Atostek ERA has been granted the A3-category certificate for social care and health care information systems. The A3 category is the highest category.
The A3 certificate granted to ERA proves that ERA is compatible with Kanta and a secure social care and health care information system.
Providers of information systems used in social care and health care must categorize their information systems pursuant to the act on the processing of customer information in social care and health care and regulations issued by the Finnish Institute for Health and Welfare (THL).
The categorization of an information system depends, among other things, on the intended purpose of the system, compatibility with Kanta, and the nature and extent of customer information processed in the system.
“We had no trouble with the A3 categorization process, as way over half of the Atostek documentation had already been prepared for the A-category and ISO 13485 certification,” says Atostek’s ERA product manager Marjaana Karttunen.
The information system’s categorization determines what type of certification and registration measures must be performed on the system. An information system in the A3 category must pass both information security requirements and joint testing with the Social Insurance Institution of Finland (Kela).
“The A3 category is the highest. It also includes a separate technical information security testing, during which the auditor will try to breach the system by various means. Certification proves that ERA has been found to be a secure system,” says Karttunen.
Providers of social care and health care services are obliged to ensure that the information system used has been properly audited.
“ERA also fulfills the requirements for a critical-level system, although this is not actually required from us,” Karttunen summarizes.
In future, an A3 certificate will be compulsory for all health care patient systems and social care customer information systems that are directly connected to Kanta Services.