Tietoturva ja tietosuoja hyvinvointialueilla syksyllä 2025

Tuulikki Vehko; Maiju Kyytsönen; Tuula Wester; Antti-Olli  Taipale; Juha Mykkänen

doi:10.23996/fjhw.178626

Authors

Tuulikki Vehko Health service system research, Finnish institute for health and welfare (THL), Helsinki https://orcid.org/0000-0002-0034-8379
Maiju Kyytsönen Health service system research, Finnish institute for health and welfare (THL), Helsinki https://orcid.org/0000-0001-7609-0370
Tuula Wester Finnish institute for health and welfare (THL), Helsinki
Antti-Olli Taipale Finnish institute for health and welfare (THL), Helsinki
Juha Mykkänen Finnish institute for health and welfare (THL), Helsinki https://orcid.org/0009-0009-8369-6552

DOI:

https://doi.org/10.23996/fjhw.178626

Keywords:

computer security, organization and administration, delivery of health care, health information management, surveys and questionnaires

Abstract

Building information security and data protection by experts, along with regular updates, is a prerequisite for the safe use of digital services and information systems in healthcare and social services. The purpose of the study was to examine the views of chief information officers or chief digital officers in wellbeing services counties (WSCs) regarding information security and data protection practices.

The Digital Service System Survey for WSCs was conducted in September 2025 and targeted chiefs working in the information management of 21 WSCs. There was a total of 23 areas because the survey was also sent to the City of Helsinki and HUS Group, the joint authority for Helsinki and Uusimaa. Respondents’ contact details were obtained from the organisations’ websites. An email containing a link to the survey was sent to the respondents. Non-respondents were reminded by email, phone call, or text message. Participation in the survey was voluntary.

Based on the responses (N=21), the counties actively update their Information Security Plan. Subcontracting chains had been moderately take account in these plans in one third of the counties (n=8/21), and in about half of the counties they had been take account comprehensively or very comprehensively. Most counties (n=15/21) regularly prepare an information accountability report. Fewer than half of the counties (n=9/21) have, during the past three years, carried out non-statutory communication to residents about information security and data protection related to digital health services or the processing of client data.

Information security and data protection form the foundation for building and delivering reliable and secure services for the population. Regular updating of the Information Security Plans enables to take new risks into account in time. The voluntary information accountability report has proved useful in drawing a situational picture of the counties. In the development of information security in WSCs, the focus should be shifted to strengthening resources, taking increasingly comprehensive account of subcontracting chains in organization's information security plans, and increasing communication with the inhabitants about information security related issues to build trust.

The data collection carried out in this study and its follow-up will be important in the future, as up-to-date information enables informed decisions and improves overall management.

Information security and data protection in wellbeing services counties in autumn 2025

Authors

DOI:

Keywords:

Abstract

Downloads

Published

Issue

Section

License

How to Cite

esittely

Latest publications