medication regime – such systems can help enable timely diagnosis and treatment, and reduce duplicate diagnostic tests.

This is especially useful amidst the trend of “doctor-hopping”, where certain patients tend to visit multiple practitioners. Equipping clinicians with the patient’s history, diagnoses and treatments prescribed by prior clinicians, would help to provide a clearer picture, as well as the crucial context data required to guide effective clinical decisions.

To this end, many countries have implemented nationwide eHR systems over the past decade. In Hong Kong, the government-led Electronic Health Record Sharing System (eHRSS) was launched in 2016 – the aim of this system was to facilitate access and sharing of participating patients’ records between authorised healthcare organisations across public and private sectors.

The power of data

While all public hospitals – which are centrally managed by Hospital Authority – were part of this scheme, participation by private hospitals is not mandatory, though they are strongly encouraged to join.

Canossa Hospital (Caritas) was one of the first private hospitals in Hong Kong to step forward and participate in the programme in 2016.

Mr CW So
Mr So, Head of IT at Canossa

“With the launch of eHRSS, private hospitals can play a role by contributing its patients’ health records through a common and secure platform. This can benefit the patients who frequently use both public and private healthcare services,” said Mr CW So, Head of IT at Canossa.

This partnership between public and private healthcare providers to share patient data led to a win-win solution for both clinicians and patients. The current eHRSS allows the sharing of nine key areas of data, such as allergies and adverse drug reactions, past appointments and major diagnostic findings, as well as lab tests and medical images.

This enables “continuity of care to patients, who can enjoy good quality care and a much better patient experience,” explained Mr So. “Clinicians are also able to take care of the patients’ needs more efficiently, as their clinical judgement process is now supported by data.”

Overcoming privacy concerns

Participation in eHRSS is also voluntary for patients. As of 2019, over one million patients and over 1,700 healthcare providers – including hospitals, clinics and elderly or welfare homes – have signed up to join the platform.

However, some patients and healthcare providers remain hesitant to use such sharing platforms, especially as patient data often contains sensitive or confidential information.

“Personal data privacy and information security are still key topics on the minds of users with regards to data sharing,” said Mr So.

“For providers who are not on board, another concern is the potential legal liability arising from data viewing and uploading, especially with regard to patients’ diagnoses and clinical judgments. They are concerned that they will come under scrutiny.”

To address these data privacy and security concerns, Hong Kong’s authorities have enacted legislation around the eHRSS system and its uses, with the emphasis that these data can only be accessed on a ‘need-to-know’, and ‘patient under care’ basis. This essentially means data access is solely limited for the purpose of providing healthcare. Differentiated access control is built in the system, so different users will only be able to access the data relevant to their respective functions. In addition, patients will receive a text notification when their records are accessed, while restrictions on the downloading of eHR data have also been put in place.

The authorities have also assured users that they are sparing no effort to ensure the security of the platform. Technical facilities (such as anti-virus programmes and firewalls) are in place, and security risk audits are regularly conducted to ensure that sufficient protection is provided. All access activities are logged to allow for the detection and tracking of any improper data access. For healthcare providers new to the platform, the eHRSS team provides comprehensive guidelines and briefings on the right procedures, security awareness, and orientates them on the proper access and use of patient data.

While these efforts do go some way towards reassuring the community, large-scale healthcare data breaches reported from time to time in the region have impeded further progress. Mr So also pointed to the lack of standardisation in data capture – with healthcare providers using different clinical modules – as another obstacle in getting more on board on a uniform platform.

Future steps

While the digitalisation of such clinical tasks remains “a long journey”, it may be worth the effort in the end. Five years after joining eHRSS, Mr So highlights that the feedback from Canossa’s patients and clinicians have been positive. Clinicians appreciate how health records are now available round-the-clock at their fingertips, while patients find it useful as “they sometimes cannot remember their own medical history,” Mr So noted.

To further promote healthcare data sharing in Hong Kong, Mr So believes the adoption of adequate data protection measures by healthcare providers, to mitigate the risk of data breaches, is a key step that has to be taken moving forward.

In addition, efforts to strengthen cybersecurity awareness amongst healthcare staff will be crucial – with digitalisation of healthcare well and truly underway, staff will need to be adept at identifying the potential risks or vulnerabilities in the technological tools they work with. These measures will go a long way to reducing the occurrence of data breaches, and restore public trust and confidence in data sharing initiatives.