E-prescriptions have been issued since 2010. In 2017, the number of prescriptions issued was 31.9 million, which resulted in 61.4 drug dispensing events. Kela’s Kanta services received about 80 log data requests from the Prescription Centre in 2017.
In relation to the number of prescriptions issued and dispensed, Kela has received very few data requests. Last year Kela did not receive any notifications of misuse of data recorded in the Prescription Centre. As the controller, Kela requires that the social welfare and healthcare units, self-employed professionals and pharmacies that have joined the Prescription service report any suspected or verified cases of misuse.
Patients have the right under the law (the Personal Data Act and the Act on Electronic Prescriptions) to
- check the details stored on them in the Prescription Centre
- demand that incorrect information is corrected
- obtain information on who has handled and viewed their prescription data.
Information specifying the social welfare and healthcare units or pharmacies that have handled the prescription data can be obtained in two ways. The patient can look it up in My Kanta Pages or submit a log data request to Kela. If, after receiving the information, the patient considers that their prescription data has been handled without a valid reason, they can request that the pharmacy or social welfare or healthcare unit that may have handled the prescription data without a valid reason shall investigate the matter.
By making a Prescription Centre log data request to Kela, the patient will also receive information about the persons who have viewed or handled the prescription data. Requests for log data in the Prescription Centre are made in writing on Kela’s official forms, which are available from healthcare units, pharmacies and Kela offices. However, the patient is not entitled to receive the log data if the person submitting the log data knows that the disclosure of the log data may compromise the client’s health or treatment or someone else’s rights.
The log data request for health data shall be submitted to the data protection officer of the healthcare unit where the data has been handled. The client may request an account of the use of data and the log data of persons who have viewed or handled their data.