Processing of personal data, City of Espoo Occupational Health Services

Date of publication: 16 September 2020 
Latest update: 14 November 2024

City of Espoo
Occupational Health Services
Kamreerintie 2 A, 2nd floor
02070 Espoo

Head of Occupational Health, Chief Physician Marianne Alho
marianne.alho(at)espoo.fi

Data protection contact person for Occupational Health Services, Specialist Maarit Kulma
maarit.kulma(at)espoo.fi
Tel. +358 40 6631724

Data Protection Officer of the City of Espoo
Helena Niemi
Address: P.O. Box 12, 02070 City of Espoo
Tel. +358 9 81621 (switchboard)
Email: tietosuoja(at)espoo.fi

The personal data stored in the patient register of Occupational Health Services is processed for the purpose of providing occupational health services for the personnel of the City of Espoo in accordance with the Occupational Health Care Act. Personal data is processed for the implementation of action plans, appointment management, service invoicing, and statutory and/or group-level reporting to client organisations. Personal data is also processed to provide medical care and services that promote wellbeing at work.

According to section 4 of the Occupational Health Care Act, the employer shall arrange occupational health care at its own expense in order to prevent and control health risks and problems related to work and working conditions and to protect and promote the safety, work ability and health of employees.

The personal data stored in the patient register of Occupational Health Services is processed for the purpose of providing occupational health services for the personnel of the City of Espoo in accordance with the Occupational Health Care Act.

• Article 6(1)(a) of the General Data Protection Regulation of the European Union: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Occupational health care e-services and online appointment booking, as well as online surveys.

Measurement of client experience.

The data can be used for knowledge-based management in accordance with the Act on the Secondary Use of Health and Social Data.

• Article 6(1)(c) of the General Data Protection Regulation of the European Union: processing is necessary for compliance with a legal obligation to which the controller is subject.
• Article 6(1)(e) of the General Data Protection Regulation of the European Union: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Key legislation:

• General Data Protection Regulation of the European Union (679/2016)
• Data Protection Act (1050/2018)
• Act on the Openness of Government Activities (621/1999)
• Occupational Health Care Act (1383/2001)
• Health Care Act (1326/2010)
• Act on the Protection of Privacy in Working Life (759/2004)
• Act on the Status and Rights of Patients (785/1992)
• Act on Health Care Professionals (559/1994)
• Other acts and decrees regulating occupational health care activities
• Act on the Secondary Use of Health and Social Data (552/2019)
• Occupational Safety and Health Act (738/2002)
• Act on the Processing of Client Data in Healthcare and Social Welfare (703/2023)

The patient register of Occupational Health Services contains the following personal and basic data of the patients: first name, last name, personal identity code, job title, home address, postal code, city, municipality of residence and email address.

In addition, patient information generated in connection with health care appointments is stored in the patient register, including information about the patient’s counselling, treatment, health assessment, monitoring, examinations and other information in accordance with section 12 of the Occupational Health Care Act, which specifies the content of occupational health care.

Data concerning health is considered a special category of data, which can only be processed in situations specified in legislation. In occupational health care, the processing of data concerning health is permitted under Article 9(1)(h) of the General Data Protection Regulation, as the processing of health data is necessary for the purposes of preventive or occupational health care, the assessment of the employee’s work ability, medical diagnoses, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of legislation or pursuant to a contract with a health care professional.

For the purposes listed above, personal data concerning health is always processed by a professional subject to the obligation of professional secrecy (GDPR, Article 9(3)).

The electronic service channel contains the first name, last name, personal identity code, home address, postal code, city and email address of those patients who have used it. The data is transferred from the patient information system during login. The electronic service channel also contains the messages, images and documents sent by the user when using the service. A summary of essential data in the electronic service channel is transferred to the patient information system.

Measurement of client experience. Client experience measurement helps increase client satisfaction and develop occupational health care activities. Clients can choose to be contacted personally by leaving their contact information (name, telephone number and/or email address) in the system. The contact request will not be recorded in the patient information system.

Personal data in the patient register is confidential.

According to section 24, subsection 1, paragraph 25 of the Act on the Openness of Government Activities, documents containing information on the state of health of a person or medical care or treatment given to them are considered confidential official documents.

According to section 13 of the Act on the Status and Rights of Patients, the information contained in patient documents is confidential and health care professionals or other persons working in a health care unit or carrying out its tasks shall not give information contained in patient documents to outsiders without express written consent by the patient with the exceptions provided for separately in legislation. The obligation of professional secrecy remains in effect after the conclusion of the employment relationship or job task.

Patient information is generated in connection with occupational health care appointments in cooperation with the patient.

The patients’ personal and basic data is obtained from the City of Espoo personnel register.

The patients’ other personal data is mainly obtained from the patients themselves, especially in connection with the pre-employment health examination and health care appointments. The information is updated in connection with appointments, and more detailed information is collected, for example, when additional information is needed for the assessment of the patient’s work ability and functional capacity.

Pursuant to section 5 of the Act on the Protection of Privacy in Working Life, a medical certificate or statement concerning an employee’s work ability, submitted by the employee to the employer, may be disclosed to an occupational health care provider for the purpose of carrying out occupational health care tasks as defined in the Occupational Health Care Act, unless the employee has prohibited such disclosure. In any case, the employer may inform the occupational health care provider of the dates and duration of the employee’s sick leave.

The City of Espoo’s Occupational Health Services purchases some of its examinations and specialist medical consultations as outsourced services. Information on such outsourced examinations and consultations is obtained from their provider.

As a rule, personal data is not disclosed.

The disclosure and conveyance of patient information to third parties requires, as a rule, written consent by the patient (Act on the Status and Rights of Patients, section 13).

The person requesting the disclosure of data must explain their grounds and right of access to the data in question and specify which patient documents are included in the disclosure request.

In addition to situations provided by law, the occupational health care provider may, with the patient’s consent, disclose to another health care unit or health care professional information contained in patient documents that is necessary to organise the patient’s examination and treatment (Act on the Status and Rights of Patients, section 13).

Under section 17, subsection 2 of the Occupational Health Care Act, the employer and the organisation’s occupational safety and health committee and occupational safety and health representative are entitled to receive from occupational health care personnel information these persons obtain on account of their position that is important for the health of employees and for the development of healthier workplace conditions. However, information designated as confidential by law may not be disclosed without the consent of the party for whose benefit the confidentiality obligation is prescribed. According to section 13 of the Act on the Status and Rights of Patients (785/1992), patient documents are confidential.

The occupational health care provider can only provide the employer with information on whether the employee is suitable for the work or whether there are any limitations to their suitability.

The employer has the right to refer an employee to occupational health care for an assessment of the employee’s work ability, if the employer has reasonable grounds to assume that the employee’s work ability is impaired by a health issue.

Patient information related to appointments arising from work-related accidents can be disclosed to insurance companies upon request. The insurance company’s right to receive information in the event of an occupational accident is based on section 252 of the Workers’ Compensation Act (459/2015).

Notwithstanding the confidentiality provisions and other restrictions on access to information, the Social Insurance Institution of Finland has the right to obtain the necessary information to settle a pension or benefit decision from a state or municipal authority or another body governed by public law (National Pensions Act, section 86).

Data may be disclosed to authorities maintaining national registers for research, planning and statistical purposes (Act on National Personal Data Registers Kept under the Health Care System (556/1989), section 3; Communicable Diseases Act, section 24).

Data can be disclosed upon request to authorities that have a legal right to access the information contained in the registers. The person requesting data disclosure must refer to the section of law on the basis of which the data is requested.

Data will not be transferred outside the EU or the EEA.

As a rule, patient documents are stored for 12 years after the patient’s death, or 120 years after the patient’s birth if there is no information of the patient’s death. (Act on the Processing of Client Data in Healthcare and Social Welfare, 703/2023)

Health care units shall store patient documents for a period necessary for arranging and providing care and treatment for a patient, for investigating possible claims for compensation related to care, and for scientific research.

Patient documents shall be destroyed immediately after there are no grounds, as referred to above, for storing them.

Further provisions on the drawing up of patient documents and on storing them are issued by a decree of the Ministry of Social Affairs and Health.

Permanent storage of documents is regulated by the Archives Act (831/1994).

All texts and documents in the electronic service channel will be destroyed one year after the case has been closed.

Data maintenance systems and protection principles

Almost all patient register information is stored in the patient information system used by Occupational Health Services. This is a certified system. The patient information system is accessed from Espoo’s workstations via an encrypted browser connection over the Internet.

Access rights to the patient information system are granted on an individual basis only to occupational health care personnel. Employees have personal ID cards issued by the Digital and Population Data Services Agency for health care professionals. The patient care relationship is verified based on the personnel register information and verification of the individual’s personal identity code. Usage logs are monitored in order to supervise and control the use of the patient information system. A patient information disclosure report is always made in connection with usage data disclosure.

The patient information included in the previous patient information systems has been transferred to the Kanta archive. 

The electronic service channel is a cloud service that a person uses with a web browser. The information system meets the requirements related to the processing of personal data, and the system’s data security is subject to regular auditing.

Users of the electronic service channel authenticate themselves with online banking credentials. All connections between the user’s computer and the server are SSL encrypted.

The paper patient document archive is located in a separate, locked space, which can only be accessed by occupational health care personnel. It contains, for example, old ECG tapes that have not been converted to digital format.

Occupational Health Services must notify the Data Protection Ombudsman within 72 hours of becoming aware of a personal data breach. The data subject must also be notified if the breach is likely to pose a risk to their rights and freedoms. Occupational Health Services has a process and plan in place for reporting data breaches.

Further instructions on submitting information requests referred to in the General Data Protection Regulation.

You have the right to obtain from the data controller a copy of the personal data that is subject to processing. The data controller must provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

The request of access to patient register information must be submitted to the customer service office of Occupational Health Services (Kamreerintie 2 A, 2nd floor, CITY OF ESPOO, tel. +358 9 81624400, tyoterveys(at)espoo.fi). The patient is given a request of access form, which is completed and signed by the patient. Identity is verified with an official identity document.

If the data controller does not take action on the request of the data subject, the data controller must inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and of the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Requests from the data subject and any resulting actions are free of charge. However, where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the data controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.

The request for rectification of the patient register information must be submitted to the customer service office of Occupational Health Services (Kamreerintie 2 A, 2nd floor, CITY OF ESPOO, tel. +358 9 81624400, tyoterveys(at)espoo.fi). The patient is given a rectification request form, which is completed and signed by the patient.

You have the right to have the data controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In these cases, the data will only be erased after the statutory time limit.

If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.

You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman: www.tietosuoja.fi(external link, opens in a new window)

Requests should be addressed to the contact person of the register / Occupational Health Services.

Right to data portability (Article 20 of the GDPR)

The data subject shall have the right to have his or her data transmitted only if the processing of data is based on consent or on a contract, and if the processing is carried out by automated means. The data subject’s right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

If the processing of data is based on consent, the data subject shall have the right to withdraw his or her consent at any time.

Questions about this privacy notice or the privacy notices for individual services can be addressed to the City of Espoo’s Data Protection Officer.