To be able to provide you with good-quality care, the healthcare professionals treating you must have access to all necessary information about your state of health and the examinations that have been performed on you. When you give your consent for service providers to share your patient data with each other, your data will be available for use, for example, in another wellbeing services county. It can make your treatment easier and faster.
On this page you can learn
- What is affected by consenting to share one’s data?
- When can data be used without consent to share one’s data?
- How can you limit the authorisation granted?
- For which data can consent be denied?
- How do denials of consent work in different situations?
What is affected by consenting to share one’s data?
Once you have given your consent to share your data, your data may be shared between, for example,
• public and private healthcare service providers
• different wellbeing services counties.
If you do not give your consent to share your data, your data can only be used in the wellbeing services county or private healthcare organisation where your data was originally recorded. Giving your consent to sharing your data is always voluntary.
During a holiday trip, you need to use healthcare services in another wellbeing services county. If you have given consent to share your data, the attending physician may, if required, utilise your patient data that were recorded in your wellbeing services county, for example, at your local healthcare centre. This will ensure that your physician has access to comprehensive information about your care.
Professionals may only use your data if it is necessary for your care. The professional using your data must also always have a treatment relationship with you.
If you gave your consent to share your data before 1 January 2023, we recommend that you update it in MyKanta. This will ensure that professionals can also utilise data that is not included in the Kanta Services. These include, for example, information in paper form.
When can data be used without a consent for data sharing?
Your consent to use or disclose your data is not required, for example, in the following situations:
A healthcare service provider has access to your patient data entered in various units of that service provider. This data may be accessed and used through their local patient information system. The professional using your data must also always have a treatment relationship with you.
Consent to data sharing is not required if your patient data is used in public health care in the region of Uusimaa. However, the use of your data in Uusimaa requires that you have received information about the Kanta Service, i.e., a notification explaining how your data will be used in social welfare and healthcare services. You can limit the use of your data in Uusimaa by setting up denials of consent to share your data.
In case of an emergency, your patient data may be accessed by professionals via the Kanta Services without your specific consent. However, when you set up a denial of consent, you can explicitly specify that your data may not be used, even in an emergency.
In healthcare services, no consent is required to use a client's data, if they are unable to assess the relevance of the consent given due to memory impairment, mental disorder, disability or similar reasons, and do not have a legal representative. Professionals can also use patient data if, for example, the client is unconscious and cannot provide their consent.
If you are receiving care as an outsourced service, the service provider providing the care has the right to access any patient information that is relevant for the care being given to you. In such a case, your data can be used without your prior consent.
How can you limit the consent I have given?
If you wish, you can limit the consent you have given by setting up denials of consent. For example, you can set up a denial of consent for your data to be shared between a public healthcare service provider and a private healthcare service provider. Denials of consent may complicate and slow down your treatment if you visit different healthcare facilities. Despite your denials of consent, your data may be used by the service provider who has recorded the data / with whom the data has been recorded.
However, when you set up denials of consent, you can explicitly authorise access to your data in case of an emergency. An emergency situation refers to a situation in which you are unconscious due to an accident or illness, for example.
For which data can one deny usage?
You can target denials of consent in different ways. You can set up a denial of consent for the sharing of the following information:
- your data for a specific service transaction
- all your data in the records of a specific healthcare service provider
- all your patient data.
For example, you can set up a denial of consent for a private occupational healthcare service or a public healthcare service provider, such as a wellbeing services county, to share your data. If you wish to set up a denial of consent to share your data from the registers of public healthcare providers and public occupational healthcare service providers, you need to set up denials of consent for them separately.
A service transaction may consist of several appointments, procedures and contacts relating to the same issue. If you set up a denial of consent to share a service transaction, then that denial will apply to any entries related to that service transaction that have been made and will be made later.
If you set up a comprehensive denial of consent to share all patient data, it will override any other denials of consent you have set up, and you will not be able to set up any new specific denials.
All denials of consent apply to both existing data and data that will be recorded in the future. You may withdraw a denial of consent at any time.
How do denials of consent work in different situations?
If you set up a comprehensive denial of consent to share all patient data, it will override any other denials of consent you have set up, and you will not be able to set up any new specific denials. However, any specific denials you have set previously, such as visit and register-specific denials, will remain stored and will come back into effect if you withdraw the denial of consent to all sharing of patient data.
Denials of consent to share all patient data can only be taken into account in healthcare services once the necessary changes have been made to the service provider's information system.
Patient data may be held by a private healthcare provider in one or more registers. If you want to know how your patient data are used and how you can limit the sharing of your data by setting up denials of consent, please contact the private healthcare service provider you are dealing with.
If you have set up a denial of consent to share data from a service transaction with a private healthcare service provider or an occupational healthcare register, your data cannot be shared outside of that private service provider’s organisation.
Denials of consent to share data regarding a private occupational healthcare register can only be taken into account in healthcare services once the necessary changes have been made to the service provider's information system.
Denials of consent to share data for specific service transactions, such as a denial of consent to share data for a specific appointment which you set up before 1 January 2023 will continue to function in the same way as before in all the wellbeing services counties. They prevent the sharing of your data with another service provider but do not prevent use of the data in the healthcare services of the wellbeing services county.
If, prior to 1 January 2023, you set up a denial of consent to share data for a specific service provider (i.e., a specific register) that prohibited the sharing of all your data held by one health centre, for instance, this denial of consent prevents the sharing of the data with another service provider or another register.
Denials of consent set up before 1 January 2023 on your data in the service provider's register will work differently in different wellbeing services counties. You can ask your wellbeing services county for more information.