Data security

Data security

Use of the Kanta Services requires that the health care and social welfare information system linked to Kanta meets the requirements set for data security.

Information security plan

All social and health care service providers, pharmacies and organisations acting as data intermediaries that process client and patient data electronically must draw up an information security plan that is also linked to the key requirements for the information systems used.

The regulation concerning the information security plan and a template for this can be found on THL’s Regulations and guidelines page (in Finnish, thl.fi).

Data security assessment

As a part of certification, all systems linking to the Kanta Services, wellbeing applications, Kanta intermediary services and other information systems that require certification must pass a data security assessment by an information security inspection body in accordance with the Client Data Act.

The data security certificate issued as a result of the data security assessment is valid for a maximum of three years. The data security assessment is subject to a fee, and the costs of data security assessments are met by each manufacturer or provider of an information system or a wellbeing application, or a provider of a technical intermediary service.

THL’s Regulations and guidelines page provides the regulations on the classification and certification of information systems, as well as the key requirements.

For more information:

Read more:

Last updated 19.2.2024