In change situations, the new controller must be updated in the patient and client documents entered in the Patient Data Repository and the client data archive for social welfare services. It is entitled to use the register data in its own operations as far as the transferred operations are actually continued and the register is utilised in its original purpose of use.
Planning and implementation of a controller change
A controller change is planned and carried out in cooperation with the service enabler, information system supplier, the Kanta Services and THL’s Code Service. The service enabler has the administrative responsibility for the change. The information system supplier, the Code Service and the Kanta Services are responsible for completing the change process in accordance with their own areas of responsibility within the jointly agreed schedule. Kela implements the change of controller by the assignment of the service enabler.
The service enabler together with its information system suppliers must decide on its own actions related to a change in organisation or controller, as well as their timing, e.g. any stopping of archiving.
The service enabler must take care of the necessary printing and backup of documents and ensure readiness for the use of the Archivist’s User Interface.
Change of controller in practice
In connection with deciding on the use of the Patient Data Repository or the client data archive for social welfare services, the client organisation notifies of the change of controller on the change of notification form (docx, in Finnish) at email@example.com. The verified and signed form is sent from the Code Services to Kela for processing.
The schedule of the controller change shall be agreed with Kela. The schedule for changes of individual organisations carried out by Kela is available from the Schedule of controller changes (pdf, in Finnish).
In controller changes, Kela updates the controller data (active controller) for the records. A controller change can be carried out either at the operating unit or service unit level. The service enabler shall adjust the time of entering the change in controller data to fit in with Kela’s schedule and agree on the schedule with its partners. The supplier of the information system used by the service enabler shall make the corresponding change locally. The change must also include the data that has been produced before joining the Patient Data Repository or the client data archive for social welfare services.
The service enabler shall be responsible for ensuring that the change in controller data is made at the same time in the information system and in the Patient Data Repository or the client data archive for social welfare services. This will prevent error situations, for example, when archiving or correcting the data.
If necessary, it is possible to test the update of controller data in the Kanta client test service before the actual change takes place. Instructions for testing can be requested from firstname.lastname@example.org.
Ensuring the availability of documents
After the change run, the service enabler shall verify at least the following in cooperation with the information system supplier:
- real-time availability of documents locally and from the Kanta archive
- the functioning of the administration of correction measures and refusals
- the functioning of internal registers (healthcare, occupational health service and social welfare)
- correct functioning of the impacts of customer’s refusals to share data
- the functioning of access rights of own controller and service enabler
- the possibility of correcting and/or invalidation of documents.
Informing citizen clients of a change of controller
In the event of a controller change or when an administrator is appointed for a register for future storage and administration, the citizen client must be notified of it. Unless otherwise agreed, the notification obligation remains with the body that, in future, will be responsible for the tasks of a controller by virtue of the Personal Data Act.
In preparation for the introduction of wellbeing services counties on 1 January 2023, controller changes concerning documents stored in Kanta are being implemented in advance in 2022. This involves migrating documents stored in Kanta from the current controllers to the controllers and data files in the relevant wellbeing services counties.
Collaboration to agree on the controller changes has begun under the coordination of the ICT planning committee for the health and social services reform (soteuudistus.fi). Kela will convene collaboration meetings with each wellbeing services county. The meetings will be hosted in collaboration between the Finnish Institute for Health and Welfare and Kela and will take place between January and March 2022.
The aim is to agree on the practical aspects of the controller changes in order to ensure that wellbeing services counties’ social welfare and health care data files are migrated successfully. Each wellbeing services county has been asked to identify the controllers whose systems contain data files that need to be transferred to the new databases ahead of the meetings. Case-by-case investigations are under way to ascertain the implications for service providers that will fall under the management of a different wellbeing services county after the reform and service providers that will continue to be run by the municipality.
No official notifications of change of controller need to be filed with the Finnish Institute for Health and Welfare or Kela in this instance, and instead the changes will be implemented based on what is agreed with the wellbeing services counties.