The Kanta Services have considerably increased transparency in the processing of data. Previously, it was not easy for patients to access information that has been recorded on them in the healthcare services. Now this data can be checked in My Kanta Pages. The service also makes it possible to see when and which healthcare unit has processed the information.
The names of persons who have processed the data are not accessible in My Kanta Pages due to the privacy protection of healthcare professionals. In addition, the rights and protection of professionals must always be taken into account when sharing log data. Log data is not shared, for example, if the sharing of data may jeopardise the safety of the professional in question.
Monitoring and control of data processing
Under the Act on Electronic Prescriptions, Kela, healthcare units and pharmacies must maintain control measures regarding access to and handling of information in the Prescription Centre, in order to safeguard the confidentiality of patient information. As the controller of the registers, Kela is responsible for the overall monitoring and control of Prescription Centre and Prescription Archive use. Under the Act, healthcare units and pharmacies must oversee the use of the Prescription Centre in their own organisation.
All actions performed in the Prescription Centre leave a record in the Prescription Centre user log. Patient record and pharmacy systems must also maintain a log of actions their users carry out in the Prescription Centre. If necessary, the patient record and pharmacy system logs must also have the capacity to show for what purpose the information retrieved from the Prescription Centre was used.
By law, healthcare units must monitor the use of patient data within their own organisation. To ensure data security, the healthcare units draw up a self-monitoring plan and manage access rights and log monitoring according to the plan. The Finnish Institute for Health and Welfare has issued regulations concerning the certification of data systems related to the Kanta Services and the self-monitoring plan of service providers (thl.fi, available only in Finnish)
Patients' control facility
Patients themselves are able to monitor the use of their information. They can monitor the use and viewing of their information at organisation level through My Kanta pages. In addition, they have the right to obtain from Kela information, based on logs, on who have handled and viewed any of their personal records stored in the Prescription Centre and Prescription Archive.
The log information is available for a period of two years. Information older than two years is disclosed only when the person has a justifiable reason for obtaining such information. A request to examine the log information should be made on an official Kela form available from pharmacies, Kela offices and healthcare units that have joined the electronic prescription system. The form must be signed and submitted to Kela. After receiving the request Kela will as quickly as possible provide the information in writing to the person making the request.
Penalties for misuse
The healthcare unit or pharmacy shall take necessary measures on their own initiative if an unauthorised person has viewed, used or disclosed patient data or the data in the Prescription Centre. These measures may include a warning as defined in employment legislation, withdrawal of user rights, dismissal from or termination of employment or, if necessary, reporting the incident to the police.