eHealth: What lies ahead

For many years, I have dreamed that every resident of Hong Kong would have a single medical record that healthcare professionals could access anytime and anywhere whenever it is needed for his care.

This was a common dream.  Colleagues have been eagerly waiting for over 20 years for technology to realize our dream.  It came at first as public medical records open to doctors who enrolled with EHRSS (now eHealth) and have obtained the patient's consent.  By the end of 2023, 80% doctors were registered eHealth users, with a monthly eHealth perusal of 250000 times.

eHealth does not keep all details, but only essential health data such as diagnoses, drug allergies, medications, laboratory and imaging reports, immunization records, and discharge summaries.

eHealth cannot be complete unless data from private healthcare providers are included.  The eHealth (Amendment) Ordinance passed in March 2025 geared to facilitate private health data deposit.  Nothing so far is mandatory, although the law included empowering clauses.

That being the background, what is next? Time is beyond arguing whether we should deposit clinical data into eHealth. The questions are ‘what data’ and ‘how to deposit’. An overriding principle is to respect the patient’s ownership of his data.

Healthcare professionals using the common electronic medical record systems (eMRS) will find transition smoother.  All they have to do is to contact the vendor and join eHealth.  They may have to upgrade their eMRS to the newest version, secure good internet speed and install security systems.

Colleagues who use improvised systems should contact the eHealth office for connecting.  Dialogue with the eHealth office to find a solution for paper record users is ongoing.  We have proposed solutions such as entering data directly into eHealth with a printout for record keeping in the clinic.

Moving forward, we see more challenges.  Paper records are arguably the safest records.   While burglars are most unlikely to take away paper records even if they break into a clinic, data theft on the internet is rampant.  How far are healthcare professionals liable for the data security if they use an eMRS? The majority of eMRS systems with eHealth connectivity use commercial cloud services to store patient data.  Should there be regulations as to where these clouds are physically placed, and if data can be transferred to clouds elsewhere in the World?  How is access restriction on the cloud secured?  Can a healthcare professional access the data years after he retires from practice and have unsubscribed from the eMRS system when such an access becomes required for instance, to defend oneself in a disciplinary inquiry?  

The laws provides the patient with a right to instruct the healthcare provider not to upload certain data, but eHealth app lacks such functionality so far.  If someone or commercial entity, having obtained an unrestricted consent from a patient to release all his clinical data wherever it is, makes a request to eHealth to release all his data, how can the patient’s privacy be protected?

As your representative, I shall continue to engage the eHealth Office to work out solutions to meet the above challenges.  eHealth has much more to offer than a medical record system.  We shall discuss that in a latter essay.