Information security plan

Information security plan

The obligation to draw up an information security plan applies to all healthcare and social welfare service providers, pharmacies, Kanta delivery service providers, and Kela.

Through self-monitoring, the healthcare and social welfare service providers and pharmacies ensure that they have appropriate information security and data protection practices for protecting sensitive client data and that these practices are complied with when handling client and patient data.

Taking care of information security and data protection in an appropriate way in the operating environments of the information systems is also part of self-monitoring.

The service providers or pharmacies must have an up-to-date and documented information security plan before they can start using the Kanta Services. The information security plan must be drawn up in due time before joining as a user of the Kanta Services. The information security plan is not an appendix to the application for joining the Kanta services and will not be returned to Kela. 

Further information

Last updated 14.11.2023