If you have given your consent to data sharing, your patient data will be shared between wellbeing services counties or between public and private health care providers in connection with your care. The transfer of data between different health care providers is also referred to as data sharing.
If you wish, you can restrict the sharing of your data by setting up a denial of consent to data sharing. The data that is subject to your denial(s) of consent to data sharing can, however, be accessed by the health care service provider on whose patient register the data are stored, such as a wellbeing services county.
The client can issue a denial of consent to data sharing for
- all patient data
- a specific service event
- a specific public health care service provider, i.e. a wellbeing services county
- the health care and occupational health care registers separately
- a private occupational health care register
A single service transaction may consist of several appointments, procedures and contacts relating to the same issue. If you issue a denial of consent to sharing patient data concerning a specific service transaction, then that denial will apply to any entries related to that transaction that have been made or will be made later.
All denials of consent set on patient data, wellbeing services counties and individual registers apply to existing data and to data that will be generated in the future.
From January 2024, denials of consent can be set up for all patient data and private occupational health care registers. In health care, it is only possible to apply these denials of consent once the necessary changes have been made to the service provider's information system.
Use of data in emergencies
When setting up a denial of consent, you can give permission for your data to be shared to other service providers in an emergency, even if you otherwise prohibit the sharing of your data. An emergency situation refers to a situation in which you are unconscious due to an accident or illness, for example.
How do the denials of consent work?
Your patient data is primarily shared with other health care operators through the Kanta services. If this is not possible, your data may be shared, for example, on paper or by other electronic means.
From 1 January 2024, data other than those stored in Kanta can be transferred with a transfer permit. However, health care must take into account the denials of consent you have set up, both for the data stored about you in Kanta and for data that is shared in other ways.
When you issue a denial of consent to patient data sharing, your data may not be disclosed, for example, to another wellbeing services county or a private health care provider. The denial of consent does not prevent the use of your data in health care services within your own wellbeing service county. If the wellbeing services county provides occupational health care services, the denial of consent may prevent the flow of information between the wellbeing services county's occupational health care and other health care.
- Example: You set a denial of consent to data sharing for an individual appointment at a health care centre. If you later visit a private health care provider or another wellbeing services county for treatment, the new physician treating you will not be able to see the data entered for the appointment for which you set a denial of consent to data sharing. However, the appointment at the health care centre that was subject to the denial of consent to data sharing will be visible in your wellbeing services county’s public health care system if your treatment so requires.
Read more about how service provider-specific denials of consent apply in the various wellbeing services counties.
How do the denials of consent work within the Uusimaa region?
In the region of Uusimaa, public health care and social welfare services are organised by four wellbeing services counties, the City of Helsinki, and HUS. You can also use a denial of consent to data sharing to restrict the sharing of your patient data between these actors.
If you set a denial of consent to all patient data sharing, this will replace any other prohibitions you have set, and you will not be able to impose new specific denials of consent. However, denials of consent that you have set previously, such as appointment-specific and register-specific denials of consent, will remain saved. If you revoke your denial of consent to all patient data sharing, the specific denials of consent set previously will once again come into effect.
Within a private health care organisation, patient data may be contained in one or more registers. Contact the private health care service you use if you want to know how your patient data is transferred within the organisation in question, and how you can restrict the sharing of your data by setting up denials of consent.
If you have issued a denial of consent to data sharing for a specific service transaction in private health care or for an occupational health care register, then none of the data concerning that transaction may be shared via Kanta to any party outside that private health care service provider.
Denials of consent to data sharing for specific service transactions, e.g. denial of access, that you have issued before 1 January 2023 will continue to function in the same way as before in all wellbeing services counties. They prevent the sharing of data with another service provider but do not prevent health care services within the same wellbeing services county from sharing your information.
If, prior to 1 January 2023, you issued a denial of consent to data sharing for a specific service provider (i.e. a specific register) that prohibited the sharing of all of your data held by one health centre, for instance, this denial prevents the sharing of the data with another service provider or another register.
Read below for more details on how an old denial of consent for a specific service provider’s register will work in your wellbeing services county.
In which wellbeing services counties will an old denial of consent for a service provider not cover new patient information?
In most wellbeing services counties, a denial of consent for a specific service provider issued by an individual before the wellbeing services county began operations will not apply to the new patient register of that wellbeing services county. If you do not want your patient information created in the new wellbeing services county to be shared with other service providers, you must issue a new denial of consent to data sharing for the wellbeing services county patient register.
This is the case in the following wellbeing services counties:
North Ostrobothnia, Lapland, Päijät-Häme, Eastern Uusimaa, Central Finland, Pirkanmaa, South Ostrobothnia, North Savo, Kanta-Häme, West Uusimaa, Southwest Finland, North Karelia, Satakunta, South Savo, and Vantaa and Kerava
Example:
Before the wellbeing services counties began operations, an individual issued a denial of consent to data sharing for health care and social services in Jyväskylä. This denial will not prevent the individual’s data from being used by health care services in the wellbeing services county of Central Finland as of 1 January 2023.
However, data for which an earlier denial of consent to data sharing has been set up under Jyväskylä’s former health care and social services will not be accessible to private healthcare service providers or other wellbeing services counties.
If the individual wishes to prevent the sharing of information created after the wellbeing service county began operations, the individual must issue a denial of consent to data sharing for the patient register of the wellbeing services county of Central Finland. This register incorporates the registers of all the service providers merged into the wellbeing services county.
Therefore, the new denial of consent to data sharing issued by the individual for the patient register of the wellbeing services county of Central Finland will cover not only the patient information of health care and social services in Jyväskylä, but also the information recorded in specialist medical care (Central Finland Hospital District) and in Äänekoski’s basic social security services.
In which wellbeing services counties will an old denial of consent for a service provider cover new patient information?
In some wellbeing services counties, a denial of consent for a specific service provider issued by an individual before the wellbeing services county began operations will also apply to the new patient register of that wellbeing services county. These wellbeing services counties are: Central Ostrobothnia, Central Uusimaa, Kainuu, Kymenlaakso, South Karelia, Ostrobothnia and HUS.
Example:
Before the wellbeing services counties began operations, an individual issued a denial of consent to data sharing for the Central Ostrobothnia Joint Municipal Authority for Social and Health Services (Soite). When the wellbeing services counties begin operations, this denial will extend to the patient register of the wellbeing services county of Central Ostrobothnia. The individual’s patient data, created both while Soite was still in existence and after the wellbeing services county began operations, will not be shared with other public or private health care service providers.
Where can I set a denial of consent to data sharing?
You can set a denial of consent
- in MyKanta
- when visiting a health care facility.
If you set up a denial of consent to data sharing when you visit a health care facility, you have the opportunity to receive a printed summary of your denials of consent.
A new version of MyKanta has been published. We will gradually introduce MyKanta functions in the new version. You can set up denials of consent to data sharing concerning all patient data and the private occupational health care register in the new version of MyKanta. Other denials of consent can be set up in the old version of My Kanta. This arrangement is temporary. In the future, you will be able to manage all of your consents and denials of consent in the new version of MyKanta.
You can view your current denials of consent in MyKanta. If you set up a denial of consent to data sharing when you visit a health care facility, that denial will be visible in MyKanta once the facility has entered it into the Kanta Services.
You may revoke a denial of consent at any time.
When is it not possible to deny consent to data sharing?
You cannot set a denial of consent to data sharing between health centres in the same wellbeing services county, for instance, because they use the same patient register.
Also, despite any denial of consent, your patient and client data can be accessed by the authorities if they have a legal right to do so.
If you are receiving care as an outsourced service, the service provider providing the care has the right to access any patient information that is relevant for the care being given to you. You cannot deny consent to data sharing in such a case.