Register an information system in accordance with the Act on the Electronic Processing of Client Data in Healthcare and Social Welfare

The registration notification page will guide you through filling out and submitting the notification. Filling out the registration notification and the appended system form fully and accurately will expedite the processing of your notification.

Once you have filled out the registration notification, attached all the required appendices and submitted it to Valvira, it will be delivered to the Valvira registry.

Please check the following before filling out the registration notification:

• You are about to register an information system according to the Act on the Electronic Processing of Client Data in Healthcare and Social Welfare
• You know what the purpose of the information system is and its profile(s)
• You know to which category the information system belongs
• You have diligently filled out the system form (excel, thl.fi, in Finnish only)
• If your information system is in category A, you have verified that the system has been issued all the documents required for registration; these include a joint testing statement or statements from Kela and a data security certificate issued by a data security inspection body

Once a registration notification is received by Valvira, Valvira will verify that the notification contains all the information required for registration. Valvira will also verify that all the documents required for processing were submitted as appendices to the notification.

If there are any unclear points, omissions, errors or discrepancies in the information provided, Valvira is obliged to investigate the matter for clarification before the information system can be entered in the information system database or details already in the database updated. In such cases, Valvira will contact the information system supplier.

An information system will be entered in the database, or details already in the database updated, once Valvira has received the full and correct information required.

Although not all of the details requested in the registration notification, system form and other appendices will be published in the information system database, the details will nevertheless be stored in the Valvira case management system. If any supervisory measures have to be taken in respect of a system, the details in the registration notification may be used as baseline data in those supervisory measures.

Valvira typically releases a new version of the information system database every Friday. However, if no updates have been made to the database during the week, the release will be postponed to the following Friday.

Public holidays and annual holidays may also have an impact on information system database updates. 

Once an information system has been entered in the Valvira information system database, the information system supplier must ensure that the details in the database are kept up to date until such time as the information system is deleted from the database.

Information system suppliers are required to notify Valvira of the following changes: 

• any new functionality implemented in the information system concerning which a new joint testing statement has been issued for the system
• any repairs made to the information system which have been verified in Kela joint testing and concerning which a new joint testing statement has been issued for the system
• any changes made to the information system pursuant to which a data security inspection body has performed a data security change audit on the information system
• any repairs made to the information system which have been verified in a data security audit performed by a data security inspection body and concerning which a data security certificate has been issued for the system
• updates made to keep the information system compliant with requirements 
• changes to the details of the information system, e.g. change of the product name of the system
• changes to the details of the information system supplier, e.g. change of the name of the supplier or supplier replacement as a result of a corporate acquisition
• removing the information system from production use

See also:

Valvira will charge a fee for updating the information system database when an information system supplier notifies Valvira of any of the following changes: 

• any new functionality implemented in the information system concerning which a new joint testing statement has been issued for the system
• any changes made to the information system pursuant to which a data security inspection body has performed a data security change audit on the information system or, at the request of the supplier, a complete data security audit, concerning which a new data security certificate has been issued for the system
• updates made to keep the information system compliant with requirements
• replacement of the information system supplier, e.g. due to a corporate acquisition

Valvira will not charge a fee when an information system supplier notifies Valvira of any of the following changes, even though they may require updating the information system database:

• purpose of use, profile, context of use or version information
• termination of production use of an information system
• significant nonconformity report
• new product name for the information system
• new contact person, or changes in the details of a contact person
• new name for the information system supplier