Joint testing ensures that the information system has been implemented in accordance with national definitions concerning interoperability. Joint testing is not a substitute for comprehensive information system acceptance or availability testing because Kela does not examine the information system’s interface or its functionality.
Learn more about the joint testing process.
- When is joint testing required?
- Duration and cost of joint testing
- What is required of information systems registering for joint testing?
- What happens after joint testing?
When is joint testing required?
The requirement for joint testing is based on the Act on the Processing of Client Data in Healthcare and Social Welfare (Finlex.fi, in Finnish) (hereinafter the Client Data Act) and the Finnish Institute for Health and Welfare (hereinafter THL) Regulation 4/2024 on the certification of social welfare and healthcare information systems (in Finnish).
Joint testing of the information system must be performed when
- a system is first certified to join Kanta
- the validity of the Kanta Services specifications on which the implementation of the system is based is about to expire, either in production use or in certification.
- changes to the Client Data Act require joint testing
- the specifications of the Kanta Service change so that joint testing coordinated by Kela is required to ensure interoperability
- a change is made to the information system, and the content or scope of the change requires joint testing.
Read more:
Duration and cost of joint testing?
The scope and duration of joint testing vary across the different services in Kanta. The duration of joint testing depends, among other things, on the test content and data content, the initial readiness of the information system, the number of errors detected, and the need for retesting. A more accurate estimate of the duration and schedule can be given at the start of the testing. The actual joint testing is preceded by a phase in which the information system suppliers independently carry out preliminary tests on the system.
Participation in joint testing is free of charge, but each system supplier is responsible for the costs of system development required to join Kanta.
Please note that the working language of the joint testing is Finnish. All test material and guidelines are only available in Finnish, and Kanta is not responsible for translating these materials into other languages or for any costs arising from translation.
Data security assessments required by the system or application associated with Kanta are chargeable services. More detailed information about the costs are available from information security inspection bodies.
Registration on Valvira’s Astori register in compliance with the Client Data Act is subject to a charge. You can find more information about the costs on Valvira’s website.
What is required of information systems registering for joint testing?
To comply with joint testing requirements, the information system content that will be joint tested must correspond to production-stage deployment. Joint testing does not replace system-wide acceptance testing.
At the start of joint testing, the information system must:
- meet future production use and include planned integrations
- contain functionalities that comply with the requirements for information systems joining Kanta
- comply with open interfaces and standards in accordance with national requirements
- be able to join the Kanta Services independently or through an integration solution. The integration solution can be implemented internally or regionally.
What happens after joint testing?
Once joint testing is successfully completed, Kela issues a joint testing statement for the information system. The statement is accompanied by a more detailed joint test report and any other appendices that may be necessary to supplement the statement.
The data security assessment of the new system may proceed once joint testing has been approved. If certification is being renewed, the data security assessment may proceed even if joint testing is incomplete or missing. Valvira monitors any incomplete joint testing during the system registration stage.
The information system supplier must notify Valvira of an information system that complies with the Client Data Act in order for it to be registered on the Astori register. The information system can only be used to implement Kanta Services once its information can be found on the register.
The information system supplier must also inform Valvira of any new or changed functionality or data content implemented in the information system for which the system has received a new joint testing statement.