Updated 27.09.2023

Data

You can obtain social and health sector register data through us, when you need these for secondary use and the data originates from numerous different public controllers, public service providers and the Kanta Services.

What data are available?

Check out the controllers within the scope of the Act on the Secondary Use of Health and Social Data, the contact details we have collected on controller and links to data descriptions. Read more What data are available?

Can data be combined to other information?

Other data can be combined to data applied for from Findata. Please list the data to be combined in your application. Read more Can data be combined to other information?

Where can the data be analysed?

Data that is subject to data permits and amendment permits can only be analysed in an environment that meets specific requirements. Statistical data accessed via a data request is sent to the customer. Read more Where can the data be analysed?

Where do I send an application for a permit?

Select the controllers from whom you need data and check which authority is competent to grant a permit or send data. Read more Where do I send an application for a permit?

What data are available via Findata?

You can apply for access to the data maintained by the controllers listed below via Findata. More details on these data restrictions can be found in the Act on the Secondary Use of Health and Social Data (finlex.fi).

Controllers create data descriptions for their register content so that those requiring data are able to assess the suitability of the register’s data for secondary use. You can obtain more information about the available data directly from the controllers.

We have initiated cooperation with controllers to standardise data descriptions.

See a list of the controllers within the scope of the Act on Secondary Use of Health and Social Data
  • Data saved in Kanta services
    • Findata will process applications related to medical record data in the Kanta services from the beginning of 2021, applications related to e-prescription data can be processed already now.
  • Digital and Population Data Services Agency (The Finnish Digital Agency, individual’s basic details, family relations, place of domicile and building details)
  • Finnish Centre for Pensions (work and earnings data, benefits and the bases for them)
  • Finnish Institute for Health and Welfare (does not apply to data collected for statistical purposes)
  • Finnish Institute of Occupational Health (occupational illnesses, exposure tests and patient registers)
  • Finnish Medicines Agency Fimea
  • National Supervisory Authority for Welfare and Health Valvira
  • Public and private service providers of social welfare and health care
  • Social Insurance Institution of Finland (benefits and prescriptions)
  • Statistics Finland (to the extent that access is required to data covered by the act on the investigation of the causes of death).
  • Regional state administrative agencies (matters relating to social welfare and health care)

Can data be combined to other information?

Data referred to in the Act on the Secondary Use of Health and Social Data can be combined to other information, such as data a person has collected themselves or data accessed with some other permit. As a rule, Findata or a statistics authority can combine the data.

If you wish to combine data later on to data you have received via Findata, send an amendment application for the data to be combined. For more information please see the Amendment permits page.

If you are applying to have data accessed with an individual’s consent to be combined with data that Findata has issued a permit for, the research subject’s notification and consent models must be attached to the application.

If the data have been accessed with the permission of other actors, list the following information in the application:

  • Permit record number, issuer, date of decision.
  • If the permit process is pending, the party to whom the application was submitted and the permit process start date.
  • A brief description of the information content of other data.
  • Do not attach permits for other data to the application. The application processor will ask for these separately of necessary.

See the instructions for sending data on the page Submitting data to Findata (in Finnish).

Where can the data be analysed?

The aggregated statistical data accessed via a data request is sent to the customer, and it can be analysed freely in accordance with a data utilisation plan.

Data on individuals that require a data permit can only be analysed in a secure environment.

As a rule, the data will always be disclosed to Findata’s secure operating environment Kapseli. However, the Act on the Openness of Government Activities makes it possible to disclose information to other operating environments, if necessary. Read more below in the section: Findata’s regulation sets information security requirements for environments.

If an individual controller within the scope of the Act on Secondary Use has made a decision on a data permit concerning data included in their own registers, they must disclose the data to a secure environment referred to in the Act on Secondary Use as well.

Amendment permits are also officially data permits (decisions to amend data permits), meaning the same requirements apply to these as to data permits. The exception to this is changes to personal data processors.

National Supervisory Authority for Welfare and Health Valvira Valvira maintains a public register of the compliant operating environments notified to it. Read more on Valvira’s website: Database of secondary-use environments (valvira.fi).

On the page you’ll also find information about registering in the database and registration fees.

Findata’s regulation sets information security requirements for environments

We have issued a regulation in accordance with the Act on the Secondary Use of Health and Social Data, which describes the requirements laid down other service providers’ secure operating environments.

The regulation concerns the secondary use of social and health data, and it will be applied to all the purposes provided in the Act on the Secondary Use of Health and Social Data for which a data permit is required. These purposes include scientific research, statistics, teaching and the planning and investigation tasks of the authorities. With regard to teaching, the regulation pertains to the preparation of teaching materials, not actual teaching.

As of 1 May 2022, the implementation of the requirements laid down in the regulation is a prerequisite for the disclosure of data to be processed by the permit holder for secondary purposes in an environment other than Findata’s secure operating environment Kapseli. In addition, the operating environment must be assessed by a data security assessment body that must issue a certificate on the assessment.

The requirements take into account the solutions in existing environments and enable the utilisation of different technical solutions.

At its simplest, a secure environment can be a physically and technically secure space with a terminal device for analysing data that is isolated from the Internet and other devices. On the other hand, technical solutions based on cloud services are also possible, as long as the service provider ensures the required level of data security.

The operating environments of foreign researchers must also meet the data protection and security requirements laid down in the regulation. Their validity can be demonstrated by means of certificates based on international audits, the compliance of which is verified by an assessment body approved in Finland.

Read more on the regulation on the page Regulation on operating environments

Where do I send an application for a permit?

  • Under the law, statistical, aggregated data subject to a data request can only be accessed via Findata.
  • In addition to Findata, public controllers can issue data permits, if the application is related only to data maintained by the controller in question.
  • Amendment permits are also officially data permits (decisions to amend data permits), meaning the authority for issuing these is determined in the same manner as for data permits.

Findata is responsible for the application and the permit decision whenever the data of data controllers covered by the Secondary Act are combined. Submit an application for a permit or change to Findata if it concerns:

  1. data from numerous public social and health sector controllers
  2. register data from one or numerous private social welfare and health care service organisers, or
  3. customer data saved in the Kanta Services.

See the end of this page for the application assistant. Select which controller’s data you are applying for access to and the assistant will tell you which authority you must submit an application to for the permit(s).

Transferred right to issue permits

Public controllers may authorise Findata to carry out on their behalf, as detailed in the Secondary Data Act, services other than advice and data description services. In practice, this means the transfer of authority for the issuing of permits referred to in the Act on the Secondary Use of Health and Social Data. Exceptions to this rule are the Digital and Population Data Services Agency, the Finnish Centre for Pensions and Statistics Finland, which cannot transfer their authority to issue permits.

We also process data permit applications and amendment applications that apply only to the information content of the specific controller’s registers for controllers who have transferred their authority to issue data permits.

At the moment, the following controllers have transferred the right to issue permits to Findata:

  • Finnish Institute for Health and Welfare THL, excluding its internal permit administration as well as the permit administration for the disclosure of samples and information transferred to the THL Biobank.
  • Regional State Administrative Agencies of Southern Finland, Eastern Finland, Lapland, Southwestern Finland, Western and Inland Finland and Northern Finland
  • National Supervisory Authority for Welfare and Health

See also

Ready-made datasets

Our aim is to provide our customers pre-processed data on thematic entities in early 2022. Read more Ready-made datasets

Submission of data to Findata

Read about how to submit data to Findata in a secure manner via the Nextcloud transfer service. Read more Submission of data to Findata

Regulation on data descriptions

We have issued a regulation in accordance with the Act on the Secondary Use of Health and Social Data on the information content, concepts and information structures of data descriptions. Read more Regulation on data descriptions

Application assistant

Select the controllers from which the data will be retrieved

Apply permit from the controller in question. The exception is those controllers who have delegated permit jurisdiction to Findata.

Please note that Findata is responsible for data permit and amendment applications whenever the data of data controllers covered by the Act on secondary use is combined. When evaluating the competent authority, all data related to the application under the Act must be taken into account.

Apply permit (s) from the controllers in question.

Findata is responsible for data permits of the Finnish Center for Pensions (ETK) and the Finnish Digital Agency (DVV) and / or Statistics Finland if the data are combined with

  • data of other public organizations under the Act on Secondary Use of Health and Social Data (For Statistics Finland, at least two other organizations are needed, for DVV and ETK, one is sufficient)
  • data stored on Kanta services or
  • to the register data of a private social or health care service provider.

Apply permit from Findata.

Findata is responsible for processing and making decisions concerning data permit and amendment applications, when the application applies to:

  • data from numerous public social and health sector controllers
  • register data from one or numerous private social welfare and health care service organisers, or
  • customer data saved in the Kanta Services.

Apply permit from Findata.

The Regional Administrative Agencies (AVI) have delegated the jurisdiction to Findata.

Apply permit from Findata.

National Supervisory Authority for Welfare and Health Valvira have delegated the jurisdiction to Findata.

Apply for a data permit

Finnish Institute for Health and Welfare (THL) has delegated the jurisdiction to Findata. As far as THL is concerned, the delegation of jurisdiction does not apply to its

  • internal permit management
  • the transfer of samples and data transferred to THL Biobank.

Permit is applied from Statistics Finland and the respective data controller. Exceptions are the registrars who have delegated the jurisdiction to Findata.

We are responsible for data permits for data subject to the Secondary Act of Statistics Finland when they are combined

  • to the information of at least two public organizations covered by secondary laws
  • to data stored in Kanta services or
  • to the register data of a private social or healthcare service organizer.

Apply permit from Findata.

Findata is responsible for processing and making decisions concerning data permit and amendment applications, when the application applies to:

  • data from numerous public social and health sector controllers
  • register data from one or numerous private social welfare and health care service organisers, or
  • customer data saved in the Kanta Services.