Go to page content

Data protection and security

By law, social welfare and healthcare service providers and organizers must organize their data protection and information security in such a way that client and patient data is protected.

In health care, data protection is very important as healthcare relationships are confidential and deal with sensitive data. Health Village complies with all data protection, information security and GDPR requirements.

Data protection and data security mean different things, but they are closely linked. They apply to electronic, written and oral information.

Every person has the fundamental right to data protection, which ensures the privacy of personal data when they are being processed. Personal data includes all data from which a person can be identified, i.e. also customer and patient data. Therefore, according to data protection, they must be processed and collected without jeopardizing the privacy of the person.

Data protection also involves the patient's right to self-determination and a confidential relationship with healthcare personnel. According to data protection, a person also has the right to access their own data.

Data security is one way of implementing data protection, and it is closely monitored. Data security means protecting important information, such as health information, from outsiders by technical and possibly other means.

Data security preserves the confidentiality of data, which means that information can only be accessed by those who really have the right to access it. Another requirement is the integrity of data, which means that the data cannot change without being changed by those who have the right to do so. The accessibility of the systems must also be guaranteed: the data must be available to the relevant persons when necessary. In health care, for the patient to be treated as well as possible in every situation, accessibility is vital.

Many e-health services require strong identification. This is because of the need to ensure data security. By logging in to healthcare electronic systems with strong identification, i.e. a mobile certificate, online banking codes or an electronic ID card, it can be verified that it is you.

In fact, strong identification can be seen as a protective wall that protects your data, and you can only get inside of the wall after you have reliably proven your identity at the gate. This prevents outsiders from accessing your personal information.

GDPR (General Data Protection Regulation) is an EU General Data Protection Regulation that applies to all processing of personal data. It was introduced in all EU countries in spring 2018. GDPR guarantees better protection of personal data and better control over the processing of personal data to all. GDPR guarantees that your data will be properly collected and stored also in e-health services.

For example, under the EU Data Protection Regulation, you have the right to access your personal data, to request the correction of incorrect data and to obtain information on how your personal data is processed.

Safe and high-quality treatment requires safely stored patient information. All public healthcare units and the majority of private service providers also use the patient data archive in the Kanta service. It stores both information about treatment and exam results. This means the information is available electronically to professionals who are treating you without you needing to have everything on paper.

Patient information may only be viewed by professionals authorized to do so. You can give your consent to the professionals responsible for your care being able to see also your previous health and treatment information in the patient information archive in the Kanta service. In this case, the information about you that has been previously collected in other healthcare units will also be available to the professional treating you. You can read more about giving consent and storing your information in the patient data archive on the Kanta service website.

Updated 18.3.2022