Phases of certification of a new information system
Preparation phase
Start preparing for the certification of a new system by familiarising yourself with THL’s regulations and guidelines (thl.fi) (in Finnish), which describe the requirements related to the functionality, interoperability and data security of health care information systems or wellbeing applications. Based on THL’s regulations, information system profiles must be identified for the information system based on its intended purpose.
Read more about the requirement specifications, data contents and technical guidelines for information system providers published and maintained by Kanta Services.
The Act on the Processing of Client Data in Healthcare and Social Welfare 703/2023, i.e. the Client Data Act (finlex.fi) (in Finnish), brings together the statutes concerning data protection and secrecy, rights of access and disclosure of client data, document processing, client and patient documents, national information systems, and control of information management.
An information system conforming to the Client Data Act can only be deployed once its data can be found in the social welfare and health care information system database maintained by Valvira.
System development phase
Thorough testing
In the information system’s design and development phase, comprehensive testing of the system’s functionalities is important in order to have as complete and functional a system as possible when actual joint testing of Kanta interoperability begins.
The functionalities of the information system must also be tested independently against the Kanta client test environment before joint testing. The Kanta Services will provide a free browser-based validation service for HL7 CDA R2 documents for checking the data structures of documents to be stored in Kanta.
Join the client test environment
You join the client test environment from the test environment. Learn more about the client test environment and the applications to join.
Read about the release schedule
The publication schedule for the Kanta Services includes the schedule for development phases for statutory functionalities as well as the deployment deadlines for social welfare and health care providers. The publication schedule is updated 3–4 times a year.
Learn about data security requirements
THL’s regulation on key requirements includes data security requirements for information systems intended for the processing of client and patient data or wellbeing data.
The obligation to draw up an information security plan applies to all social welfare and health care service providers, pharmacies, and Kanta intermediary service providers. The regulation concerning the information security plan and a template for this can be found on THL’s Regulations and guidelines page (thl.fi) (in Finnish).
Prepare for joint testing
Joint testing is mandatory for class A2 and A3 information systems and it is intended to ensure that the information system has been implemented in accordance with national specifications for interoperability. To make joint testing as smooth as possible:
- Before registering for joint testing, make sure that the functionalities have been thoroughly tested in your own system
- Fill out THL’s system form (THL Regulation 5/2021, Appendix 4) carefully
- Register for joint testing no later than two months before the planned start of testing
Read more about the joint testing process and more detailed instructions for joint testing.
Data security assessment and notifying Valvira of registration
Once the joint testing has been successfully completed, agree on the data security assessment with an inspection body accredited by Traficom (kyberturvallisuuskeskus.fi). The information security inspection body will issue an information security certificate for a maximum period of three years.
Once the data security assessment has been completed, send the notification of registration and its attachments to Valvira. More detailed guidelines are provided by Valvira.
