Private network safeguards data communications in Kanta Services
The Kanta Services have been updating the instructions on data communication links between the clients' technical access points and the Kanta Services. A private network connection must be used when joining the service in order to guarantee availability and quality of services.
Communication links between the Kanta Services and the information systems of clients joining Kanta can be implemented in different ways. However, all social welfare and healthcare service providers and pharmacies joining the Kanta Services must have at least one technical access point for connecting to the Kanta Services. The connection models are presented in the instructions produced by Kela, which were updated in early 2019.
“The instructions were updated in terms of the data communication links used in the access points. The data communication link between the Kanta access point and the Kanta Services must be implemented as a private network connection, such as an MPLS connection. A public internet access can be used only in exceptional cases for a justified reason,” says Anu Molander, Customer Relations Manager of Kanta Services.
The instruction “Technical connection models for the Kanta Services” applies to Kanta clients who are joining the Prescription Centre, the Patient Data Repository, the client data archive for social welfare services, Kanta PHR or the Archive of Imaging Data.
Better availability of services
With the use of a private network connection, efforts are made to guarantee higher quality and availability of services. The instructions were updated also for data security reasons because private network connections have a higher level of protection. Over the years, the Kanta Services have been subject to several denial-of-service attacks and hacking attempts.
“Public services are accessible by all, and Kanta Services may also be subject to suspicious internet traffic. In a public network, it is easy to try all sorts of activities hampering the services, but it is not possible to disturb the operations of a private network,” clarifies Juha Lappalainen, Service Manager of Kela’s Communications and Networking.
All Kanta access points used by social welfare and healthcare service providers must use a private network for data communications. Pharmacies are allowed to have a public network as the primary connection, with a private network being used as a backup system.
“Some pharmacies use a public network connection with their access point. However, they are also using a private network backup connection, which they can quickly take into use, if necessary, and switch the traffic between the pharmacy and the Kanta service away from the public network,” Molander explains.
Safe communication links
The Kanta Services are subject to the national specifications about secure production of services. All data communications between social welfare and healthcare service providers, pharmacies and the Kanta Services are encrypted, and strong two-way authentication or a signature certificate with the certificates of the Population Register Centre is generally used in communications. The validity of the certificates is verified automatically.
“That way, the authenticity of the parties is ensured both in the Kanta Services and on the client's side. Furthermore, we only allow communication from trusted sources, and we verify technically that the data communications of the services comply with the standards,” says Lappalainen.
A party joining the Kanta Services undertakes to comply with the service description and the general terms of supply of the Kanta Services. All social welfare and healthcare service providers, pharmacies and Kanta providers are obliged to monitor the realisation of data security in their own activities. Clients using Kanta Services must ensure the method of implementing the data communications of their own access point or the access point of the Kanta provider they are using.
“We request that clients using Kanta Services take the updated instructions for joining the service into account in their own operations and that the organisations acting in the role of Kanta provider take the requirements presented in the instruction into account in their own access points. Moreover, other cooperation bodies, such as the ICT service providers used by the clients, must take the instructions into account when assisting clients deploying the Kanta service with respect to their own access point solutions,” Molander explains.