Secondary use of health and social data

A separate law has be laid down on the secondary use of health and social data (Act on the Secondary Use of Health and Social Data).

The purpose of the Act is to facilitate the effective and safe processing and access to the personal social and health data for steering, supervision, research, statistics and development in the health and social sector.  A second objective is to guarantee an individual’s legitimate expectations as well as their rights and freedoms when processing personal data.

The Act will facilitate

  • the elimination of overlapping administrative burden related to the processing of permits
  • the smoother and faster processing of permits
  • the smoother collation of data from different registers
  • the easier and more efficient use of valuable social and health materials in research and development activities
  • clearer knowledge management by service providers and parameters for this
  • the Finnish Institute for Health and Welfare's data access rights and the legislative basis for the national registers that the institute is responsible for will be adjusted so it is in accordance with the requirements in the General Data Protection Regulation

The secondary use of health and social data means that the customer and register data created during health and social service sector activities will be used for purposes other than the primary reason for which they were originally saved.

The secondary uses referred to in the Act include:

  • scientific research
  • statistics
  • development and innovation activities
  • steering and supervision of authorities
  • planning and reporting duties by authorities
  • teaching
  • knowledge management

Legal basis for the collection of national monitoring data and knowledge management will become more clear

Information, including that on customers’ well-being, the use of services and costs can be used to support the management of social welfare and health care services. There has previously been no clear legal basis for the collation of data, which is required for knowledge management.

Knowledge management is one of the grounds for secondary use of data. Necessary collation of information for the purpose of management from the service provider’s own registers is possible without authorisation by a permit authority.

The Finnish Institute for Health and Welfare has collected data for a long period time for the national social welfare and health care personal data registers. Previously there have been provisions on these in separate laws. The data in the registers is used for example in national screening and compilation of statistics as well as in research. The legal basis for data collection by the Finnish Institute for Health and Welfare has been made more clear and it is now in accordance with the requirements laid down in the General Data Protection Regulation.

From the perspective of social welfare and health care reform, both promoting knowledge management by service providers and the expansion and timeliness of national monitoring data are very important areas of development. Amended legislation will facilitate the better utilisation of data to support decision making while respecting the privacy of individuals.

Data permits granted by the data permit authority

The Act on the Secondary Use of Health and Social Data includes provisions on the data permit authority, its duties, and the secondary use of health and social data. A data permit authority grants data permits when data is needed from numerous different controllers or when data is saved in the Kanta service and or the data in question is register data from private social welfare and health care service providers. 

A centralised system for the administration of information requests and data permits will be built for communication between the permit authority and the applicant as will secure user environments and user interfaces for the supply of data. This will ensure the better protection of privacy for individuals and the secure use of data.

The data permit authority operates at the Finnish Institute for Health and Welfare separate from the institute’s other activities.

The Ministry of Social Affairs and Health has appointed a temporary steering group for the launch of the activities of the data permit authority for the secondary use of health and social sector data and to develop the services provided by the authority. The temporary steering group’s term will end at the end of June 2019, after which the arrangements related to the implementation phase will be decided on.

Finland’s national legislation corresponds with the EU’s General Data Protection Regulation

The EU’s General Data Protection Regulation was adopted on 25 May 2016. The Regulation became enforceable in all EU Member States two years from the time it was adopted meaning on 25 May 2018. The implementation of the Act on the Secondary Use of Health and Social Data will see provisions in this legislative area adjusted in a manner that ensures they meet with the requirements of the General Data Protection Regulation.

More information

Further information

Jukka Lähesmaa, Senior Specialist 
Ministry of Social Affairs and Health, Department for Steering of Healthcare and Social Welfare / OHO, Digitalisaation ja tiedonhallinnan yksikkö DITI Telephone:0295163139   Email Address:


Joni Komulainen, Senior Ministerial Adviser 
Ministry of Social Affairs and Health, Department for Safety, Security and Health / TUTO, Biotechnology and Medicines Unit / BILA Telephone:0295163453   Email Address: