The Repository plays a central role in passing information between healthcare service providers. Citizens can see the data recorded by the healthcare units in the My Kanta service. The patient records are archived in a technically uniform format, which enables the transferability of the data from one system to another and improves the accessibility of information in operational units involved in the patient's care.
Patient data management service
A national patient data management service is maintained as a part of the archive service. Information about patients’ declarations of intent and consents is recorded in the patient data management service, including
- information about the fact that a patient has been informed of the nationwide information system services (Kanta Services)
- patient’s consent to sharing patient data
- withdrawal of consent
- refusals to share patient data
- withdrawals of refusals to share information
- declarations of intent.
The data management service holds information that is important for the patient's care, such as a living will or the patient's wishes regarding organ donation for another person. Through the service, healthcare units also have access to the patient's main health information.
The healthcare unit that has entered a patient's medical records in the national Patient Data Repository is the register controller of the data it has created. The register controller of the consent forms and expressions of clients' wishes entered in the Data Management Service is Kela. In the event of organisational changes, the register controller is responsible for ensuring that the register controller details of any data stored in the system are altered according to the new situation.
Information disclosed from Patient Data Repository only with consent
The medical records stored in the Patient Data Repository are available for use by the register controller that has entered the information. If patient records are retrieved from another controller's register, it constitutes disclosure, for which the patient's consent is required. The consent given by the patient is valid until further notice and covers all medical records already held in the system, as well as any records entered into it later. However, patients can limit the coverage of the consent with a separate refusal of consent. The refusal can be specified to concern a certain service event or service provider's records.
Before the consent is given, the healthcare service informs the patient about the national data system services, information stored in the archive service and their permitted uses, as well as the option of restricting disclosure of their information.
The Patient Data Repository log and control services help to ensure that patient records are used in compliance with data security and legislation. All uses and disclosures of patient records are entered in a log which permits ex-post control.
Certification by digital signature
All data transfers between the healthcare system and Patient Data Repository are encrypted.
The user roles and rights to access patient records of healthcare professionals using the patient record systems are managed locally in the healthcare organisations. The persons accessing the systems are identified, and they log into the systems with their own healthcare professional cards. The data entered into the archive is digitally verified.