Way to a certified system – five questions and answers on the data processing system certification process
The Kela Kanta Services are used through various data systems in the social and healthcare services as well as pharmacies. A basic requirement is that all systems joining Kanta must be certified.
When the Patient Data Repository is used in the health service, the client data archive for social welfare services in the social service, or the Prescription service in the pharmacies, the client information must be securely transmitted. Therefore, all information systems joining Kanta Services must be certified. This ensures that the system fulfils the basic requirements: it contains the necessary functionalities, it is interoperable with Kanta Services, and the data security and data protection issues of the system are in order.
At the moment, more than 70 certified information systems have joined Kanta Services. In addition to the newly joined, the certification of existing member systems must be renewed every five years. Kaisa Penttilä from Kela, Kanta Services answers your questions on the certification process.
What is the course of the certification process?
Certification of a data processing system is a multi-phase process which includes joint testing with Kanta Services and a data security audit with an inspection body authorised by the Finnish Communications Regulatory Authority. The process also involves other authorities, such as the National Institute for Health and Welfare (THL), National Supervisory Authority For Welfare And Health (Valvira) and Traficom.
How long does the certification process take?
The length of the certification process varies depending on the individual case. Some of the factors affecting the duration are how well the data processing system supplier has prepared for the joint testing and the extent of the testing required for the system. There are considerable variations between contents for joint testing in terms of the number of test cases and the test phases performed. The various Kanta Services also require somewhat different joint testing. Therefore, it is very important to prepare thoroughly for the joint testing.
How do Kanta Services support the process?
Kanta Services provide a Kanta client test service, in which the testing organisation can also utilise the My Kanta Pages testing service and validation service. Kanta Services can also provide material for testing on request. The validation service functions as a tool in checking the data structures of the documents, and it is free of charge.
What should we do if there are changes in the system?
You must notify Kela and the data security inspection body of any changes. Changes are notified to Kela on a change notice form . You should also bear in mind that the certificate of conformity awarded to certified data systems is only valid for the maximum period of five years. The data system supplier must contact Kela before the final date of the certificate of conformity, preferably six months prior to expiry.
What is the cost of certification?
The Kela Kanta Services make no charge for joint testing. The data security auditing must be carried out by an inspection body approved by Traficom, and there is a charge for this. The data system supplier is responsible for the costs.
More information
- Certification, key requirements and in-house control
- How is data security ensured in the use of Kanta Services?
- Kanta client test service ensures an effective information system for healthcare
- The diagram shows the process from the system supplier's perspective (pdf, Finnish only)