Cookies help us to develop our website and to improve its content and availability. Some cookies are necessary to ensure that the website functions properly. You can accept all cookies or just the necessary cookies. To change settings, click Cookie Settings. You can access the settings later from the Cookie practices page of the valvira.fi website.
Select an option below to determine which cookies to allow. When you are ready, click Save and exit. The website works even if you only agree to necessary cookies. There might be some differences, however. You can also change the settings later through our pages. Read more about the cookies on this valvira.fi website.
The necessary cookies are automatically stored on your browser when you use our web service. These cookies are used to ensure that the valvira.fi web service functions as intended.
Web analytics tool (Google Analytics) helps us to understand how our customers use the valvira.fi web service and from where they access the website.
We use the Siteimprove service to monitor the availability of the website, the functioning of links and the visibility of the website on search engines.
Information system suppliers must submit a nonconformity notification to Valvira if they observe any significant nonconformities in their information systems in respect of compliance with essential requirements. Examples of a significant nonconformity would be flaws in the functionality of an information system or faults in interoperability, data security or privacy protection. Further information on when you should submit a nonconformity notification to Valvira is given under What are significant nonconformities?
Any service provider noticing a significant nonconformity in an information system it is using with regard to compliance with essential requirements must report this to the information system supplier. If a significant nonconformity noticed by a service provider is such that it can put client safety, patient safety or data security at risk, the service provider must submit a nonconformity notification to Valvira.
In case of a significant nonconformity putting client safety, patient safety or data security at risk, the nonconformity may also be reported by a pharmacy, by Kela or by THL, for instance. The Data Protection Ombudsman must be notified of any privacy protection nonconformities in compliance with the essential requirements of the information system.
Please note, Fill in the nonconformity notification link is not yet operational. Make a free nonconformity notification and deliver it to Valvira's registry office at email@example.com. If you send confidential information by e-mail, use a secure e-mail connection at the address https://turvaviesti.valvira.fi.
You can also send the nonconformity notification to Valvira/Kirjaamo, PO Box 43, 00521 Helsinki.
Fill in the nonconformity notification
Based on the nonconformity notification, Valvira may initiate supervisory measures in respect of the information system supplier or of the social welfare or health care service provider using the information system.
The term significant nonconformity refers to a circumstance where an information system is no longer compliant with the essential requirements imposed on it as per the Act on the Electronic Processing of Client Data in Healthcare and Social Welfare. A nonconformity may involve a defect in functionality, interoperability, data security or privacy protection.
Significant nonconformities include, but are not limited to:
flaws or errors in the information system that may compromise client or patient safety
flaws or errors in the information system that may compromise data security or privacy protection
flaws or errors in the information system or its operating environment that may compromise the operation of social welfare and health care services
a malfunction of or outage in the Kanta Services that may compromise client or patient safety or the operations of social welfare and health care services
errors in the technical correctness and integrity of client and patient data stored in the Kanta Services, such that may cause extensive disruption e.g. for interoperability
expiry of the data security certificate of the information system
absence of a statutory function in the system
If a system is obviously malfunctioning, Valvira has the authority to rule that the system is exhibiting a significant nonconformity in compliance with essential requirements, regardless of whether the malfunction in question is explicitly defined as a significant nonconformity in THL Regulations, functional requirements or any other specifications.