Terveystalo’s health care professionals and specialists process personal data on the basis of joint register consent. In terms of occupational health care services, personal data is processed by the professionals involved in the occupational health care.
The processing of personal data is outsourced to Group companies and/or external service providers who process the personal data on behalf of Terveystalo. Patient data is not transferred outside the EU or the EEA. Customer data may be transferred outside the EU or the EEA to a limited degree and within the confines of legislation. In such cases, the transfer takes place in accordance with the EU Commision’s standard contractual clauses or some other transfer mechanism permitted by data protection legislation.
Personal data is disclosed to the following parties:
Kela’s Prescription Centre
Kanta Patient Data Repository
- Health information is archived in the Kanta Patient Data Repository maintained by Kela under the Act on the Electronic Processing of Client Data in Healthcare and Social Welfare. Further information https://www.kanta.fi/en/citizens.
In addition, patient data is disclosed to the following parties on the basis of consent or the law:
Third party health care unit/organization/treatment facility or health care professional
- Information required for the arrangement and provision of medical care may be disclosed to another health care unit in accordance with a patient’s oral or written consent or other approval otherwise apparent by the context and recorded in the patient record.
Insurance companies
- Data necessary in respect of statutory insurance is disclosed to insurance companies on the basis of the law, without consent.
- Data necessary in respect of voluntary insurance is disclosed on the basis of the patient’s consent.
Employers
- When the patient is an occupational health care patient, data can be disclosed on the basis of the patient’s separate and explicit consent, provided that the employer uses the electronic transmission service for A certificates to Terveystalo’s Sirius HR system.
Authorities and/or entities
- Data is disclosed to courts of law and to other authorities and entities with a right to information pursuant to the law on the basis of a written and specified request and in the format and scope required by the matter.
Patient’s next of kin
- In the event that the patient is unconscious or under medical care for some equivalent reason, data can be disclosed to next of kin or to another person close to them, unless there is reason to believe that the patient has prohibited the disclosure of the data.
Research organizations
- The disclosure of data included in patient records for scientific research is subject to what is provided in section 13 (4) of the Patients Act.
- Anonymized and/or statistical data can be processed for research and statistical purposes without consent.
In the event of a patient’s death, the secrecy obligation and need for privacy protection remains in force, meaning that data cannot be disclosed without a legal basis.
Based on the Communicable Diseases Act, any information needed to detect an epidemic, identify the cause and trace-back can be submitted to the Finnish Institute for Health and Welfare and the joint municipal authority for the hospital district.