All users must pass an identity check based on a strong authentication protocol. Electronic signatures are used to verify the signer’s identity and that the information has not changed during transmission or storage.
Data protection and privacy procedures in the Kanta services and in healthcare are planned, monitored and developed further in a variety of different ways:
- All communication of data between healthcare providers, pharmacies, contact points and the Kanta services is encrypted between authenticated users.
- Professionals use a personal smart card to sign in to the information systems using strong authentication.
- User permissions required for different professional roles are defined by organisations.
- Log data are one way to monitor system usage. Each use of the Kanta services is recorded in log files. Access to patient records is also logged by patient information systems.
- Kela, healthcare organisations and pharmacies have common data protection policies for the Kanta services.
- Each healthcare organisation has a designated data protection officer whom you can contact if you suspect that your information has been used without permission.
- Healthcare organisations are also required to draw up a self-monitoring plan to ensure compliance with accepted practices.
- Healthcare professionals are subject to a strong code of ethics to which they must express commitment while still a student.
Monitoring and supervision of information processing
Privacy protection and the legality of the information processing are monitored by healthcare units, pharmacies and Kela.
To enable retrospective checks, log files are kept about the use and release of data. The log data are based on identified users (personal authentication card), and there must be a justified reason for handling the data. If there are grounds to suspect that there has been unauthorised access to data, this makes it possible to discover who handled the data and what were their reasons for doing so.
In Finland, health care providers and pharmacies must designate staff to serve in a monitoring and follow-up capacity and ensure that all staff members receive sufficient training in data security.
You can check how your personal information is handled
You can check how your personal health and prescription information is used and to whom it is released. You can see on My Kanta which healthcare units or pharmacies have handled your prescription and health information. Also, you can ask the data controller to specify who have handled and viewed your information. Access to the information requires an existing treatment or patient relationship and the patient’s consent.
Data protection and the handling of personal data at Kela
Kanta services exercises due care in all its operations and ensures a high level of data protection and data security. The handling of personal data is based on the fulfilment of Kela’s statutory responsibilities.
The handling of personal data in the Kanta services is based on the fulfilment of Kela’s statutory responsibilities. Please refer to the privacy statements for details on the information for which Kela is designated as the data controller. For more information on client and patient data collected by social and health services, please consult the relevant service provider.
More information on how Kela handles personal information as part of benefit administration is available on Kela’s page on data protection.
Data protection and the handling of personal information by European pharmacies
Each European country that has been accepted to join the cross-border electronic prescription system has passed EU approval and has had its data protection and privacy practices audited.
Your data can only be processed by healthcare professionals who are authorised to process the data when dispensing your medicines. Data is not released to unauthorised persons. Each country is responsible for ensuring that healthcare professionals and service providers have adequate knowledge and skills to dispense your medicines.
When your data is transmitted from Finland to another European country, the responsibility for the correct processing of the data is also transferred.
The responsible parties are:
- the pharmacy where you buy your medicine
- the national contact point in Finland
- the contact point in the country where you buy the medicine.