Data protection and privacy

Data protection and privacy

Kanta Services permit reliable and secure processing of your information. The data is protected so no outsider can see your details.

The purpose of data protection is to specify when and under what conditions you details may be handled. Data security is one of the means of implementing data protection. Its purpose is to protect your information and the data systems through technical means and other measures within the organisation.

Kanta Services data protection and security – main features

The data security and protection of Kanta Services and the health service are planned, developed and monitored in a number of ways, including:

  • The work of healthcare professionals is governed by strong ethical norms, with which all professionals undertake to comply while still students. 
  • The authorisations attached to the various positions are defined by the organisations.
  • All data transfers between the healthcare system, pharmacies, national connection points and Kanta Services take place encrypted between identified parties. 
  • Professionals log into the data systems with professional cards, i.e. using strong electronic identification. An electronic signature authenticates the signatory’s identity and that the information signed for has not changed during transfer or saving.
  • Kela, healthcare organisations and pharmacies have a data security policy for Kanta Services.
  • All usage of Kanta Services leaves a trace, called a log. This permits monitoring and overseeing the way the system is used. Patient data systems also produce logs on the use of medical records.
  • Healthcare organisations are also obliged to have an in-house control plan to ensure that the agreed practices are followed. 
  • Every healthcare unit also has a data protection manager, whom you can contact if you suspect unauthorised use of your details.

Monitoring and control of data processing

Healthcare units, pharmacies and Kela oversee in their part that data protection is observed and data processing complies with the legislation. This is made possible by operators maintaining logs of the use and disclosures of information.

Log data are based on 

  • users identified by personal certificate cards 
  • grounds for handling the information.

If there is cause to suspect misuse, the log data make it possible to establish who has handled the data and on what grounds. 

Healthcare units and pharmacies must appoint data protection managers for the monitoring and oversight function. In addition, they must ensure that the whole personnel receives adequate training in data security, so that it is able to handle client details properly.

You can monitor the use of your information

You are able to monitor the use and disclosure of your own medical and prescription details. You can see in My Kanta Pages which healthcare units or pharmacies have handled your prescription or medical records. You can also ask the data controller for details of who have handled and viewed information about you. The requirements for viewing the information are a treatment or client relationship and the patient’s consent.

Data protection and handling personal data at Kela

In all its functions, Kanta Services observes an assiduous approach and ensures that data protection and security are implemented. Kela does not handle personal details, but Kela maintains the data entered in Kanta Services. The grounds for their maintenance are Kela's statutory obligations.

Kela is the data controller of Prescription Centre and Data Management Service.  More detailed information on the details in these registers in data protection descriptions

You can obtain more detailed information on client details held by the social services and medical records held by the healthcare service from the relevant service provider.

Data protection and handling of personal data in European pharmacies

When you purchase drugs from a European pharmacy, your information is handled only by identified healthcare professionals authorised to handle it. The information is not disclosed to outsiders. Every country is responsible for ensuring that healthcare professionals and service providers have sufficient knowledge and skill to dispense your medicines. 

When your information is transferred from Finland to another European country, the responsibility for its proper handling is also transferred.

These responsible parties are:

  • the pharmacy where you purchase your drugs 
  • Finland's national connection point 
  • the connection point of the country where you are purchasing drugs.  

Every country approved for dispensing electronic prescriptions in Europe has undertaken the EU authorisation process, including audits on data protection and data security.

Find out more

Last updated 24.07.2020