Consent and denials of consent to data sharing in health care

Consent to data sharing also enables data sharing outside of Kanta. For example, data recorded on paper may also be shared between wellbeing services counties or between a public and private healthcare provider, if the client has updated their consent to data sharing.

The client must update the consent to data sharing they previously gave in order for it to enable data sharing other than data sharing that takes place via Kanta. Consent to data sharing can be updated in MyKanta and when visiting a healthcare unit.

Consent to the sharing of patient data covers existing and future patient data. Once given, consent to data sharing will remain valid until further notice. The client may, if they wish, withdraw their consent to data sharing.

Not yet. Data sharing between social welfare and healthcare services via Kanta will be possible by 1 March 2027 at the latest. Such data sharing will require separate consent to data sharing. Data sharing between operators is currently only possible at a local level, for example, within a wellbeing services county. We will provide more details on the new consent to data sharing between service sectors at a later date on kanta.fi.

Patient data can be utilised and used more extensively than before within wellbeing services counties in connection with healthcare treatment. Public service providers that previously operated in the area have merged under a single service provider, known as a wellbeing services county. Each wellbeing services county has its own data files for healthcare patient data and social welfare client data.

By giving their consent to data sharing, the patient can ensure that data is also shared between wellbeing services counties and between private and public service providers. Denials of consent to data sharing can be issued to restrict data sharing between service providers, for example between wellbeing services counties and also between public and private service providers.

If a client set denials of consent to data sharing before the wellbeing services counties began operations, the denials of consent will not prevent the data from being used by the wellbeing services county’s public healthcare services.

The client can still issue denials of consent in public healthcare for the data files of wellbeing services counties. You cannot issue a denial of consent to data sharing between healthcare centres in the same wellbeing services county because they use the same patient data file. If the client wishes to check whether the old service-provider-specific denial of consent also applies to the healthcare data file of the wellbeing services county, this can be checked through the patient information system.

In healthcare, a client’s denial of consent to data sharing may be viewed if

• the client wishes to change the details of their denials,
• patient data is disclosed locally outside Kanta, as any denials of consent should be checked when sharing data,
• the matter involves the investigation of a problematic situation concerning data sharing.

Read more about how old service-provider-specific denials of consent apply in different wellbeing services counties.

In Uusimaa, data can be shared through a local database if the client has received version 1.1 or 2.0 of the information about the Kanta Services. These versions of the provided information include more information on the temporary right of access to data in Uusimaa.

This means that data can be shared between public service providers in Uusimaa on the basis of the receipt of the information about the Kanta Services, and the client’s consent is not required for data sharing.

The patient information system recognises if the client has not received the latest version of the information about the Kanta Services and prompts the professional to provide the client with the information again.

If the client has received a version older than 1.1 or 2.0, data may be shared via Kanta if the client has given their consent to data sharing. Data sharing from local databases are not permitted in this case.

If the patient has restricted the sharing of their data, the sharing of the data is not permitted. This is not affected by the version of the information which the client has received.

The client wishes to set up or withdraw a denial of consent when managing their affairs

If, after 2 January 2024, the client has not modified their denials of consent in MyKanta or when visiting a service provider that has a renewed denial of consent form in use, they will not have a new type of denial document. In this case, the healthcare service can continue to modify their denials. However, new denials, i.e. a comprehensive denial of consent to data sharing, or a denial of consent to share data with a private occupational healthcare data file, cannot be set without the new denial of consent form being deployed in the system.

If a client has a new type of denial document, it is possible that their denials cannot be processed by the healthcare system at all. This means, for example, that it will not be possible to set up new denials of consent to data sharing for a client, or it will not be possible to withdraw a client’s denials of consent in the healthcare system.

In these situations, instruct the client to set the denial of consent of their choice in MyKanta or at a service provider where the denial of consent form has been deployed. Inform the client that the new denials of consent can only be taken into account in the healthcare system when sharing data outside of Kanta once the denials of consent have been deployed in the information system.

If a client wants the healthcare system to allow access to data on which they have previously set a denial of consent to data sharing, the denials of consent must be withdrawn. Please note the following:

• If the information system does not allow you to withdraw the denials of consent, or the client is unable to withdraw the denials of consent in MyKanta, you can assess whether the use of an emergency search is justified.
• If the client has also set a denial of consent to the sharing of their data in an emergency, it will not be possible to view the data via Kanta.

Data is being shared e.g. in paper format between two service providers

If you are sharing patient data with another service provider in a way other than via Kanta, such as on paper, please be aware of any denials of consent to data sharing. If your organisation’s patient information system has not deployed the new denials of consent, you may not see the client’s most recent denials of consent. Inform the client that the denials of consent cannot be viewed in the system, and ask for their separate, specific consent to share the data.

For instructions on how to request and document a consent, contact your organisation.

A comprehensive denial of consent to data sharing prevents the disclosure of data between different data files and controllers, i.e. between wellbeing services counties, and between a wellbeing services county and a private service provider. The denial applies to both existing and future patient data. When setting a comprehensive denial of consent to data sharing, clients can choose to keep the denial of consent in force even in the event of an emergency. In this case, data will not be disclosed from Kanta even in an emergency search.

A lack of consent to data sharing also prevents the flow of data between different data files and controllers. If the client has not set up their consent to data sharing or has withdrawn it, their data may nevertheless be shared in the event of an emergency.