The Social Insurance Institution of Finland
Nordenskiöldinkatu 12, 00250 Helsinki
Postal address PO Box 450
Postal code 00056
Phone number 020 634 11
Person responsible for register-related issues or contact person
Data Protection Officer for Kanta Services
Name of register
User data register of the Kanta Personal Health Record
Purpose of processing of personal data / purpose of use of the register
Based on the agreement between the Ministry of Social Affairs and Health and the Social Insurance Institution of Finland, Kela acts as the register controller of the My Kanta Pages Personal Health Record, which is part of the national information system services in health care (the Kanta Services), with respect to the user data of the My Kanta Pages Personal Health Record.
The purpose of the register is to enable the storage of citizens’ (users) wellbeing data in a national centralised My Kanta Pages Personal Health Record. Kela is responsible for the technical operation of the service so that the wellbeing data cannot be processed or shared against the law.
Data in the My Kanta Pages Personal Health Record will be retained until the user has removed the data themselves or until otherwise prescribed by law.
Data content of the register
Information saved in the register with regard to the users of the My Kanta Pages Personal Health Record:
- user’s personal identity code
- information about the user rights granted by the user to the applications (right to read and enter measurement data).
Regular information sources
The data entered in the service is received from the user him/herself.
Regular disclosure of data and transfer of data outside the EU or the European Economic Area
The data in the register shall not be shared with outsiders. Data shall not be transferred outside the EU or the European Economic Area.
Principles of protection of the register
The data saved in the register shall be kept confidential.
Organisational protection principles
Kela for its own part monitors and supervises the legality of data processing. Kela has appointed a Data Protection Officer for the monitoring and supervision task.
Kela provides written instructions on the processing of data in the register and takes care of sufficient expertise and competence of its staff.
Kela takes the necessary measures of its own accord if the data entered in the register has been processed illegally.
Technical protection principles
The processing of data in the register requires strong authentication that identifies the controller, as well as user rights management related to the system.
Information about all actions of data processing by the user and in relation to Kela’s maintenance measures is saved in the log of the Kanta PHR.
Physical protection principles
The data recorded in the register is technically protected to prevent editing and deleting.
Kela’s IT areas and the physical location of data are in Finland. Members of Kela’s technical maintenance staff have limited access to the IT areas when the management of their duties requires such access.
Access to the data
The user may view the data they have entered in the Kanta PHR themselves via My Kanta Pages.
Right to lodge a complaint to the regulatory authority
If the user of the service deems that the processing of their personal data breaches the applicable data protection regulations (Articles 12–22 of the EU’s General Data Protection Regulation), the user of the service is entitled to lodge a complaint to the competent regulatory authority. In Finland, the regulatory authority is the Data Protection Ombudsman.
Right to request rectification of data
The user of the service is personally responsible for their wellbeing data they have entered, as well as for ensuring that the data is correct.
Right to transmit the data from one system to another
The user of the service is entitled to request the wellbeing data they have entered in the Service in order to transmit it to another system.