Any healthcare provider who would like to register in eHRSS should:
No. The conditions listed in the registration agreement are set out by the Commissioner for the Electronic Health Record (eHRC) for all healthcare providers.
No. Connection to eHRSS does not mean opening up the access rights of your local eMR system by the Government or any eHRSS users.
PPI-ePR / PPP Participants
To promote transparency and respect patients’ rights, the data categories that can be uploaded by healthcare provider’s eMR system will be published at the eHRSS website.
Healthcare providers can only access the health data of patients under their care and with the patients' consent. Data in eHRSS should be accessed with the clinical needs and according to different role of authorised users. In general, only healthcare professionals are allowed to access health data of patients in eHRSS. Administrative users are not allowed to view health records of patients and can only have limited access rights to personal particulars of patients for registration matters.
Only limited and restricted downloading of patient’s information such as Participant Master Index (e.g. Name, Identity Document Type and Number, Date of Birth, Sex) and allergy / adverse drug reaction data from eHRSS to healthcare provider is allowed.
Unless explicitly not required by patients, eHRSS will send notifications to patients through any of the following means: SMS, postal mail or email whenever their eHR are accessed. This can help alerting patients on any potential unauthorised access of their eHR.
Radiological image sharing will be considered in the scope of next stage of development of eHRSS.
The day-to-day clinic visit note is not shared in the current scope of data sharing in eHRSS. The clinical note summary being shared refers mainly to Discharge Summary of an inpatient record upon discharge.
Use of eHRSS by Healthcare Professionals
Yes. You can access eHRSS through your notebook computer installed with software package for safe access to eHRSS. Due to security concerns, mobile devices, e.g. mobile phones or tablets, cannot access eHRSS at present. You should observe relevant security guidelines in particular using eHRSS outside ordinary clinical settings e.g. using a public network.
Use of a patient’s eHR for handling complaints should be handled with caution. Separate consent needs to be obtained from the patient, or his/her SDM, before any information in the patient’s eHR is used or disclosed to third parties for handling a complaint. You should also note that the patient or his/her SDM will be sent a notification every time the patient’s eHR is accessed.
No. According to COP (Section 3.4), the Professional Conduct and medical ethics, healthcare professionals shall not use information on eHRSS for alleging challenges or criticism in whatever means to disparage or depreciate the professional skills, knowledge, services or qualification of other healthcare professionals and/or healthcare providers. However, if you suspect that certain information of the patient in eHRSS may not be accurate, you should advise the patient to seek clarification with the healthcare providers contributing such information to eHRSS.
You should inform patients to approach the eHR Registration Office to get a copy of their personal health data stored in eHRSS through the Data Access Request under PDPO.
Operation and Security
There are 3 different connection modes, namely, modes A, B and C, for connecting to eHRSS. Participating healthcare providers may choose a connection mode that best suits their eMR system to connect to eHRSS, e.g.
For connection mode A, certified eMR system of the healthcare providers must be connected to eHRSS via dedicated leased line or Virtual Private Network (VPN) connection through pre-registered gateway with digital certificate recognised by eHRSS. eHRSS would rely on the eMR system to perform well-proven and reliable user login control. Connection mode A allows a seamless integration between eHRSS and the eMR system which eliminates the need for end-users to separately login.
For connection mode B, the eMR system must be connected to eHRSS with fixed IP address or with registered security module called Encapsulated Linkage Security Application (ELSA) for connecting to eHRSS. The user authentication takes place at both the eMR system and eHRSS. Connection mode B allows integration between eHRSS and the eMR system to a lesser degree, since the end-users are required to login to eHRSS by a second factor credential.
For connection mode C, the user workstations must be connected to eHRSS with fixed IP address or ELSA. The user authentication process will only be performed at eHRSS. Mode C users are required to login using login name and password and user-selected second factor authentication means (such as RSA token or digital certificate). During the initial phase, most solo practices may not have compatible eMR systems to connect to the sharing platform yet. They would access eHRSS via mode C.
Participating healthcare providers using different ways to connect to eHRSS will be subject to respective security compliance requirements below:
Patient who submits Data Correction Request (DCR) (according to PDPO) on health data in eHRSS to eHR Registration Office will be referred to the healthcare provider who has provided such data to eHRSS for review and decision.
eHRSS can be accessed through notebook or laptop computers and in settings where appropriate. However, please be aware of the safety and best practices regarding security and privacy protection when such access is outside ordinary clinical settings.