ISE09/17-18

Subject:

health services, electronic health record sharing system, patient privacy, personal data, patient portal

• The Electronic Health Record Sharing System ("eHRSS") came into operation in March 2016, enabling healthcare providers in both private and public sectors to share the electronic health records ("eHR") of patients for better continuity of healthcare services, subject to the consent of patients. Response to eHRSS appears to be positive, with participation of more than 730 000 patients in just two years by April 2018. The Government is now enhancing the sharing system, expanding the scope of sharable data (e.g. radiological images and Chinese medicine) on the one hand, and developing a Patient Portal for direct access of patients to eHRSS on the other.

• However, there are continuing public concerns over implementation of eHRSS, predominantly on protection of the privacy of patients and cyber security of the database. Members are also concerned about the development of the Patient Portal and the rights of patients to exercise control over the scope of sharable data on the platform.^{1Legend symbol denoting Legislative Council Secretariat (2015).}

• Estonia is a global pioneer in setting up a nationwide sharing system of eHR launched in 2008. Not only is Estonian eHealth system acclaimed as "one of the most successful in the world", its application of blockchain technology in 2016 also offers further protection against cyber attacks.^{2Legend symbol denoting Forbes (2018).} This issue of Essentials first reviews the benefits and concerns associated with developments of eHRSS in Hong Kong, followed by a discussion of key features of the eHR system in Estonia.

Benefits and concerns of sharing electronic health data

• Benefits of eHR system: Riding on the rapid advancement of information technology since the 1990s, more than 50 places across the globe have set up territory-wide eHR sharing systems, for a host of healthcare benefits. First, it enables clinical practitioners to access the lifelong health records of a patient in a timely manner, avoiding duplicated tests and treatments. Secondly, it facilitates holistic care of a patient by family doctors on the one hand, and referral to specialist doctors on the other. Integrated healthcare services in turn can improve continuity of care for the patients. Thirdly, the application of emerging big data technology facilitates the analysis of anonymous data in the system, which in turn will enhance the capability of the governments to formulate policies on disease surveillance and public health. Fourthly, sharing of medical records amongst clinical practitioners can promote "public-private partnership in healthcare", which is particularly important to alleviate the congested public healthcare system in Hong Kong.^{3Legend symbol denoting Food and Health Bureau (2008).}

• Concerns over eHR system: Yet development of an eHR system also gives rise to concerns over data privacy and cyber security of the database. As health-related data is highly personal and sensitive, patients generally wish to keep such data sharing on a need-to-know basis. Meanwhile, the huge database in the eHR system is susceptible to hacker attacks, resulting in information leakage. Most recently, health data of some 1.5 million people in Singapore was reportedly stolen after a string of "deliberate and targeted" cyber-attacks in early July 2018, while the computer system of the Department of Health in Hong Kong suffered from a ransomware attack in the last two weeks of July 2018.^{4Legend symbol denoting During the period between 27 June and 4 July 2018, e-health data stored in the computer system of Singapore (i.e. SingHealth) was hacked, causing theft of health data of some 1.5 million people. Separately, three computers of the Department of Health were attacked by a ransomware in the last two weeks of July 2018, resulting in inaccessible files in these computers. Reportedly, these computers were not used to store confidential personal information. See South China Morning Post (2018a) and (2018b).}

Recent developments of eHRSS in Hong Kong

• The Government rolled out eHRSS by phases, beginning with the development of a sharing platform connecting participating healthcare providers. The second phase involved the enactment of the Electronic Health Record Sharing System Ordinance ("eHRSS Ordinance") to provide a legal framework for protection of data privacy and system security. The Government formally launched eHRSS in March 2016.

• Key privacy features of eHRSS: Participation in eHRSS is entirely voluntary, as local patients can enrol in the system through registration either in person or online. While a Joining Consent given by the patients in registration authorizes sharing of their health records in the system, they need to sign off another Sharing Consent to allow registered healthcare providers, enlisted on an organization basis, to access their health records.^{5Legend symbol denoting Healthcare providers refer to those health care institutions or organizations in both private and public sectors.} Detailed health records of a patient are only accessible to those medical professionals employed in specific healthcare provider(s) with the sharing consent from the patients. Whenever the health records of a patient in eHRSS is accessed, notification will be sent to the patient either through short text message, email or by postal.^{6Legend symbol denoting ehealth (2018).}

• Response to eHRSS: Feedback to eHRSS is largely positive, with patient registrations soaring to 222 000 in August 2016, and further to 730 000 in April 2018. As regards registration for healthcare providers on organization basis, they almost doubled from 859 to about 1 500 over the same period. For medical professionals employed by healthcare providers, over 44 000 user accounts were created by April 2018, accounting for some 40% of overall registered medical professionals in Hong Kong.^{7Legend symbol denoting Medical professionals refer to Registered Pharmacists, Registered Dentists, Enrolled Dental Hygienists, Registered Medical Practitioners, Registered Midwives, Registered or Enrolled Nurses, Registered Medical Laboratory Technologists, Registered Occupational Therapists, Registered Optometrists, Registered Radiographers, Registered Physiotherapists, Registered Chiropractors, and Listed or Registered Chinese Medicine Practitioners. According to the Food and Health Bureau, there were 102 351 registered medical professionals in Hong Kong as at end 2017.}

• Issues and concerns: Yet there are lingering concerns in the implementation of eHRSS. First, while patients can revoke Sharing Consent at any time to any particular healthcare provider on organization basis, they do not have the right to specify which individual medical professionals employed in that authorized healthcare provider can access their medical records.^{8Legend symbol denoting This may be particularly so for Hospital Authority ("HA") and Department of Health ("DH"), as these two organizations employ a large number of medical professionals. Furthermore, patients cannot revoke the sharing consent with HA and DH.} Secondly, while the eHRSS Ordinance specifies that the access of detailed data is restricted only to those medical professionals providing treatments, it is not clear how far the healthcare organizations could strictly abide to the rules in enforcement.^{9Legend symbol denoting Legislative Council Secretariat (2015).} Thirdly, as the scope of eHR data is pre-defined by the Government, patients do not have the right to filter out some of sharable data.^{10Legend symbol denoting Currently, the scope eHRSS of sharable data covers (a) personal identification and demographic data; (b) allergies and adverse drug reactions; (c) diagnosis, procedures and medication; (d) encounters or appointments; (e) clinical note or summary; (f) birth and immunization records; (g) laboratory and radiology reports; (h) other investigation reports; and (i) healthcare referrals.} Some Members have proposed inclusion of a "safe deposit box" containing sensitive data in the system, in which patients can have control over access to data put in the box.^{11Legend symbol denoting Legislative Council Secretariat (2015).} While claiming that such functions might undermine the comprehensiveness of eHRSS, the Government is now exploring the feasibility of the proposal in the enhancement of eHRSS. Fourthly, as only one-third of private clinics have connected to eHRSS as of July 2018, out-patients in the majority of clinics still could not benefit from eHRSS.^{12Legend symbol denoting While there is no statistics on the total number of private clinics in Hong Kong, DH estimated that there were about 5 000 private clinics in 2016. According to the eHRSS homepage, some 1 800 private clinics registered to eHRSS in July 2018.} While this could be partly attributable to resource constraints of small clinics in the private sector, some doctors consider medical records as "the property of the doctor" and do not wish to share them with others.^{13Legend symbol denoting According to the Hong Kong Medical Association, "medical report" is a summary of sickness and treatment issued by the doctor which is sharable information. However, "medical record" is daily diagnosis data of medical professionals which are the property of the doctor.}

• Development of Patient Portal: In December 2017, the Government has commissioned a consultancy study on Patient Portal, reviewing overseas experience and examining possible functionalities of the Portal. In the development of the Patient Portal, the Government undertakes to make reference to the study findings upon its scheduled completion in the second quarter of 2018.^{14Legend symbol denoting Legislative Council Secretariat (2018).}

National Health Information System in Estonia

• Regaining independence from the Soviet Union in 1991, Estonia has a very small population of just around 1.3 million in 2017. Yet the newly established Estonian government was keen to reinvigorate its governance through the application of emerging Internet technology newly available in the 1990s. Receptive to many e-technology solutions, Estonia is now globally renowned for its "integrated digital government services", including e-Health solution.^{15Legend symbol denoting ACCESS Health International (2015).}

• As early initiatives of development of the e-health system in Estonia, all healthcare providers were mandatorily required to have their computers connected to the Internet in 2000, followed by introduction of electronic patient ID cards in 2002. Upon the enactment of the Health Services Organization Act in December 2007, all healthcare providers are obliged to forward medical data of patients in standardized format to the Estonian National Health Information System ("ENHIS"), with effect from 1 September 2008.

• Here are some of the key features of the sharable eHR in the ENHIS:
  
  

  (a)	Mandatory participation of patients: Unlike the voluntary approach in Hong Kong, all Estonians are mandatorily required to participate in ENHIS, unless they opt out from the system. Full eHR of almost all Estonians can be tracked online from the integrated database of all healthcare providers;
  (b)	Comprehensive coverage of eHR: The e-Health data in Estonia is very comprehensive, covering many aspects including diagnoses, physician visits, laboratory tests, medical images, surgical procedures and inpatient treatments;
  (c)	Right of patients to opt out from ENHIS: Although it is a mandatory participation system, each Estonian has the right to opt out from ENHIS or withhold certain health information. That said, only 2% of the Estonian population stay away from ENHIS;
  (d)	Covering e-prescriptions as well: On top of eHR, doctors and healthcare professionals can issue their medical prescriptions to patients electronically. As the centralized system of e-prescription is accessible to all hospitals and pharmacies in Estonia, patients can simply present their e-ID Card to the pharmacy and get the medicine prescribed by the doctors, trimming unnecessary paperwork and doctor visits;
  (e)	Application of blockchain technology for data security: While the overall security level of the Estonian eHR system is set at the highest level, the security measures are audited by independent professionals biennially. Moreover, "ENHIS data is in practice encrypted", providing additional protection to the sharable data.16Legend symbol denoting European Commission (2014). More recently, as a further attempt to enhance data security, the Estonian government turned to blockchain technology in 2016, which can record all access activities of eHR through unchangeable audit trail. As a matter of fact, Estonia has also become the first country to use blockchain for healthcare on a national scale;
  (f)	Patient Portal and restricted access to certain data: Patient Portal was introduced in Estonia in 2009, allowing each Estonian to decide the scope of sharable data in the ENHIS. In this Portal, patients can (i) deny access of their e-Health data by certain healthcare professionals;17Legend symbol denoting Priisalu, J. and Ottis, R. (2017). and (ii) restrict access to either the entire eHR or those documents disclosing specific illness. However, for certain critical health information, healthcare professionals can restrict patient's access to that piece of information for up to six months, so that they can discuss with the patient over the healthcare implications of such information beforehand;18Legend symbol denoting European Commission (2014). and
  (g)	Big data for customized treatment: Big data in ENHIS is also used for compilation of national statistics in Estonia, tracking health trends and epidemics. More recently, the Estonian government has launched a new programme on "personalized medicine" in 2018.19Legend symbol denoting Personalized medicine is a move away from a "one size fits all" approach to the treatment and care of patients with a particular condition, to one which uses new approaches to better manage patients' health and targets therapies to achieve the best outcomes in the management of a patient's disease or predisposition to disease. In 2018, the Estonian government offered free genetic testing for 100 000 residents to develop personalized medicine. For details of personalized medicine, see National Health Service of the United Kingdom. Through analysis of genetic database and eHR in the system, the connections between diseases and health habits can be identified. Based on the findings, healthcare professionals can provide a more customized medical treatment to individual patients, instead of a "one size fits all" approach.

• The e-Health system appears to have functioned pretty well in Estonia, with good support from both patients and medical professionals. Since its operation in 2008, the Estonian e-Health system has collected more than 20 million health documents and 250 million health events. While more than 95% of data generated by hospitals and doctors has been digitized since 2015, 99% of prescription are issued in digital form.

• It appears that ENHIS in Estonia has addressed some of the major local concerns in implementation of eHRSS in Hong Kong, bearing in mind that its mandatory approach differs from the voluntary approach in Hong Kong. Not only is cyber security of the database of ENHIS protected by the blockchain technology, the Estonian patients can withhold certain parts of eHR through the Patient Portal, similar to the suggestion of "safe deposit box" made in Hong Kong.

Prepared by Gary NG
Research Office
Information Services Division
Legislative Council Secretariat
22 August 2018

Endnotes:

1.	Legislative Council Secretariat (2015).
2.	Forbes (2018).
3.	Food and Health Bureau (2008).
4.	During the period between 27 June and 4 July 2018, e-health data stored in the computer system of Singapore (i.e. SingHealth) was hacked, causing theft of health data of some 1.5 million people. Separately, three computers of the Department of Health were attacked by a ransomware in the last two weeks of July 2018, resulting in inaccessible files in these computers. Reportedly, these computers were not used to store confidential personal information. See South China Morning Post (2018a) and (2018b).
5.	Healthcare providers refer to those health care institutions or organizations in both private and public sectors.
6.	ehealth (2018).
7.	Medical professionals refer to Registered Pharmacists, Registered Dentists, Enrolled Dental Hygienists, Registered Medical Practitioners, Registered Midwives, Registered or Enrolled Nurses, Registered Medical Laboratory Technologists, Registered Occupational Therapists, Registered Optometrists, Registered Radiographers, Registered Physiotherapists, Registered Chiropractors, and Listed or Registered Chinese Medicine Practitioners. According to the Food and Health Bureau, there were 102 351 registered medical professionals in Hong Kong as at end 2017.
8.	This may be particularly so for Hospital Authority ("HA") and Department of Health ("DH"), as these two organizations employ a large number of medical professionals. Furthermore, patients cannot revoke the sharing consent with HA and DH.
9.	Legislative Council Secretariat (2015).
10.	Currently, the scope eHRSS of sharable data covers (a) personal identification and demographic data; (b) allergies and adverse drug reactions; (c) diagnosis, procedures and medication; (d) encounters or appointments; (e) clinical note or summary; (f) birth and immunization records; (g) laboratory and radiology reports; (h) other investigation reports; and (i) healthcare referrals.
11.	Legislative Council Secretariat (2015).
12.	While there is no statistics on the total number of private clinics in Hong Kong, DH estimated that there were about 5 000 private clinics in 2016. According to the eHRSS homepage, some 1 800 private clinics registered to eHRSS in July 2018.
13.	According to the Hong Kong Medical Association, "medical report" is a summary of sickness and treatment issued by the doctor which is sharable information. However, "medical record" is daily diagnosis data of medical professionals which are the property of the doctor.
14.	Legislative Council Secretariat (2018).
15.	ACCESS Health International (2015).
16.	European Commission (2014).
17.	Priisalu, J. and Ottis, R. (2017).
18.	European Commission (2014).
19.	Personalized medicine is a move away from a "one size fits all" approach to the treatment and care of patients with a particular condition, to one which uses new approaches to better manage patients' health and targets therapies to achieve the best outcomes in the management of a patient's disease or predisposition to disease. In 2018, the Estonian government offered free genetic testing for 100 000 residents to develop personalized medicine. For details of personalized medicine, see National Health Service of the United Kingdom.

References:

1.	Food and Health Bureau. (2008) "My Health My Choice" Healthcare Reform Second Stage Consultation Document.
2.	Food and Health Bureau. (2014) Legislative Council Brief on Electronic Health Record Sharing System Bill. File Ref: FH CR 1/1/3781/10.
3.	Food and Health Bureau. (2015) Draft proposed amendments in relation to (i) "need-to-know" principle and (ii) patient choice over data sharing. LC Paper No. CB(2)808/14-15(02).
4.	Food and Health Bureau. (2018) Electronic Healthcare Record Sharing System.
5.	GovHK. (2017) The Chief Executive's 2017 Policy Address.
6.	Health and Medical Development Advisory Committee. (2005) Building a Healthy Tomorrow.
7.	Legislative Council Secretariat. (2015) Report of the Bills Committee on Electronic Health Record Sharing System Bill. LC Paper No. CB(2)1736/14-15.
8.	Legislative Council Secretariat. (2018) Replies to initial written questions raised by Finance Committee Members in examining the Estimates of Expenditure 2018-19.
9.	Privacy Commissioner for Personal Data, Hong Kong. (2017) Privacy Commissioner Responses to Media Enquiry on Medical Record Access, Retention and Transfer by Clinic that will Cease Operation.
10.	South China Morning Post. (2018a) After Singapore medical data hack, Hong Kong's Department of Health becomes latest cyberattack victim.
11.	South China Morning Post. (2018b) Singapore hit by 'most series' cyberattack, resulting in theft of health data of 1.5 million people - including the prime minister.
12.	The Hong Kong Medical Association. (unknown) Patients' Rights and Responsibilities.
13.	《病歷電子化 怎防資料外洩》，經濟日報，2016年9月17日。
14.	《醫生結業拒退回病歷副本 私隱署接病人投訴》，東方日報，2017年6月19日。
Others
15.	ACCESS Health International. (2015) Case Study: The Estoniam eHealth and eGovernance System.
16.	E-Estonia. (2018) Blockchain and healthcare: the Estonia Experience.
17.	Enterprise Estonia. (2017) Getting personal with personalised medicine.
18.	Estonian E-health Foundation. (2010) Overview of Estonian Electronic Health Record (EHR) System.
19.	European Commission. (2014) Overview of national legislation on EHR in Estonia.
20.	European Commission. (2017) Estonia Country Health Profile.
21.	Forbes. (2018) How Estonia is harnessing the power of data for an aging population.
22.	Integrated People-Centred Health Services. (2018) Developing an integrated e-health system in Estonia.
23.	Priisalu, J. and Ottis, R. (2017) Personal control of privacy and data: Estonian experience. Health Technol. pp.441-451.
24.	Ministry of Social Affairs, Republic of Estonia. (2017) E-health in Estonia.
25.	National Health Service, UK. (unknown) Healthcare science: Personalised medicine.
26.	OECD. (2017) Digital technology: Making better use of health.
27.	Proehealth. (2013) Directorate General for Communications Networks, Content and Technology. Estonian EHR Case Study.
28.	World Health Organization. (2016a) Atlas of eHealth country profiles 2015: The use of eHealth in support of universal health coverage.
29.	World Health Organization. (2016b) Regional Office for Europe: E-health in practice.

---

^{Essentials are compiled for Members and Committees of the Legislative Council. They are not legal or other professional advice and shall not be relied on as such. Essentials are subject to copyright owned by The Legislative Council Commission (The Commission). The Commission permits accurate reproduction of Essentials for non-commercial use in a manner not adversely affecting the Legislative Council, provided that acknowledgement is made stating the Research Office of the Legislative Council Secretariat as the source and one copy of the reproduction is sent to the Legislative Council Library. The paper number of this issue of Essentials is ISE09/17-18.}