The Kanta Services meet high standards for data security

Kela implements a variety of measures to ensure data security in the Kanta Services, and the systems are tested regularly.

The Kanta Services contain health records on the Finnish population. The nationwide information system allows healthcare organisations access to real-time information about patients. This helps to ensure that patients receive the best possible care. Members of the public can look up their personal information on the My Kanta Pages.

Data stored in the Kanta Services are secured in a variety of ways

The data stored in the Kanta Services are secured in a variety of ways, and the data security has been audited by an outside auditor. The security of the Kanta Services is also developed further on a continual basis.

According to Kanta chief system architect Konstantin Hyppönen of Kela, when testing the system for data security, attention is paid to emerging system attack and data breach methods. The Kanta networks, databases and applications are all secured, Hyppönen says.

The technical interfaces to the Kanta Services are designed to fully meet privacy and data security standards. These technical solutions also serve to protect the Kanta Services against data breaches.

Hyppönen says that healthcare organisations can only look up information on one person at a time, and the system checks that the person is a current patient. Further, health professionals must use strong authentication when signing in to the system, Hyppönen says.

Kela has extensive experience with the development of information systems

Kela is responsible for system maintenance and data security in the Kanta Services.

Hyppönen says that Kela has stored electronic health records securely since the 1960s. This extensive experience is one reason why the maintenance of the Kanta Services is entrusted to Kela, he says.

All Finnish public-sector healthcare organisations, and a large percentage of private providers, have joined the Kanta Services. They undergo a data security evaluation when joining Kanta.

Hyppönen says that when a healthcare organisation joins Kanta, Kela requires them to present certification proving that their patient information system meets the highest data security standards. Organisations joining Kanta are also required by law to have appropriate self-monitoring plans, he says.

The My Kanta Pages enhance the flow of information

The My Kanta Pages are the individual users’ window into the Kanta Services. There everyone can check what information healthcare providers have recorded about them. Users can also grant and deny their consent to the use of their information.

Mari Holmroos of Kela’s Kanta Services team says that it is important for everyone’s rights and privacy that they can look up their information on the My Kanta Pages. Users can also check who has accessed their information. A list of the individuals who have accessed the information is available on request from the healthcare provider.

The operations of the Kanta Services and the storing of patient information are based in law. The availability of the information in real time is important both for the general public and the healthcare system.

Read more