Health care related information is sensitive, so strict rules have to be followed when processing such information. The basis for data protection in health care was established some 2,400 years ago in Hippocrates’ Hippocratic oath. Today, almost every group of health care professionals has their own ethical guidelines, in addition to the requirements set by legislation applicable to the sector. These require health care professionals to commit to professional secrecy and confidential treatment of patient data.
Current privacy practices in Finland will be significantly modernized as a result of several on-going projects, including the EU General Data Protection Regulation (GDPR), Customer Data Act, and social and health care services reform. The GDPR, which will apply from May 2018, further highlights the responsibility, accountability and documentation obligations of data controllers, and brings with it hefty fines for breach of requirements. The obligation to notify of data breaches will also be expanded. The on-going reform of social and health care sectors will affect, for example, record keeping and processing of personal data when public social and health care services are transferred under the responsibility of self-governing provinces at the beginning of 2019.