The authorisation for the outsourcing service provider is a Patient Data Repository functionality which allows the service organiser to give the service provider the right to access the patient data stored in its register, and allows the service provider to store the patient data created in the course of the treatment in its own register.
The authorisation also covers the voucher-based provision of services.
The outsourcing service provider’s access and archiving rights to the patient register are determined with the authorisation of the outsourcing service.
Outsourcing service organiser
If a healthcare service provider is unable to provide a service itself, it may acquire the service as an outsourcing service from another service provider. In such a case, the service provider commissioning the service is an outsourcing service organiser.
Outsourcing service provider
The healthcare service provider from whom the service has been purchased acts as the outsourcing service provider and supplies the service commissioned by the service organiser. However, patient documents such as medical records, test results and reports will remain in the outsourcing service organiser’s register.
Contents of the authorisation of outsourcing service
The authorisation of an outsourcing service is a document with a form structure. This document is produced by the outsourcing service organiser before the outsourcing service commences at the stage when the outsourcing service provider is known. The authorisation document is saved in the Patient Data Repository and the information on the document is obtained from the patient data system or a separate system (service voucher).
The authorisation is always granted separately to a particular service provider. In addition to the service organiser and the service provider, the authorisation also determines, e.g. the validity, scope and type (patient-specific/population-level) of authorisation.
A population-level outsourcing service concerns a large population group where individual patients are not specified in advance (e.g. screening studies).
A patient-specific outsourcing service is arranged for an individual patient (e.g. procedure, operation).