If you have given your consent to data sharing, your patient data will be shared between wellbeing services counties or between public and private health care providers in connection with your care. The transfer of data between different health care providers is also referred to as data sharing.
If you wish, you can restrict the sharing of your data by setting up a denial of consent to data sharing. The data that is subject to your denial(s) of consent to data sharing can, however, be accessed by the health care service provider on whose patient register the data are stored, such as a wellbeing services county.
The client can issue a denial of consent to data sharing for
- all patient data
- a specific service event
- a specific public health care service provider, i.e. a wellbeing services county
- the health care and occupational health care registers separately
- a private occupational health care register
A single service transaction may consist of several appointments, procedures and contacts relating to the same issue. If you issue a denial of consent to sharing patient data concerning a specific service transaction, then that denial will apply to any entries related to that transaction that have been made or will be made later.
All denials of consent set on patient data, wellbeing services counties and individual registers apply to existing data and to data that will be generated in the future.
From January 2024, denials of consent can be set up for all patient data and private occupational health care registers. In health care, it is only possible to apply these denials of consent once the necessary changes have been made to the service provider's information system.
Use of data in emergencies
When setting up a denial of consent, you can give permission for your data to be shared to other service providers in an emergency, even if you otherwise prohibit the sharing of your data. An emergency situation refers to a situation in which you are unconscious due to an accident or illness, for example.
How do the denials of consent work?
Your patient data is primarily shared with other health care operators through the Kanta services. If this is not possible, your data may be shared, for example, on paper or by other electronic means.
From 1 January 2024, data other than those stored in Kanta can be transferred with a transfer permit. However, health care must take into account the denials of consent you have set up, both for the data stored about you in Kanta and for data that is shared in other ways.
When you issue a denial of consent to patient data sharing, your data may not be disclosed, for example, to another wellbeing services county or a private health care provider. The denial of consent does not prevent the use of your data in health care services within your own wellbeing service county. If the wellbeing services county provides occupational health care services, the denial of consent may prevent the flow of information between the wellbeing services county's occupational health care and other health care.
- Example: You set a denial of consent to data sharing for an individual appointment at a health care centre. If you later visit a private health care provider or another wellbeing services county for treatment, the new physician treating you will not be able to see the data entered for the appointment for which you set a denial of consent to data sharing. However, the appointment at the health care centre that was subject to the denial of consent to data sharing will be visible in your wellbeing services county’s public health care system if your treatment so requires.
How do the denials of consent work within the Uusimaa region?
In the region of Uusimaa, public health care and social welfare services are organised by four wellbeing services counties, the City of Helsinki, and HUS. You can also use a denial of consent to data sharing to restrict the sharing of your patient data between these actors.
If you set a denial of consent to all patient data sharing, this will replace any other prohibitions you have set, and you will not be able to impose new specific denials of consent. However, denials of consent that you have set previously, such as appointment-specific and register-specific denials of consent, will remain saved. If you revoke your denial of consent to all patient data sharing, the specific denials of consent set previously will once again come into effect.
Within a private health care organisation, patient data may be contained in one or more registers. Contact the private health care service you use if you want to know how your patient data is transferred within the organisation in question, and how you can restrict the sharing of your data by setting up denials of consent.
If you have issued a denial of consent to data sharing for a specific service transaction in private health care or for an occupational health care register, then none of the data concerning that transaction may be shared via Kanta to any party outside that private health care service provider.
Where can I set a denial of consent to data sharing?
You can set a denial of consent
- in MyKanta
- when visiting a health care facility.
If you set up a denial of consent to data sharing when you visit a health care facility, you have the opportunity to receive a printed summary of your denials of consent.
A new version of MyKanta has been published. We will gradually introduce MyKanta functions in the new version. You can set up denials of consent to data sharing concerning all patient data and the private occupational health care register in the new version of MyKanta. Other denials of consent can be set up in the old version of My Kanta. This arrangement is temporary. In the future, you will be able to manage all of your consents and denials of consent in the new version of MyKanta.
You can view your current denials of consent in MyKanta. If you set up a denial of consent to data sharing when you visit a health care facility, that denial will be visible in MyKanta once the facility has entered it into the Kanta Services.
You may revoke a denial of consent at any time.
When is it not possible to deny consent to data sharing?
You cannot set a denial of consent to data sharing between health centres in the same wellbeing services county, for instance, because they use the same patient register.
Also, despite any denial of consent, your patient and client data can be accessed by the authorities if they have a legal right to do so.
If you are receiving care as an outsourced service, the service provider providing the care has the right to access any patient information that is relevant for the care being given to you. You cannot deny consent to data sharing in such a case.