Security Flaws in Apotti Patient Data System, Paper Reports | Yle Uutiset
The Finnish patient data system Apotti has given social and health workers unwarranted access to sensitive patient information, according to a report from the daily Helsingin Sanomat.
According to Finnish privacy laws, only a select group of health and social workers are allowed access to patient records, but the document reports that there were loopholes in the healthcare system. municipality of Vantaa, where Apotti was first deployed at the end of last year.
The Finnish Data Protection Ombudsman, Reijo Aarnio, told the newspaper that the ombudsman’s office had asked Vantaa to address the shortcomings, adding that Apotti could not be deployed in other municipalities until the system was properly secured.
The Apotti system is expected to be implemented throughout the capital region, including the Helsinki University Hospital and several other municipalities in the Uusimaa region. When it is, the system will contain patient data for approximately 1.6 million people.
Apotti is a uniform social and health information system at regional level, according to the municipal company. Apotti is owned by the University Hospital of Helsinki and the municipalities of Helsinki, Vantaa, Kirkkonummi, Kauniainen, Kerava and Tuusula.