Controller
The Social Insurance Institution of Finland
Nordenskiöldinkatu 12, 00250 Helsinki
Postal address PO Box 450
Postal code 00056
Phone number 020 634 11
Person responsible for register-related issues or contact person
Data Protection Officer for Kanta Services
kanta@kanta.fi
Name of register
Log register of My Kanta Pages Personal Health Record
Purpose of processing of personal data / purpose of use of the register
Based on the agreement between the Ministry of Social Affairs and Health and the Social Insurance Institution of Finland (hereinafter Kela), Kela acts as the data controller of the My Kanta Pages Personal Health Record service, which is part of the national information system services in health care (the Kanta services), with respect to the log data in Kanta PHR.
The data in the log register of Kanta PHR is used for verifying the legality of data entered in Kanta PHR in Kela and for settling problem situations in the service.
More detailed provisions concerning the storage time of log data created in the processing of wellbeing data shall be established in a decree by the Ministry of Social Affairs and Health.
Data content of the register
The register includes the following data:
- time of event
- the personal identity code of the person whose data processing the log entry concerns
- the event giving rise to the log entry
- identifier of the wellbeing application that has requested data processing
- identifier of the party that has requested data processing (the person themselves)
- usage type
- identifier of certificate used in the event
- user rights of the wellbeing application that has requested data processing
- search criteria
- end result of the event
- returned error code
- internal error code and reason
- amount of data returned in the search results
- identifier of the processed data
- type of processed data
- additional information of the processed data.
Regular information sources
Logged data is stored in the log register when the user logs into the service and when they use the Kanta PHR service (storage, browsing, updating, deleting of wellbeing data).
Regular disclosure of data and transfer of data outside the EU or the European Economic Area
No regular disclosure.
Data shall not be transferred outside the EU or the European Economic Area.
Principles of protection of the register
The data in the log register contains confidential personal data.
Organisational measures
For its own part, Kela monitors and supervises the lawfulness of data processing. Kela also has a self-monitoring plan to ensure data protection and data security.
Kela takes the necessary measures of its own accord if the data entered in the register has been processed unlawfully.
Technical protection
The processing of data in the register requires strong identification that identifies the data controller, as well as the management of access rights related to the system.
The logged data is only utilised in problem situations in accordance with Kela’s described process by the Data Protection Officer or a special working group. Only designated members of Kela’s personnel have access to the data recorded in Kanta services.
Physical protection of environments and devices
The logged data is technically protected to prevent editing and deleting.
Kela’s IT areas and the physical location of data are in Finland. Kela’s technical maintenance staff have limited access to the IT areas when the management of their duties requires such access.