When you use health care or social welfare services, data is saved in the Kanta Services by a doctor, nurse, or other social or health care professional. Pharmacies also store prescription information in Kanta. You can view this data yourself in MyKanta.
We employ various methods to ensure the security of the data in the Kanta Services, and we regularly test the Kanta systems.
Social and health care providers are responsible for ensuring that the information stored in Kanta is correct and that the information is processed appropriately.
The data are only used when necessary in order to treat you and manage your affairs. In addition, your consent is required for the use of your data.
Read more: How can I have a say in how my data are used?
In the Kanta Services, personal data is processed to the extent necessary in order to investigate a fault or error, to process data requests, and to perform maintenance tasks assigned to Kela.
Data protection is used to ensure the confidentiality of information in the Kanta Services, to protect personal data, and to prevent the misuse of personal data.
Data security encompasses all concrete measures and technical solutions employed to protect confidential data. Among other things, we conduct regular security testing and close cooperation with other authorities, such as the National Cyber Security Centre.
How we monitor security
We require a high level of data security from social and health care organisations that use Kanta. New users must, among other things, provide Kela with a certificate from an external assessment body stating that their information system meets data security requirements. The certificate must be approved by the Finnish Transport and Communications Agency (Traficom).
Kela, social and health care organisations using Kanta, and pharmacies independently monitor the implementation of data security. Each organisation has its own data security plan and is responsible for implementing the plan and for keeping it up to date.
Data processing is always logged
Social welfare and health care services and pharmacies use log data to monitor data processing.
In order to view and process client data, professionals must undergo strong identification. Whenever a professional searches for client data through Kanta, a log is saved. The log data makes it is possible to find out who processed a person’s data and on what basis.
For guidance, please contact your data protection officer
Kanta services, social and health care organisations, and pharmacies have designated data protection officers whose task it is to control and monitor the implementation of data protection within their own organisation.
The data protection officer provides guidance on topics such as the processing of your personal data. For example, you might ask for advice on how to
- submit a request for data
- access your data
- restrict the use of your data