Health information is needed for successful work ability management, but what is health information and how should it be protected in an organization?

The most important tasks of occupational health are the prevention of illnesses and maintaining work ability. This can be achieved when information about the health of the staff is available. However, information always goes hand in hand with data protection.

Ilari Richardt

Many organizations want to succeed and set an example in work ability management by supporting the well-being of their personnel and reducing sickness absences. Happy, healthy employees increase the productivity of work.

Available information on the health of the personnel is key to successful work ability management. Systematic work ability management is based on data, on the basis of which the supervisor, HR manager or occupational health services, for example, can make timely decisions to protect a person's work ability.

Legislation on the use of personal and health information has become stricter and misuse will result in heavy sanctions for the organization

Legislation on the use of personal data and health information has become stricter in recent years. For example, the EU's General Data Protection Regulation (GDPR), which entered into force in 2018, imposes obligations and restrictions for the controller on how to store and use personal data and health information.

Potential misconduct is subject to heavy penalties as the fines are calculated on the basis of revenue. In Finland, the Data Protection Ombudsman has recently issued the first decisions on the incorrect storage of sensitive health information of staff, in which the penalties amounted to hundreds of thousands.

The legislation is also stricter as to whether the processing of data takes place in the EU/EEA and in which situations the data may be disclosed outside these areas. Public cloud services, in particular, cause a problem; storing unencrypted or lightly encrypted data in a public cloud service can be seen as transferring data outside the EU/EEA, even if the service is acquired from a European location.

So what should a work ability management system be designed to do in practice?

Organizations are controllers of personal data and health information if they employ at least one person. This means that almost every organization must ensure that their work ability management systems comply with legislation.

In practice, this means, for example, that the employer must ensure that health information and personal data are not stored in the same location, such as a HR system. In addition, it must be ensured that the service has appropriate protection measures in place to prevent the unintended transfer of data outside the EU/EEA area, for example from a public cloud service that is administered by a party outside the area in question.

Employees must also be able to obtain their data from the controller. Therefore, it is important that a system that supports work ability management, for example, also enables such functionality.

What to consider when evaluating work ability management systems

When evaluating work ability management systems, attention should be paid to ensuring that they support work ability management in the best possible way and comprehensively take legislation into account.

Terveystalo has strong experience in the development of work ability management systems. The background is a massive amount of data and the best experts, whether they are occupational health professionals or software development experts.

For example, our system supporting work ability management ensures that the storage and processing of data is always in accordance with legislation. The data is stored in Finland and processed safely right from the start. The system ensures the implementation of the rights of the data subject, in other words, the employee. One of the major advantages is that the company itself acts as the controller of the system in question.

Information to be protected in every organization

  • Personal data refers to data that can be used to identify a person directly or indirectly: that is, by combining individual data with some other data that enables identification. Personal data include, for example, name, personal identity code, age and workplace.
  • Health information, on the other hand, is information about a person's health, such as heart rate information, information on sickness absences and health risk factors.


Ilari Richardt
Ilari Richardt

Ilari Richardt works as a Digital Director at Terveystalo and takes care of Terveystalo's digital development. In his free time, Ilari takes care of his own well-being by reading, studying, traveling and occasionally flying his own plane.

Read more

Brave new world demands a new level of care: an international assessment model for quality and safety in remote appointments published Blog

Brave new world demands a new level of care: an international assessment model for quality and safety in remote appointments published

Terveystalo was the first in Finland to test a tool published by WHO in the spring that enables healthcare providers to assess the quality, safety and effectiveness of their remote appointments.

Terveystalon Digitaalisten palveluiden johtaja Ilari Richardt Blog

Here are the digital trends in healthcare 2024

Artificial intelligence, health assistants, preventive care and personalised medicine - the digital trends in healthcare in 2024 will focus on how we can modernise healthcare and tackle its deepest problems.

Terveystalon Digiylilääkäri Tuomo Oikarainen Terveystalon vastaanottohuoneessa Blog

AI is coming - we are ready

I argue that AI will do some of the work of a doctor in the near future. But I don't yet know what those jobs will be exactly.

Jukka Pitkänen Terveystalo Blog

What will occupational health look like in 2030?

Working life is in transition. Many forces challenge both employers and the workforce at the same time. Equally, occupational health must be actively developed in the direction of the future we wish for, so that we don't just drift along the flow.

Ville Iho Blog

The best occupational health care in the world is a €24 billion issue for Finland

Finnish occupational health care has been built up over the years by employers and employees, who also finance it almost entirely (employers about 80%, employees 20%). Occupational health care covers more than 1.9 million Finns of working age, whose health and fitness for work are crucial to the success of Finland as a whole, to its competitiveness and to the maintenance of a welfare society. Occupational health is an absolutely central part of our health care system; in addition to its specific role in balancing the growing burden of public health care, it does so in an internationally unique way and with excellent results.

Janina Achrén Blog

Musculoskeletal disorders absenteeism down 13% in 2022 - What finally made the ship turn around?

I remember well a drawing I made in my notebook during my specialisation. I drew a stick figure running along the line; a stick occupational physiotherapist. The line I drew depicted the transformation of occupational health and working life over the last couple of hundred years; from the industrial revolution, the early days of occupational health and factory doctors, to the Occupational Health Act of the 21st century and the large teams of occupational health specialists. While occupational health had developed by leaps and bounds along the way, our working lives and environments had changed even more rapidly. Despite the leaps and bounds, the stick occupational physiotherapist was still constantly one step behind, often only involved when the problem had already arisen. I wrote the question under my drawing; when will occupational health get to the point where we walk alongside the workplace and see what is coming, so we can prevent it? My stick occupational physiotherapist had to wait a good decade for that answer...