In change situations, the new controller must be updated in the patient and client documents entered in the Patient Data Repository and the client data archive for social welfare services. The new controller must also be updated for restricted prescriptions in change situations. It is entitled to use the register data in its own operations as far as the transferred operations are actually continued and the register is utilised in its original purpose of use.
Planning and implementation of a controller change
A controller change is planned and carried out in cooperation with the service enabler, information system supplier, the Kanta Services and THL’s Code Service. The service enabler has the administrative responsibility for the change. The information system supplier, the Code Service and the Kanta Services are responsible for completing the change process in accordance with their own areas of responsibility within the jointly agreed schedule. Kela implements the change of controller by the assignment of the service enabler.
The service enabler together with its information system suppliers must decide on its own actions related to a change in organisation or controller, as well as their timing, e.g. any stopping of archiving.
The service enabler must take care of the necessary printing and backup of documents and ensure readiness for the use of the Archivist’s User Interface.
Change of controller in practice
In connection with deciding on the use of the Patient Data Repository, the client data archive for social welfare services or the Prescription Centre, the client organisation notifies of the change of controller on the change of notification form (pdf, in Finnish) at koodistopalvelu@thl.fi. The verified and signed form is sent from the Code Services to Kela for processing.
The schedule of the controller change shall be agreed with Kela. The schedule for changes of individual organisations carried out by Kela is available from the Schedule of controller changes (pdf, in Finnish).
In controller changes, Kela updates the controller data (active controller) for the records. A controller change can be carried out either at the operating unit or service unit level. The service enabler shall adjust the time of entering the change in controller data to fit in with Kela’s schedule and agree on the schedule with its partners. The supplier of the information system used by the service enabler shall make the corresponding change locally. The change must also include the data that has been produced before joining the Patient Data Repository or the client data archive for social welfare services.
The service enabler shall be responsible for ensuring that the change in controller data is made at the same time in the information system and in the Kanta Services. This will prevent error situations, for example, when archiving or correcting the data.
If necessary, it is possible to test the update of controller data in the Kanta client test service before the actual change takes place. Instructions for testing can be requested from kanta@kanta.fi.
Ensuring the availability of documents
After the change run, the service enabler shall verify at least the following in cooperation with the information system supplier:
- real-time availability of documents locally and from the Kanta archive
- the functioning of the administration of correction measures and refusals
- the functioning of internal registers (healthcare, occupational health service and social welfare)
- correct functioning of the impacts of customer’s refusals to share data
- the functioning of access rights of own controller and service enabler
- the possibility of correcting and/or invalidation of documents.
Informing citizen clients of a change of controller
In the event of a controller change or when an administrator is appointed for a register for future storage and administration, the citizen client must be notified of it. Unless otherwise agreed, the notification obligation remains with the body that, in future, will be responsible for the tasks of a controller by virtue of the Personal Data Act.