The confidence of our customers, the protection of medical information as well as solutions connected to information protection are of the utmost importance at the FSHS. We are committed to protect the integrity of the students who are encompassed by our services.
At the FSHS we pay a special attention to information security and it is ensured by several technical solutions such as firewalls, the requirement of a strong identification, the limitation of user rights, secured communications networks as well as auditing as well as software updates. We are also continuously training our workforce in issues relate to information and data security. Our internal information security inspections play an important role in ensuring our information security.
The patient record system used by the FSHS is certified and its information security audited. A certification process verifies that our information system meets the essential requirements.
Customer information and patient records are protected at the FSHS in accordance to the requirements set by the authorities and the patient record system obeys on all accounts the existing legislation and regulations. The healthcare data system used by the FSHS is classified as a class A system. As a part of the certification process tests have been run together with Kela’s Kanta-services and an information security audit has been conducted by an auditing institution which has been recognized by the Finnish Communications Regulatory Authority. The National Supervisory Authority for Welfare and Health supervises the FSHS on how we as an organization handle customer information and patient records in order to ensure that the essential requirements on the security of the information systems are met.
The FSHS complies with the EU’s General Data Protection Regulation, the Act on the Status and Rights of Patients, the Act on the Handling of Customer eInformation connected to Social and Health Care as well as other existing legislation and regulation issued by the authorities and connected to the handling of personal information. The risks connected to our information systems have been identified and are monitored systematically. We continue continuously to improve our operational capabilities with the objective to have a high-level of readiness. However, in a world which is increasingly digitalized human error by either users or systems are always possible.