Government registries containing sensitive health data and the implementation of EU directive on the protection of personal data in Finland.

摘要

Legislation on the protection of personal data was first enacted in Finland in 1987 (Act 471/1987) and revised in 1999 (Act 523/1999). The Personal Registries Act of 1987 established a special authority, the "data protection ombudsman" to ensure that a citizen's right to privacy would be maintained despite increased usage of computerised registries containing sensitive data. Health care and medical research, however, have been largely outside the scope of effective scrutiny due to special legislation that gives health care authorities the right to gather and register information on the medical history of an individual citizen. In Finland, the National Research and Development Centre for Welfare and Health (STAKES)--which works in close co-operation with the Ministry of Social Affairs and Health--maintains or supervises several centralised registries containing sensitive data. These registries which are based on an exemption (Act 556/1989) from the general data protection legislation, contain in practice a complete database on all Finnish citizens that have used public health care services. Furthrmore, additional personal information is added into these databases. For example, the central registry on abortions contains not only the identification data of a subject who has had an abortion but also information on the reason for abortion and on the methods of contraception she used. It is noteworthy that these registers are not accessible to the physicians who treat the patient whose data is registered, but are used by the governmental authorities only. At the moment it is unclear whether the recent implementation of an EU directive into the Finnish legislation and the constitutional right to privacy in the revised Finnish constitution (effective from March 1, 2000 onwards) will have any impact on the content or usage of these centralised registers.