Date: 22 October 2019
Heath services provided by Mehiläinen where Mehiläinen is the controller:
Pohjoinen Hesperiankatu 17
00260 Helsinki, Finland
Business ID: 1927556-5
Health services provided by an independent practitioner operating in Mehiläinen (or a company on behalf of which the practitioner operates), excluding occupational health services organised by Mehiläinen: The practitioner (or a company on behalf of which the practitioner operates) treating the patient.
The practitioner has assigned the technical maintenance of the register to Mehiläinen.
Data Protection Officer Kim Klemetti
tel. +358 10 414 0112 (switchboard).
The processing of patient data is based on the law or the patient’s consent.
The information stored in the patient register will be utilised in the patient’s care, and for other statutory or consent-based purposes of use.
Patient information for occupational health care will be stored separately from the patient information gathered in private appointments such that the use of this information outside of occupational health care requires the patient’s consent.
The patient's name, identity code, and contact information.
The patient's next of kin or, for a minor, legal guardian, the patient’s legal representative.
Information required in order to organise, plan, implement and monitor the patient’s care, such as health data gathered during examinations and treatment, and preliminary information.
Other information necessary for treatment, e.g., a nurse’s, nutritionist’s, or psychologist’s records concern-ing the patient.
Information on any disclosure of data and the grounds for disclosure.
In the patient register of occupational health, also the patient’s employer and the possible health risks connected to the workplace.
Information on whether the patient permits physicians treating him or her at Mehiläinen to see other pri-vate physicians’ patient records when this is necessary for his or her treatment.
Information on whether the patient gives private physicians treating him or her at Mehiläinen permission to see Mehiläinen Occupational Health's patient records when this is necessary for his or her treatment.
The information from the medical staff pertaining to a patient and the patient’s appointment information are stored as a sub-register of the patient register.
The results of patient laboratory, X-ray, and cardiac examinations performed during the patient’s examination and treatment are also stored as a sub-register of the patient register. Also, there is a separate register maintained for laboratory examination results in the laboratory system.
In addition to the electronic register, some information is held in paper form. The physical register contains the patients’ basic information and may also contain their consent/refusal with respect to sharing of their records as patients.
The patient, the patient’s guardian, the patient’s legal representative, or the patient's next of kin.
The medical staff and health care professionals.
With the patient’s consent, information can also be obtained from other health care units or professionals, for example via the national patient data repository (Kanta).
In the storage times of the personal data stored in the patient register, the valid regulations on the storage times of patient data will be followed.
Patient records are confidential, and the staff are obliged to maintain confidentiality.
Patient data can be transferred:
For research, planning, statistics and supervisory tasks to the National Institute for Health and Welfare and the Finnish Medicines Agency Fimea who maintain national health care registers, and to Fimea for the purpose of narcotics control.
The following terms are applied with respect to other possible groups:
Patient records are confidential. They may not be submitted to a third party.
Patient records are to be used only by the people treating the patient at the operations unit in question or on its commission or by people participating in related tasks. The controller’s top management make the organisational decisions and grant employees access rights to the patient records in the extent required by their work.
Old paper-based registers and other physical files are kept in locked and supervised facilities.
The information to be processed electronically can only be accessed by authorised employees with their personal user IDs and passwords. The use of patient records is supervised via monitoring of log infor-mation.
The patient has the right to access his or her patient records. Such an inspection request must be made in accordance with Section 8 of this data protection description. The right to inspection may be declined on statutory grounds. The information is provided by a physician or other health care professional, deter-mined by the health care unit, who registers the exercise of the right of access in the patient records. The information is submitted to the patient in written form. In principal, there shall be no charge for exercising the right to inspect.
The controller is obliged to perform correction, erasing, or supplementing of information in the patient records without unnecessary delay, on his or her own initiative or upon the patient’s request, to address information that is erroneous, unnecessary, incomplete or obsolete for the purpose of use of the patient records.
The data subject also has the right to demand the controller to restrict the processing of his or her person-al data, for example, in a situation where the data subject is waiting for Mehiläinen’s response to his or her request to rectify or erase data.
Implementation and organisation of the data’s rectification and restriction of processing
A data subject has the right to make a complaint to the competent supervising authorities, if the controller in its operations has not followed the applicable data-protection regulations.
Mehiläinen has joined the Kanta national patient data repository on 21 April 2016, and all patient data generated after this time will be transferred to the Kanta repository and the patient must thus manage such data via the My Kanta online system.
In all matters related to the processing of personal data and all situations regarding the exercising of one’s own rights, the data subject should contact Mehiläinen via the OmaMehiläinen service, in person at a Mehiläinen clinic, or by post to the address: Mehiläinen Oy / Potilasrekisteri, Pohjoinen Hesperiankatu 17 C, 00260 Helsinki, Finland. When required, Mehiläinen can request the data subject to further define their request in writing, and, if needed, the identity of the data subject can be authenticated before initiating any other measures.