FSHS guidelines for online communications 

  1. Unencrypted e-mail must not be used to send personal data, patient data or medical records, irrespective of whether the patient consents or not. In accordance with decision 5/2013 by the FSHS Board of Trustees, the FSHS will use Citizen’s accounts in all matters related to contacts between students and the FSHS, starting from 1 Sep. 2013.
  2. Information on whether or not a person is being treated at FSHS is also considered patient data. The healthcare provider (FSHS) must not, on its own initiative, pass a client’s name or other information indicating a healthcare contact between a client and the FSHS to the client or to anyone else by normal unencrypted email.
  3. A client can use unencrypted email to ask for general advice, for instance on how to find a service and on which conditions apply. FSHS staff can use email to respond to such general queries.
  4. The client must not be requested to submit sensitive personal data, patient data or medical records by unencrypted email. Should the client do so, the information contained in the message can be received but FSHS staff must not mention any confidential data in any reply messages. If email was used to reply to such a message from a patient, FSHS staff should create a new message only containing general guidance. The same applies to client feedback in which clients may refer to treatment they have previously received. In such cases, the client must be reminded that the FSHS uses Citizen’s accounts for safe electronic communication.
  5. If a client submits an appointment booking or similar by email, a safe communication channel¹, a phone call or a letter should be used to reply. The same also applies to other queries in which general guidance cannot be given without disclosing the client’s name or other data on the client.
  6. The FSHS must ensure data protection and confidentiality. To send sensitive messages to clients in an electronic format, FSHS staff must therefore always use a safe communication channel with sufficient encrypting and strong authentication of the parties involved. The FSHS can use mobile SMS messages to send information on the following:

    a) Appointment reminders
    b) Appointment cancellations

The use of SMS messages, email and safe communication channels in healthcare always requires the patient’s consent.

¹ The following communication channels are safe: the Citizen’s account, electronic health questionnaire feedback.

Sources: Statement by the Data Protection Ombudsman, 1 July 2010, record number 1475/41/2009 (in finnish)