The requirements for the organisation in order to deploy the client data archive for social welfare services:
- the organisation has started complying with the national definitions in the recording of client work
- the information system used for processing client data has been approved as Kanta-compliant, i.e. it is certified
- the requirements of Kanta services have been implemented.
The certification process consists of three entities:
- The functional requirements that the supplier verifies before joint testing.
- Interoperability, which is verified in Kela’s joint testing.
- Data security, which is verified by an assessment body approved by the Finnish Communications Regulatory Authority.
The key requirements concerning the functionality, interoperability and data security of the social welfare and healthcare services apply to all client and patient data systems. In addition, functionalities in compliance with the Kanta definitions must be built into information systems related to Kanta services. These functionalities are described in the definitions for the client data archive for social welfare services.
Testing is an essential part of the technical preparation. As part of the certification, systems joining the Kanta services must pass Kela’s joint testing before the system is taken into production use. Joint testing is carried out by the first organisation to deploy the client data archive for social welfare services using the new data system. A list of the information systems approved for use in joint testing is available on the Kela joint testing pages.
All suppliers of information systems intended for the processing of client and patient data are obliged to notify Valvira of information systems that are deployed for production use: Valvira is responsible for maintaining the register concerning these systems. Enquiries concerning the register and information systems can be sent to email@example.com.
Requirements for joining as a client for Kanta services:
- the self-monitoring plan is updated
- the requirements for data protection and data security practices have been implemented
- operating models that are harmonised at the national level have been deployed
- training has been provided for the staff
- administrative measures in relation to the start of the client account and the deployment of the service have been carried out
- operating models during production have been agreed.
Data security, self-monitoring and certification
Social welfare service providers ensure through self-monitoring that they have appropriate data security practices in place in order to protect sensitive client data. Taking care of data security in an appropriate way in the operating environments of the information systems is also part of self-monitoring.
The obligations for drawing up a self-monitoring plan are described in legislation. THL has issued a provision on the requirements of the self-monitoring plan and the reports to be included in it, and the implementation of the plan is the responsibility of the director in charge in the operating unit. The supervisory authorities are entitled to carry out inspections in relation to self-monitoring.
Self-monitoring is also related to the certification and requirements of information systems and Kanta transmission services. Some of the requirements of self-monitoring are related to the use of nationwide Kanta services.
With the various sectors of self-monitoring, it is possible to manage risks especially in relation to data security. A key objective is that professionals who provide services are familiar with and take into account the procedures related to data protection and data security in the processing of client and patient data.
Certificates and registers
Deployment of the service requires up-to-date details in THL's SOTE organisation register and the deployment of the certification services of the Population Register Centre.
Registering of organisations
All operating units in social welfare and healthcare services and the service units of the operating units joining the Kanta services are gathered in the THL SOTE organisation register. The register is used for identifying and administering the parties that have joined Kanta services. Public social welfare services will notify the organisation’s details directly to the THL SOTE organisation register.
Information of private social welfare services in the Valveri register
The use of Kanta services requires that private social welfare service providers have their up-to-date licence details in the Valveri register, from where the information is transmitted to the Code Service maintained by THL. Social welfare service providers join the Kanta services with the information in the Code Service.
Certification services of the Population Register Centre
The Population Register Centre (PRC) provides certification services for social welfare and healthcare services. The certificates enable reliable identification and electronic signatures of persons working in social welfare and healthcare services. The implementation of data protection and information security in the Kanta services requires strong electronic identification.
Certificates are needed for development (test certificates) and use during production. The certificates issued by PRC needed for joining and using the Kanta services are:
- Server certificate installed in the Kanta access point
- System signature certificate for signing all documents sent to Kanta that have not been signed with a professional’s certificate
- A professional card for social welfare and healthcare services that enables identification and electronic signing by professionals.
Support and guidance
Preparation events jointly organised by THL and Kela are held for service providers deploying the client data archive for social welfare services in accordance with the deployment schedules. The time schedule for deployment as well as registration instructions are available on the website for data management in social welfare services. The information system supplier shall take part in the event in accordance with the deployment schedule of its client.
It is an important task for the information system supplier to provide support for its customers in the deployment of the client data archive for social welfare services in accordance with their needs. This may mean, for example, organising training or enhanced client support concerning the system or its new functionalities in support of the deployment.