Secondary use of health and social data

The Government proposes a new act on the secondary use of health and social data. The aim is to ensure flexible and secure use of data by establishing a centralised electronic licence service and a licensing authority for the secondary use of health and social data.

Finland has exceptionally extensive and high quality data resources in healthcare and social welfare. However, data are dispersed in a number of different information systems managed, by many different authorities. Currently, those interested in using health and social data for secondary purposes first need to apply for a licence to use data and then submit data requests separately to each of the authorities managing the relevant data. It has been a slow and laborious process to get data for research purposes, for example. The new act would streamline the processing of data requests, allow faster access to data and improve data security.

The Government estimates that the act would increase research and innovation activities relating to public health and wellbeing, disease prevention, and the development of new treatment methods. For individuals, it would mean better services and treatment in healthcare and social welfare and more effective medicines. The licensing authority is expected to generate new high-level business and research activities and thereby create new jobs in Finland.

In the future, one licensing authority would grant the licences and process the data requests regarding the secondary use of health and social data. The first step for persons or operators who want to use health and social data would be to consult the advice services and the data resource descriptions to identify the data resources relevant for their purposes. Next, they would use the electronic system for data request management to fill in their applications for licence to use data and submit their data requests where they would describe the data they need and their purpose and plan for using the data. The licensing authority would receive the applications and requests directly from the electronic system.

After granting a licence to use data, the licensing authority would get the relevant data from different registers and edit, combine and pre-process the data. Next, the licensing authority would transfer the data to a secure environment where the licence holder could process the data by remote access. This data processing environment would be maintained by the licensing authority, and it would meet all the requirements defined by law. It would minimise data security risks and prevent any accidental unauthorised access. The licensing authority could also provide a service where it edits relevant data resources for clients by removing all identification data. Access to this kind of data would not be subject to licence.

The secure electronic environment for data use would mean that in the future health and social data could be used for secondary purposes in research and statistics as well as in development and innovation, teaching, knowledge management, monitoring, steering and official planning. However, all use of data would be governed by law and the authorities. The authorities would also safeguard data security.

The intention is that the new acts would enter into force on 1 July 2018. Some of the provisions would apply only after a transition period.