Electronic Health Record Sharing System awarded international information security management certification (with photo)

image_pdfimage_print

     The Electronic Health Record Sharing System (eHRSS) has been awarded the ISO/IEC 27001:2013 certification of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) after its Information Security Management System (ISMS) passed the relevant certification audit.
      
     Receiving the certificate, the Permanent Secretary for Food and Health (Health), Ms Elizabeth Tse, today (September 17) said, "We are pleased that the eHRSS has been awarded the ISO/IEC 27001:2013 certification for its ISMS. It is a milestone in the continuous improvement of the services and information security management under the eHRSS. More than 850 000 members of the public have registered with the eHRSS. We will strive to provide better quality services in the second stage development of the eHRSS."
      
     Led by the Government and with the Hospital Authority (HA) as the technical agency, the territory-wide eHRSS was launched in March 2016 to facilitate public-private medical collaboration, promote continuity of care and improve the quality and efficiency of healthcare services. With patients' informed consent, registered healthcare providers (HCPs) in both the public and private sectors can view and share patients' electronic health records on the eHRSS. Registration by both patients and HCPs is voluntary, free and easy. Under the second stage development, the sharable scope of the eHRSS will be enlarged to include Chinese medicine information and radiology images, and a Patient Portal will be developed.
      
     ISO/IEC 27001:2013 is an international standard developed by ISO and IEC to provide requirements for establishing, implementing, maintaining and continually improving an ISMS. Being certified with the ISO/IEC 27001:2013 standard indicates that the Government and the HA have put in place for the eHRSS a comprehensive suite of information security controls after systemically reviewing its security risks, and have adopted a management process that ensures that the controls will continue to meet its information security needs on an ongoing basis.

Photo  

Leave a Reply

Your email address will not be published.