Information systems for social welfare and healthcare
Valvira enforces compliance with the essential requirements for information systems intended for the processing of client data in social services and patient data in healthcare services. Valvira also supervises the network and information security of healthcare services pursuant to the NIS Directive.
Valvira supervises the following information systems in social welfare and healthcare:
- pharmacy systems
- Kanta Services
- client data transfer services
- prescription systems
- social services client information systems
- healthcare patient information systems
Any information system used for processing client or patient data must comply with the essential requirements set for that purpose. The information system supplier is responsible for ensuring and maintaining compliance with these essential requirements.
The essential requirements are divided into three areas: functional requirements, interoperability, and data security and privacy protection.
Obligations of the information system supplier
The Act on the Electronic Processing of Client Data in Healthcare and Social Welfare sets forth obligations for information system suppliers for the compliance of client and patient data systems, to maintenance and to demonstrating compliance.
An information system supplier offers or deploys an information system for processing client or patient data to a service provider. The information system supplier is responsible for ensuring and maintaining compliance with the essential requirements defined for the information system. Typically, the information system supplier is also the manufacturer. If the manufacturer is different from the supplier, the supplier is responsible for compliance with the essential requirements on behalf of one or more suppliers.
Obligations of social welfare and healthcare service providers
The Act on the Electronic Processing of Client Data in Healthcare and Social Welfare sets forth the obligations of social welfare and healthcare service providers in respect of the deployment and use of client and patient data systems and their linking to the Kanta Services. A service provider may be an arranger or a producer of social welfare and/or healthcare services.
Social welfare and healthcare service providers must note that they must not deploy an information system whose details are not available in the information system database for social welfare and healthcare or whose data security certificate has expired.