Finland's patient data system Apotti gave social and health care workers unwarranted access to sensitive patient information, according to a report from daily newspaper Helsingin Sanomat.
According to Finnish privacy laws, only a select group of workers within the social and health care sector are permitted to access patient files, but the paper reports there were shortcomings in the system in the municipality of Vantaa, where Apotti was first rolled out at the end of last year.
Finland's Data Protection Ombudsman, Reijo Aarnio, told the paper that the ombudsman's office has called on Vantaa to address the shortcomings, adding that Apotti cannot be rolled out to other municipalities before the system is appropriately secured.
The Apotti system is set to be implemented throughout the capital area, including at Helsinki University Hospital and several other municipalities in the Uusimaa region. When it is, the system will contain patient data of around 1.6 million residents.
Apotti is a regionally uniform social and healthcare information system, according to the municipally-owned company. Apotti is owned by Helsinki University Hospital and the municipalities of Helsinki, Vantaa, Kirkkonummi, Kauniainen, Kerava and Tuusula.