Privacy policy for Log register of My Kanta Pages Personal Health Record

Privacy policy for Log register of My Kanta Pages Personal Health Record

This is a valid Privacy Policy for Log register of My Kanta Pages Personal Health Record. The policy was updated on October 24, 2018.

Controller

The Social Insurance Institution of Finland

Nordenskiöldinkatu 12, 00250 Helsinki
Postal address PO Box 450
Postal code 00056
Phone number 020 634 11

Person responsible for register-related issues or contact person

Data Protection Officer for Kanta Services
kanta@kanta.fi

Name of register

Log register of My Kanta Pages Personal Health Record

Purpose of processing of personal data / purpose of use of the register

Based on the agreement between the Ministry of Social Affairs and Health and the Social Insurance Institution of Finland (hereinafter Kela), Kela acts as the data controller of the My Kanta Pages Personal Health Record service, which is part of the national information system services in health care (the Kanta services), with respect to the log data in Kanta PHR.

The data in the log register of Kanta PHR is used for verifying the legality of data entered in Kanta PHR in Kela and for settling problem situations in the service.

More detailed provisions concerning the storage time of log data created in the processing of wellbeing data shall be established in a decree by the Ministry of Social Affairs and Health.

Data content of the register

The register includes the following data:

  • time of event
  • the personal identity code of the person whose data processing the log entry concerns
  • the event giving rise to the log entry
  • identifier of the wellbeing application that has requested data processing
  • identifier of the party that has requested data processing (the person themselves)
  • usage type
  • identifier of certificate used in the event
  • user rights of the wellbeing application that has requested data processing
  • search criteria
  • end result of the event
  • returned error code
  • internal error code and reason
  • amount of data returned in the search results
  • identifier of the processed data
  • type of processed data
  • additional information of the processed data.

Regular information sources

Logged data is stored in the log register when the user logs into the service and when they use the Kanta PHR service (storage, browsing, updating, deleting of wellbeing data).

Regular disclosure of data and transfer of data outside the EU or the European Economic Area

No regular disclosure.

Data shall not be transferred outside the EU or the European Economic Area.

Principles of protection of the register

The data in the log register contains confidential personal data.

Organisational measures

For its own part, Kela monitors and supervises the lawfulness of data processing. Kela also has a self-monitoring plan to ensure data protection and data security.

Kela takes the necessary measures of its own accord if the data entered in the register has been processed unlawfully.

Technical protection

The processing of data in the register requires strong identification that identifies the data controller, as well as the management of access rights related to the system.

The logged data is only utilised in problem situations in accordance with Kela’s described process by the Data Protection Officer or a special working group. Only designated members of Kela’s personnel have access to the data recorded in Kanta services.

Physical protection of environments and devices

The logged data is technically protected to prevent editing and deleting.

Kela’s IT areas and the physical location of data are in Finland. Kela’s technical maintenance staff have limited access to the IT areas when the management of their duties requires such access.

Last updated 24.07.2020