Denial of consent to patient data sharing

Denial of consent to patient data sharing

With a denial of consent to data sharing, you can specify which of your data may not be disclosed to other health care service providers. The data subject to your denial(s) of consent to data sharing can only be accessed by that health care service provider in whose own patient register the data are stored.

The use of data will change as the wellbeing services counties begin operations

On this page we will explain the rules of using data after 1 January 2023.

You may issue a denial of consent to data sharing:

  • for a specific service transaction  
  • for a specific public health care service provider, i.e. a wellbeing services county
  • for the patient registers of a public service provider
    • for public health care
    • for occupational health care

Please note that a single service transaction may consist of several appointments, procedures and contacts relating to the same issue. If you issue a denial of consent to sharing patient data concerning a specific service transaction, then that denial will apply to any entries related to that transaction that have been made and will be made later.

How will denials of consent work with the wellbeing service counties?

When you issue a denial of consent to sharing patient data, your data may not be disclosed to another wellbeing services county or to any private health care service provider. The denial also applies to sharing of data between different registers of the same service provider. The denial does not prevent the use of your data in health care services within your own wellbeing service county.

Public health care and social services in Uusimaa will be organised by six regions. You may also restrict the sharing of patient data between the regions of Uusimaa, the City of Helsinki’s health care and social services and the Hospital District of Helsinki and Uusimaa by setting up a denial of consent to data sharing.

What will happen to denials of consent concerning previous public service providers?

Before the wellbeing service counties began operations, it was possible to issue a denial of consent to data sharing in public health care for the health centre in your home municipality, for instance. Such previously issued denials will continue to prevent the sharing of data with other service providers.

Denials of consent that you may have issued earlier only apply to the data in the register for which you issued such a denial, such as the data held by your health centre. In other words, not all such denials will cover all the new data that will be created within your wellbeing services county.

If you want to ensure that none of your data in health care services in your wellbeing services county will be shared, you must issue a denial of consent to data sharing for the health care register of your wellbeing services county.

Read more about how service provider-specific denials of consent apply in the various wellbeing services counties.

Denials of consent in private health care

In private health care, you may only issue denials of consent to data sharing for specific service transactions. You may not issue blanket denials of consent to cover all data held by a specific service provider or in a specific register.

There may be several service providers within a particular private health care organisation. Each service provider has its own patient register for entering patient information.

If you issue a denial of consent to data sharing for a specific service transaction in private health care, then none of the data concerning that transaction may be shared via Kanta to any party outside that private health care service provider. Data may also not be shared through Kanta between patient registers within that organisation.

For more information on data sharing in the patient information system of a private health care service provider, please consult that service provider.

Where can I issue a denial of consent to data sharing?

You can issue a denial of consent:

  • on the My Kanta Pages or
  • when visiting a health care facility. You will also be able to request a printout of a summary of your currently valid denials of consent.

You can view your currently valid denials of consent on the My Kanta Pages. If you issue a denial of consent to data sharing when visiting a health care facility, that denial will be visible on the My Kanta Pages once the facility has entered it into the Kanta Services.

You may revoke a denial of consent at any time.

When is it not possible to deny consent to data sharing?

You cannot issue a denial of consent to data sharing between health centres in the same wellbeing services county, for instance, because they use the same patient register.

Please note that if you have denied consent to the sharing of your patient data, the data may nevertheless be shared in the event of an emergency if you have separately and specifically consented to that. Also, despite any denial of consent, your patient and client data can be accessed by the authorities if they have a legal right to do so.

If you are receiving care as an outsourced service, the service provider providing the care has the right to access any patient information that is relevant for the care being given to you. You cannot deny consent to data sharing in such a case.

Last updated 5.12.2022