Procedure to ensure that organisations joining the Kanta Services and data systems to be linked to it comply with the requirements set for data security.

The audit concerns both data systems to be linked and practices in organisations joining up. Systems must have adequate data security features, and organisations must deploy them in an acceptable manner. An organisation must pass the audit in order to become a Kanta Services user.


Electronic verification that confirms the identity or confirms the identity and links the data for verifying a signature to the signatory, and that can be used for strong electronic identification and electronic signatures

Source: Act on Strong Electronic Identification and Electronic Signatures (617/2009)

certificate revocation list

List of certificates revoked by the certificate provider while they have been valid.

Source: Tiivis tietoturvasanasto (TSK 31, 2004)

certification service provider

Natural person or legal person who offers certificates to the general public
Source: Act on Strong Electronic Identification and Electronic Signatures (617/2009)

N.B.: In the Kanta Service the certification service provider is the Population Register Centre.


Citizens may give their consent for disclosing their medical records from one healthcare unit to another from the Patient Data Repository. The consent always covers all medical records entered and all disclosure events (it is not given for each individual disclosure, but when citizens give their consent, their rmation may be used in different healthcare units for their treatment). Consents may be given in healthcare units that have deployed the Patient Data Repository.

controller of a register

One or more persons, a corporation, institution or foundation, for the use of whom a register of personal data is set up and who has the right to determine the use of the register, or who has been designated as a controller by an Act.

Source: Personal Data Act (523/1999), section 3

N.B.: Healthcare organisations are controllers of the information they have stored in the Patient Data Repository. Kela is controller of the Prescription Centre, Prescription Archive and patient data management service.

disclosure event (synonym: disclosure of information)

disclosure of information (synonym: disclosure event)

dispensing (synonyms: drug purchase, dispensing event )

See dispensing records.

dispensing (synonyms: drug purchase, dispensing event )

See dispensing records.

dispensing records (synonyms: drug purchase, dispensing event, dispensing)

Information entered by the pharmacy into the Prescription Centre on the drugs purchased by patients.


drug purchase (synonyms: dispensing event, dispensing)

See dispensing records.

eArchive - Patient Data Repository

  • eArchive has become Patient Data repository
  1. synonyms: national patient data repository; centralised database into which all patient records are entered nationwide
  2. national data system service, see eArchive service

eArchive service

The Patient Data Repository service is a national electronic patient documentation archiving service which also includes a data management service, designed for healthcare services and maintained by the Kanta Services.

The service includes document archiving and search, destruction of documents in accordance with regulations on periods documents must be kept, disclosures of documents between healthcare controllers, provision of information to the patient, patient consents and refusals, and management of log records created by document disclosures.

electronic prescription

A prescription in electronic form stored in the Prescription Centre.

electronic signature

A piece of information in electronic form which authenticates the signatory's identity and certifies that the information signed for is unchanged.

ePrescription - electronic prescription

  • ePrescription has become the electronic prescription

ePrescription service

national service designed for healthcare services and pharmacies

Service includes

  1. Prescription Centre, into which all electronic prescriptions and their dispensing information are entered


Information provided to citizens concerning regional communal registers and national services (Kanta).

Kanta agent

A service provider used by a healthcare organisation or pharmacy to implement joining the Kanta system; a company which in this role may possibly see unencrypted patient records, for example in connection with maintenance.

A TLS encrypted connection executed with VRK's server certificate is usually formed between an agent and the Kantta Services. An organisation that only operates as a router of TLS-encrypted data communications is not classed as an agent, and it cannot see unencrypted patient records. A special case of an agent is an organisation which has itself joined Kanta, such as a Healthcare District or its company. 

Kanta Services

National healthcare data system services, containing the electronic prescription, Patient Data Repository and My kanta pages services.

N.B.: Kanta Services are subject to the provisions of the Act on Electronic Prescriptions (61/2007)  The Act on the Electronic Processing of Client Data in Social and Health Care Services.  (159/2007) and its later amendments.



File into which information on data system events and their instigators is automatically recorded

Logs can be used to trace events for various purposes, e.g. problem-solving or monitoring and control of data use.

log record (synonym: log entry)

Automatically saved record of an event from a data system.

A log record contains various ID details, e.g.

  • how and when the data system was used,
  • who used it, and
  • information on various fault situations.

N.B.: Under the Act on Electronic Prescriptions (61/2007), for every electronic prescription the Prescription Centre stores a record of who have viewed, altered or otherwise handled the prescription information, or cancelled the prescription, and the date and time of such actions.

Under the Act on the Electronic Processing of Client Data in Social and Health Care Services (159/2007), the user log register stores details of the client information used, the service provider whose client data is used, user of the client data, the purpose of use and the date and time of use. The disclosure log stores records of the disclosed client data, the service provider whose client data are disclosed, the party disclosing the client data, recipient of the disclosure and date and time of the disclosure.

My Kanta pages (previously called My Health Information)

Online service designed for adult citizens, through which they can view their own prescription information and medical records as well as related log records in the National Archive of Health Information.

National Archive of Health Information (Kanta)

National electronic archive maintained by Kela, for storing electronic prescriptions and patient records.

patient instruction sheet

A written set of directions on drugs prescribed electronically during a visit and given to a patient  by the doctor.

patient records (synonym: medical records)

Information (patient records) on citizens' health stored in the Patient Data Repository.

person responsible for data security

A person designated in a healthcare organisation, pharmacy and Kela for the purpose of ensuring compliance with legislation of patient and prescription information and monitoring and control of compliance with data security.

Pharmaceutical Database

Database containing the necessary and up-to-date information on drugs required in order to prescribe and dispense them, including their price, eligibility for reimbursement, interchangeable drug preparations, and also reimburseable base creams and clinical nutrition preparations.

Prescription Archive

Centralised data system in which electronic prescriptions are archived for 20 years after 2.5 years have elapsed from their issue date.

Prescription Centre

Centralised database in which electronic prescriptions and details of their dispensing events by pharmacies are stored.


Prescription Centre user log

Log of viewing and handling records of prescriptions and related dispensing events (drug purchases) held in the Prescription Centre.

Refusal (synonym: refusal of disclosure)

In My Health Information, citizens may consent to have their information disclosed, but by registering a refusal concerning information about a certain service event, service provider or its register, they can disallow the disclosure of that information to other healthcare units.

Renewal request (synonym: repeat request)

Request made when an electronic prescription needs to be renewed.

service event

Patient's visit or treatment period in the healthcare system, related to the treatment of a certain illness or other reason

See Visit or treatment period.

service unit

Provides patient services in the healthcare system. A service unit in the healthcare system is either a treatment unit or treatment support unit. A characteristic of a service unit is that the core activity is formed by a single service. In addition to this core service, a unit may also provide other services.

strong ID

User identification by at least two different ID methods

  • User enters something only he knows, such as a password
  • User has some device or piece of equipment used in identification, such as a key or ID card.
  • User is identified on the basis of some feature, such as speech pattern or fingerprint.

Source: Tietotekniikan liitto ry, ATK-sanakirja, 4/2008

summary of patient's electronic prescriptions

Printed list of patient's prescriptions and their dispensing events, which are stored in the Prescription Centre.

External ID service used in My Kanta pages.

Visit or treatment period

Citizens may refuse to have information relating to a visit/treatment period, or a service provider or its register, disclosed to other healthcare units by entering a refusal.