Patients must be informed about electronic prescriptions and Patient Data Repository in advance. The law also guarantees that patients are entitled to check the information stored on them. Patients also have the right to information as to where their medical records have been given between healthcare organisations.
There are some differences in the rights between electronic prescriptions and the Patient Data Repository. For the sake of clarity, patients' rights in electronic prescriptions and the Patient Data Repository are on their own respective subpages.
An exception is the Data Management Service, which in the future will be the repository of information, consents and refusals concerning electronic prescriptions, as well as other expressions of patients' wishes (e.g. living will) from the Patient Data Repository.
At the moment, the Data Management Service contains the information, consents and refusals from the Patient Data Repository. That is why the section on the Data Management Service is currently situated under the Patient Data Repository.
Patient rights in Patient Data Repository
You may need treatment somewhere other than your own locality. Your consents and refusals influence how and where your patient records are available when you need medical care.
Patients have the right to be informed about the archiving of their medical records at the stage when the Patient Data Repository is deployed in the healthcare system.
Information on the Common Register
The Common Register is the communal aggregate of patient records registers of all municipal healthcare register controllers in the Healthcare District.
The patient must be informed about the municipal patient records register and the associated possibility that in a treatment situation medical records in various part-registers may be disclosed to other service providers in the Common Register without a specific patient consent being required. Patients must also be informed that they can refuse to have their records passed between register controllers and registers. The information may be given orally or in writing.
Disclosure of information from the Common Register
Medical records from various operational units stored in the Common Register may be disclosed without patients' consent after they have been informed about the Common Register, and when they have a treatment relationship with the unit requiring the information.
Patients have the right to refuse to have their medical records passed between different operational units belonging to the Common Register. Patients may refuse to allow the municipal use of their medical records altogether. They may also limit their refusal so that it concerns records connected with a particular unit, register, in-patient period, or individual visit.
The refusal is in force until further notice and can be cancelled at any time. The refusal can be given in any unit using the Common Register. Later, the refusal can also be entered through My Health Information.
Information on Patient Data Archive and patient data management service
Patients must be informed about the Patient Data Repository at the time of the first service event. They must be told about the conditions of disclosing information stored in the Patient Data Repository, as well as how they can influence how their records are handled and other issues important for the patient. Patients must also be told how their information stored in the Patient Data Repository is protected, operational principles of data systems, and their administrators.
The information can be provided either verbally or in writing. The information may be given by a healthcare receptionist, nurse or doctor. The procedures vary between units. The patient him/herself can acknowledge receipt of the information in the My Kanta service or via another electronic service.
Handling information stored in Patient Data Repository
The national Patient Data Repository will be deployed in phases in different parts of Finland. Patient records will also be transferred into the archive in stages.
Medical records stored in the Patient Data Repository may only be used by healthcare employees who have access rights to the archive. The treatment relationship is also verified electronically.
Medical records stored in the Patient Data Repository are available to the operational unit that has entered the information. If patient records are disclosed to another unit, the patient's consent is required. If patient records are retrieved from another unit's patient register, it constitutes disclosure, for which the patient's consent is also required.
Before giving their consent, patients must be given information about the records stored in the national archive service and their use, and the fact that patients can limit disclosure of their information. A consent given by the patient is valid until further notice and covers all medical records already held in the Patient Data Repository, as well as any records entered into it later.
Refusal of consent to disclosure
Patients may limit the coverage of their consent by entering a refusal. They can refuse the use of e.g. records relating to a specific treatment visit or a certain healthcare unit.
Consents connected with the Patient Data Repository must be given in writing. Official consent forms are available from healthcare services and they have to be signed by hand. A consent or a refusal can be made in person in a healthcare unit or at the internet through My Kanta pages. Because the Patient Data Repository will be deployed in phases, consents can only be given in healthcare units that have already deployed the service.
Right to examine own information
Patients are entitled to
- check the information stored on them in the Patient Data Repository and in the patient data management service
- find out who has used information stored on them in the Patient Data Repository and in the patient data management service and who this information has been disclosed to
- demand that incorrect information is corrected.
Requests to check patient data and log data requests are sent to the custodian of the data. The custodian of patient documents is the healthcare service provider, under the name of which the documents (e.g. medical records) have been created and recorded. A log data request can also be sent to the healthcare unit that has received patient data from the repository. If there is an error in the data, the correction request shall be addressed to the healthcare service provider (custodian) that made the error.
The custodian of the patient data management service is Kela. Patients are entitled to request from Kela data that has been recorded in the patient data management service, including
- information about the fact that a patient has been informed of the nationwide patient data management service (Kanta services)
- patient’s consent to sharing patient data
- withdrawal of consent
- refusals to share patient data
- withdrawals of refusals to share information
Checking and log data requests concerning the patient data management service shall be made in writing using official Kela forms. These forms are available in healthcare units using Kanta services, pharmacies and Kela’s offices.
If the patient wishes to receive the log data on the handling of their patient data, they must contact the healthcare service provider that has created the patient data or that has received the patient data.
Kela is unable to provide log data on the handling of patient data as, by law, the provision of this data is the responsibility of the healthcare service providers.