In its capacity as a provider of information system services, technical and physical operating environments or Kanta access points, a Kanta provider has access to non-encrypted client data in connection with e.g. maintenance activities.
The Kanta provider draws up a data security plan to implement and ensure information security and proper customer data management.
- Regulation on the reports and requirements to be included in the information security plan 3/2024 (thl.fi, pdf, in Finnish)
- Security plan template (thl.fi, pdf, in Finnish)
The provider implementing the Kanta access point is called the Kanta provider. The service enabler uses Kanta access points provided by the Kanta providers to establish a connection between its own information system and the Kanta Services.
The Kanta providers are registered in the Provider Register of the Finnish Institute for Health and Welfare. The register collects information on those intermediaries who are authorised to act as Kanta providers when joining the Kanta services, but which are not pharmacies or organisations in health or social services. The Kanta provider included in the Provider Register can obtain a server certificate from the Digital and Population Data Services Agency (dvv.fi) for its access point.
The Provider Register does not serve as a register of provider contracts or authorisations, and only lists organisations who operate as Kanta providers.