Data security

Prescription and patient records are sensitive health information. The Kanta Services permit processing of this information reliably and securely. All data transfers between the healthcare system, pharmacies, Patient Data Repository and Prescription Centre take place encrypted between identified parties. The identity of every user of the Prescription Centre and Patient Data Repository is verified using strong electronic identification.

In the healthcare system, the Prescription Centre may be accessed by doctors, dentists and students of both disciplines who have completed the required studies, as well as nurses. In pharmacies, the information in the Prescription Centre may be viewed by pharmacists with or without an MSc (Pharm) (proviisori) and pharmacology students. Handling information held in the Prescription Centre requires a healthcare professional card and appropriate user rights to the Prescription Centre. Additional requirements are a treatment or client relationship and the patient's consent.

The Patient Data Repository is only accessible to persons employed in the healthcare services who have a smart card granted by the healthcare certification provider and user rights appropriate to their position to the information in the Patient Data Repository. Disclosure of information between healthcare units requires a treatment relationship and the patient's consent.

An electronic signature authenticates the signatory's identity and that the information signed for has not changed during transfer or saving. Kela, healthcare organisations and pharmacies have a data security policy for the Kanta Services.

Monitoring and control of data processing

Kela, healthcare organisations and pharmacies oversee in their part that data security is observed and data processing complies with the legislation.

In order to permit ex-post control, logs are maintained on the use and disclosure of the information. The log data are based on identified users (personal certificate card) and reason for accessing the data. If there is cause to suspect misuse, it is possible to establish who has handled the data and on what grounds.

Healthcare units and pharmacies must appoint persons responsible for data security to carry out monitoring and control functions, as well as ensuring that the whole staff receive adequate training in data security issues.

Patients control use of their information

Patients are also able to control the use and disclosure of their information. Patients can see in My Kanta pages which organisations have viewed or handled their prescription details or where their medical records have been sent. Patients can also request from the register controller details of who have handled and viewed any of their records. The controller of the medical records is the healthcare organisation (e.g. health centre) where the patient was treated and the patient's documents created. 

The controller of the Prescription Centre and patient data management service is Kela. 

More on patient rights and consents under ‘Instructions'.

Data security

Prescription and patient records are sensitive health information. The Kanta Services permit processing of this information reliably and securely. All data transfers between the healthcare system, pharmacies, Patient Data Repository and Prescription Centre take place encrypted between identified parties. The identity of every user of the Prescription Centre and Patient Data Repository is verified using strong electronic identification.

In the healthcare system, the Prescription Centre may be accessed by doctors, dentists and students of both disciplines who have completed the required studies, as well as nurses. In pharmacies, the information in the Prescription Centre may be viewed by pharmacists with or without an MSc (Pharm) (proviisori) and pharmacology students. Handling information held in the Prescription Centre requires a healthcare professional card and appropriate user rights to the Prescription Centre. Additional requirements are a treatment or client relationship and the patient's consent.

The Patient Data Repository is only accessible to persons employed in the healthcare services who have a smart card granted by the healthcare certification provider and user rights appropriate to their position to the information in the Patient Data Repository. Disclosure of information between healthcare units requires a treatment relationship and the patient's consent.

An electronic signature authenticates the signatory's identity and that the information signed for has not changed during transfer or saving. Kela, healthcare organisations and pharmacies have a data security policy for the Kanta Services.

Monitoring and control of data processing

Kela, healthcare organisations and pharmacies oversee in their part that data security is observed and data processing complies with the legislation.

In order to permit ex-post control, logs are maintained on the use and disclosure of the information. The log data are based on identified users (personal certificate card) and reason for accessing the data. If there is cause to suspect misuse, it is possible to establish who has handled the data and on what grounds.

Healthcare units and pharmacies must appoint persons responsible for data security to carry out monitoring and control functions, as well as ensuring that the whole staff receive adequate training in data security issues.

Patients control use of their information

Patients are also able to control the use and disclosure of their information. Patients can see in My Kanta pages which organisations have viewed or handled their prescription details or where their medical records have been sent. Patients can also request from the register controller details of who have handled and viewed any of their records. The controller of the medical records is the healthcare organisation (e.g. health centre) where the patient was treated and the patient's documents created. 

The controller of the Prescription Centre and patient data management service is Kela. 

More on patient rights and consents under ‘Instructions'.