Astori register under the Client Data Act and the Secondary Use Act

The Astori register is an official register maintained by the Finnish Supervisory Authority. Information system service providers must register their healthcare and social welfare information systems in the register. This registration functions as preliminary supervision, during which the Authority verifies that systems meet the essential requirements set for their intended purpose (profile). 

Information system service providers are responsible for ensuring that all information about their systems remains up to date in Astori. A new registration notification must be submitted to the Authority if:  

• changes are made to a system that affect its conformity with the requirements; or 
• the requirements themselves are amended in a way that necessitates the reassessment of conformity.

Such changes must be reported to ensure that the Authority can verify that the system continues to meet the conditions for registration and complies with current regulations.

Among other tasks, the authorities use the data in the Astori register for:

• the supervision of information system service providers and wellbeing application producers; 
• the supervision of healthcare and social welfare service providers; 
• the supervision of pharmacies; 
• the processing of healthcare and social welfare service providers’ registration applications;  
• deployments of the Kanta Services; 
• the supervision of service providers under the Secondary Use Act; and 
• the granting of data permits under the Secondary Use Act. 

Before deploying a system, service providers and pharmacies must check that the system is registered in the Astori register and does not have a ‘significant deviation’ entry that prevents its deployment.   

Service providers and pharmacies should use the Astori register whenever entering into procurement and maintenance agreements with information system service providers. The Astori register also provides service providers and pharmacies with information about factors of which they should be aware when using the system. These typically include observations made in interoperability testing or information security assessments that may have a bearing on the deployment or secure use of the system.  

Service providers and pharmacies may contact an information system service provider directly if the Astori register includes the following information about the system:

• its information security certificate includes remarks;  
• its conformity with the information security requirement has been approved with compensation; or 
• its conformity with the interoperability requirement has been approved with compensation.

On the front page, select whether you wish to explore the data of information systems, wellbeing applications or operating environments. After you select this, a list of all the information systems, wellbeing applications or operating environments registered in Astori is displayed on the front page.

You can use filters to narrow the selection. Astori will apply your filters immediately, and you do not need to run the search again by clicking on a Search button. You can access the details of a system, application or operating environment by clicking on its name in the list.  

The search criteria for systems, applications and operating environments differ from one another. When you search using the name of a system or application, Astori will also search for any alternative names under which the same system or application is marketed.   

The data displayed in Astori for systems and applications varies depending on their purpose and category. Category A3 patient and client information systems have the most comprehensive details.