Authorisation for the outsourcing service provider

Authorisation for the outsourcing service provider

Authorisation for an outsourcing service makes it easier to share patient data between the outsourcing service provider and the outsourcing service organiser. The authorisation allows the service provider to store patient data directly in the service organiser’s Patient Data Repository.

The Kanta Services’ authorisation function allows patient data generated by the outsourcing service to be transmitted between the service organiser and service provider electronically and securely.

It is important for data to flow smoothly when a healthcare service provider purchases a service from an external provider. When a service is outsourced, the patient is always treated on behalf of the service organiser, so the patient data generated in connection with the treatment provided as an outsourced service are belong in the service organiser's patient register.

Authorisation for an outsourcing service allows

  • the service provider to store patient data directly in the service organiser’s register in the Patient Data Repository.
  • the service provider to access the service organiser's patient register to access any information that is necessary for the implementation of the treatment. The data can be accessed by the service provider regardless of whether the patient has restricted the sharing of their data.

​​​​​​How does authorisation of an outsourcing service provider work?

In practice, the authorisation for the outsourcing service provider is a form with which the service organiser assigns rights to the service provider (access or storage rights).
The authorisation document is stored in the Patient Data Repository. The document is stored through a patient data system or a separate service voucher system. as the authorisation also covers the outsourcing services provided using service vouchers.

Authorisation is given separately to each service provider

The organiser of the outsourcing service stores authorisations for the outsourcing service separately for each service provider. The Patient Data Repository does not support the chaining of outsourcing services, i.e. a situation wherein an outsourcing service provider procures the service by subcontracting from a third party. In such situations, the service organiser will instead record separate authorisation for the subcontractor.

Authorisation of an outsourcing service provider can be patient-specific or register-specific

Depending on the nature of the outsourcing service, the authorisation document can be either patient-specific or register-specific.

A patient-specific authorisation is used when an outsourcing service or voucher-based service is provided for a specific patient.

A patient-specific authorisation allows the outsourcing service provider

  • to access either all patient documents or specific patient documents indicated in the authorisation stored for the patient in question by the service organiser in the Patient Data Repository.
  • to archive the documents of the patient in question directly in the service organiser's register in the Patient Data Repository.

Register-specific authorisation is intended for situations in which patients cannot be identified in advance. For example, out-of-hours emergency services, laboratory services or imaging services may be outsourced from an external provider. In this case, authorisation can be issued for an entire register so that it applies to all patients included in the organiser's patient register.

Register-specific authorisation allows the outsourcing service provider

  • to access all the service organiser’s patient documents of the service organiser in the Patient Data Repository. (More specific restrictions are not possible, so the provider can only have either full access to data or none at all.)
  • to archive all patient documents generated by the outsourcing service directly in the service organiser's register in the Patient Data Repository.

The authorisation system for the outsourcing service provider is under ongoing development

The Kanta Services are developing the authorisation system for the outsourcing service so that it better meets the needsof outsourced healthcare service organisers and providers.

New functionalities in outsourcing service provider authorisation

The upcoming updated authorisation of outsourcing service providers will make it easier, for example, to organise voucher-based outsourcing services. In the future, a service organiser can create an open authorisation for each patient. This allows the provider to later link themselves as an authorised outsourcing service provider at the patient’s request. The patient can also view their service vouchers in My Kanta.

In addition, the organiser may transfer information about the provided service to the service provider using the authorisation.

The authorisation of outsourcing service providers is to be extended to imaging data

In the future, authorisation for outsourcing service providers will also cover imaging data stored in the Archive of Imaging Data. An outsourced imaging service provider will have access to the imaging results stored the service organiser's register. In addition, the authorisation of outsourcing service providers makes it possible to store the images directly on the service organiser's register.

Are you planning the deployment of the authorisation function for outsourcing service providers?

Read the instructions and support materials.

Further information

Last updated 17.10.2022