Page 1

Listen

Easy to read

Sign language

In English

Other languages

Search on riksdagen.se

Start

Members & parties

The committees & the EU committee Debates & decisions

Documents & laws

Start Documents
/
& laws Patient/ Data Act (2008: 355)

Patient Data Act (2008: 355)
tom SFS 2021: 365

SFS no : 2008: 355
Ministry / authority : Ministry of Social Affairs
Issued : 2008-05-29
Modified : until SFS 2021: 365
Change register : SFSR (Government Offices)
Source : Full text (Government Offices)

Content:
1 chap. The law's scope of application etc.
Chapter 2 Basic provisions on the processing of personal data
Chapter 3 The obligation to keep a patient record
Chapter 4 Basic rules on internal confidentiality and electronic
access within a caregiver's business
Chapter 5 Basic provisions on disclosure of information and
documents and certain obligation to provide information
Chapter 6 Coherent record keeping
Chapter 7 National and regional quality registers
Chapter 8 Rights for the individual
Chapter 9 Taking care of and returning patient records
Chapter 10 Appeal
Transitional provisions

1 chap. The law's scope of application etc.
Scope of the law
Section 1 This Act applies to caregivers' processing of personal data within
Healthcare. The law also contains provisions on the obligation to keep
patient journal.
The law also applies in applicable parts to information about deceased persons.
The law does not apply to such processing of personal data as referred to in it
original wording of Article 2 (2) (d) of the Regulation of the European Parliament and of the Council
(EU) 2016/679 of 27 April 2016 on the protection of individuals with
with regard to the processing of personal data and on the free flow of such data
information and repealing Directive 95/46 / EC (General
Data Protection Regulation), hereinafter referred to as the EU Data Protection Regulation. Law
(2018: 447) .

The purpose of the team
Section 2 Information management in health care shall be organized as follows
that it meets patient safety and good quality and promotes
cost-effectiveness.
Personal data must be designed and otherwise processed so that patients and others
the privacy of the data subject is respected.
Documented personal data must be handled and stored so that unauthorized persons do not
get access to them.

Definitions
§ 3 / Ceases to apply U: 2021-07-01 / In this law the following expression is used with
meaning given below.
Expression

Meaning

Health care Activities referred to in health and medical care
the Health Care Act (2017: 30),
the Dental Care Act (1985: 125), the Act
(1991: 1128) on compulsory psychiatric care,
the law (1991: 1129) on forensic psychiatry
care, the Infection Control Act (2004: 168),
the Act (1972: 119) on the determination of
gender in some cases, the law
(2006: 351) on genetic integrity etc.,
the Act (2018: 744) on insurance medicine
investigations, the law (2019: 1297) on
coordination efforts for those on sick leave
patients and the repealed law
(1944: 133) on castration.
Journal handling

Presentation in writing or picture and
recording that can be read, listened to
or otherwise perceived only
with technical aids and as
established or received in connection with
the care of a patient and which contains
information about the patient's state of health
or other personal circumstances
or if taken or planned
care measures.

Patient journal

One or more journal documents such as
concerns the same patient.

Cohesive
record keeping

An electronic system that does that
possible for a caregiver to give or
gain direct access to personal data
at another care provider.

Healthcare providers

State authority, region and municipality in

question of such health care as
the authority, the region or the municipality has
responsibility for (public care provider) and
other legal person or individual
traders engaged in health and
healthcare (private care provider).
Lag (2019: 1299) .
§ 3 / Entry into force I: 2021-07-01 / In this law the following expression is used with
meaning given below.
Expression

Meaning

Health care Activities referred to in health and medical care
the Health Care Act (2017: 30),
the Dental Care Act (1985: 125), the Act
(1991: 1128) on compulsory psychiatric care,
the law (1991: 1129) on forensic psychiatry
care, the Infection Control Act (2004: 168),
the Act (1972: 119) on the determination of
gender in some cases, the law
(2006: 351) on genetic integrity etc.,
the Act (2018: 744) on insurance medicine
investigations, the law (2019: 1297) on
coordination efforts for those on sick leave
patients, the law (2021: 363) on aesthetics
surgical procedures and aesthetics
injection treatments as well as the suspended one
the law (1944: 133) on castration.
Journal handling

Presentation in writing or picture and
recording that can be read, listened to
or otherwise perceived only
with technical aids and as
established or received in connection with
the care of a patient and which contains
information about the patient's state of health
or other personal circumstances
or if taken or planned
care measures.

Patient journal

One or more journal documents such as
concerns the same patient.

Cohesive
record keeping

An electronic system that does that
possible for a caregiver to give or
gain direct access to personal data
at another care provider.

Healthcare providers

State authority, region and municipality in

question of such health care as
the authority, the region or the municipality has
responsibility for (public care provider) and
other legal person or individual
traders engaged in health and
healthcare (private care provider).
Lag (2021: 365) .
The relationship to other data protection regulations
Section 4 This Act contains provisions that supplement the EU's
data protection regulation, in such processing of personal data in health and
healthcare that is fully or partially automated or where the data is included in or
are intended to be part of a structured collection of personal data that is
available for search or compilation according to specific criteria.
The law applies to the processing of personal data referred to in the first paragraph
(2018: 218) with supplementary provisions to the EU Data Protection Regulation
and regulations issued in connection with that law, unless otherwise provided
of this Act or regulations issued in connection with the Act. Law
(2018: 447) .

Chapter 2 Basic rules for the treatment of
personal data
Scope of the chapter
Section 1 The provisions of this chapter shall apply to such treatment of
personal data referred to in ch. 4 §.

The individual's attitude to personal data processing
Section 2 Processing of personal data that is permitted under this Act may be performed
even if the individual opposes it. However, this does not apply in the cases specified in
Chapter 4 4 §, 6 kap. and Chapter 7 § 2 or if something else is stated in another law or
Regulation.
Section 3 The processing of personal data that is not permitted under this Act may nevertheless take place
take place, if the individual has given express consent to the treatment. It concerns
however, not in the cases specified in ch. 6 § 5 or if something else appears from another
law or regulation.
The government may issue regulations that a processing of personal data such as
is not permitted under this Act nor in other cases may be performed despite the fact that it
individual has given consent to the treatment.

Purpose of personal data processing
Section 4 Personal data may be processed in health care if necessary
for
1. to fulfill the obligations specified in ch. and establish another
documentation needed for and for the care of patients,
2. administration which concerns patients and which aims to provide care in individual cases
or otherwise caused by care in individual cases,
3. to prepare other documentation that follows from law, regulation or other
constitution,
4. to systematically and continuously develop and ensure the quality of
the business,
5. administration, planning, follow-up, evaluation and supervision of
the business, or
6. to produce statistics on health care.
I 7 kap. Sections 4 and 5 contain special provisions on the purposes of treatment
of personal data in national and regional quality registers.
Section 5 Personal data that is processed for purposes specified in section 4 may also
processed in order to fulfill the reporting that takes place in accordance with
law or regulation. Personal data may also be processed for other purposes,
provided that the data are not processed in a way that is incompatible
for the purpose for which the data were collected. Lag (2018: 447) .

Personal data responsibility
Section 6 A care provider is responsible for the processing of personal data
personal data performed by the care provider. In a region and a municipality are each
authority that conducts health care personal data controller for it
processing of personal data carried out by the authority.
The personal data liability according to the first paragraph also includes such processing of
personal data such as the care provider, or the authority of a region or a
municipality that is responsible for personal data, performs when the care provider or authority
through direct access in an individual case prepares access to personal data about a
patient with another care provider or other authority in the same region or
municipality.
In Chapters 6 and 7 there are special provisions on personal data liability. Law
(2019: 931) .

Personal data that may be processed
Section 7 A care provider may only process such personal data as is necessary for
the purposes specified in section 4. Information on offenses involving crime,
judgments in criminal cases, coercive measures in criminal proceedings or administrative
Detention may only be dealt with if it is absolutely necessary for one
such purpose. Even a caregiver who is not a government agency, region or
under these conditions, the municipality may process information about violations of the law.
Lag (2019: 931) .
Section 7 a Personal data referred to in Article 9 (1) of the EU Data Protection Regulation
(sensitive personal data) may be processed in accordance with Article 9 (2) (h) of the Regulation
provided that the requirement of professional secrecy laid down in Article 9 (3) of the Regulation is
fulfilled. Lag (2018: 447) .

Search term
Section 8 Sensitive personal data or information on offenses referred to in section 7
may not be used as a search term. Nor does it receive information that anyone has received
assistance or has been the subject of other interventions in the social services or according to
The Aliens Act (2005: 716) is used as a search term.
Despite the prohibition in the first paragraph, it is permitted to use information as a search term
if
1. health, or
2. that someone has been the subject of coercive intervention in accordance with the Act (1991: 1128) on
compulsory psychiatric care or the Act (1991: 1129) on forensic psychiatric care.
The government may issue regulations that a caregiver, despite the ban in the first
paragraph, may use information on ethnicity or information relevant to
infection control and that someone has received assistance or other efforts within the social services
or have been the subject of measures under the Aliens Act as a search term for doing
certain types of compilations. Lag (2018: 447) .

Chapter 3 The obligation to keep a patient record
Introductory provision
Section 1 When caring for patients, a patient record shall be kept. A patient record must be kept
for each patient and may not be common to several patients.
I 6 kap. there are provisions on direct access to other care providers' information on
patients through cohesive record keeping.

The purpose of a patient record
Section 2 The purpose of keeping a patient record is primarily to contribute to a good and
safe care of the patient.
A patient record is also a source of information for
- patients,
- follow-up and development of the business,
supervision and legal requirements,
obligation to provide information according to law, and
research.

Persons who are required to keep a patient record
§ 3 Obliged to keep a patient record is
1. the one who according to ch. The Patient Safety Act (2010: 659) has identification or
special appointment to pursue a particular profession,
2. a person who, without having identification for the profession, performs tasks as otherwise
should only be performed by a speech therapist, psychologist or psychotherapist in the general
health care or perform such tasks within the individual health
and healthcare as an assistant to a licensed professional,
3. a person who, without having identification for the profession, performs the same kind of tasks
in general health care as a health care curator,
and
4. the person who performs interventions in accordance with the Act (2019: 1297) on coordination interventions for
sick leave patients.
Lag (2019: 1299) .

Responsibility for information in a patient record
Section 4 The person who keeps the patient record is responsible for his or her information in the record.

Content of a patient record
Section 5 A patient record may contain only the information needed for them
purposes specified in ch. § 4 first paragraph 1 and 2.
Section 6 A patient record shall contain the information needed for a good and
safe care of the patient.
If the information is available, a patient record must always contain
1. information about the patient's identity;
2. essential information about the background to the care;
3. information on the diagnosis and reason for more significant measures;
4. essential information on measures taken and planned;
5. information about the information provided to the patient, his
guardians and other close relatives and about the positions taken
in terms of choice of treatment options and the possibility of a new medical
assessment, and
6. information that a patient has decided to refrain from certain care or treatment.
The patient record must also contain information about who has done a certain thing
note in the journal and when the note was made. Lag (2014: 827) .
Section 7 In addition to what is prescribed in Sections 5 and 6, a patient record may contain them
information that according to law or other statute must be recorded in a patient record.
Section 8 If the patient considers that an entry in the patient record is incorrect or
misleading, it should be noted in the journal.
Section 9 Information to be recorded in accordance with Sections 6-8 shall be entered in the record as soon as possible
as possible.
§ 10 / Ceases to apply U: 2021-07-01 / A journal entry shall, if not
there is any particular obstacle, signed by the person responsible for the task.
Section 10 / Entry into force I: 2021-07-01 / A journal entry shall, if not
unnecessary or there is any particular obstacle to it, signed by whoever is
responsible for the task. Lag (2020: 1042) .
Section 11 If a record document or a transcript or copy of the document has
handed out to someone, it must be documented in the patient record who has received
the document, transcript or copy and when it has been released. This applies
however, not disclosure by direct access.
Section 12 / Ceases to apply U: 2021-07-01 / The Government or the authority that
the government decides may issue regulations on exemptions from section 6 second
paragraph 1 with regard to sampling for a certain disease and from § 10 if
signing requirements.
The government or the authority determined by the government may notify
regulations on the content and design of a journal document.
Section 12 / Entry into force I: 2021-07-01 / The Government or the authority that
the government decides may issue regulations on
1. exemption from § 6 second paragraph 1 with regard to sampling for certain
disease,
The signing requirement pursuant to section 10 and on exemptions therefrom, and
3. content and design of journal documents.
Lag (2020: 1042) .

The language in patient records
Section 13 The medical records documents prepared in the health care system shall be
written in the Swedish language, be clearly designed and as easy as possible to
understand for the patient.
The government or the authority determined by the government may notify
regulations that such a journal document may be written in a language other than
Swedish.

Handling of journal documents
Section 14 Information in a medical record document may not be deleted or made illegible in others
cases other than those referred to in Chapter 8. 4 §.
When correcting an error, it must be stated when the correction has taken place and who
has done it.
Section 15 The Government or the authority determined by the Government may notify
regulations on how journal documents are to be handled and stored.

Obligation to issue a certificate of care
Section 16 A person who according to section 3 is obliged to keep a patient record shall, at the request of
the patient issue a certificate of care.

Preservation of journal documents
Section 17 A record document shall be preserved for at least ten years after the last statement
was brought into the document. The government or the authority of the government
decides may issue regulations that certain types of journal documents shall
preserved for longer than ten years.
Special provisions for the preservation of documents taken care of
following a decision by the Swedish Health and Care Inspectorate can be found in ch. 4 §. Law
(2012: 954) .
Section 18 For journal documents that constitute public documents, the following applies
exceptions that follow from section 17, the Archives Act (1990: 782) and the provisions that
announced with the support of the Archives Act.

Patient records in war etc.
Section 19 The Government may issue special regulations on patient records in war, at
danger of war or in such extraordinary circumstances as are caused by
that it is war outside Sweden's borders or that Sweden has been at war or
danger of war.

Chapter 4 Basic rules on internal confidentiality and
electronic access within a caregiver's business
Internal secrecy
Section 1 Anyone who works for a care provider may take part in documented information
about a patient only if he or she participates in the care of the patient or otherwise
reasons need the information for their work in health care.

Allocation of authorization for electronic access
Section 2 A care provider shall determine the conditions for granting authorization for access
to such data on patients that are fully or partially automated. Such
eligibility shall be limited to what is necessary for the individual to be able to
perform their duties in health care.
Personal data that is processed in an investigation in accordance with the Act (2018: 744) on
insurance medical investigations for purposes specified in ch. § 4 first
paragraphs 1 and 2 may not be made available by electronic access to the person who
works at another care unit or within another care process at the same
healthcare providers. That law contains special provisions on electronic access
such investigations.

Dictionary

search

This is how the Riksdag works Web TV

The government or the authority determined by the government may notify
regulations on the allocation of authorization in accordance with the first paragraph for access to
data kept fully or partially automated. Lag (2018: 747) .

Electronic access control
Section 3 A care provider shall ensure that access to such information about patients as
fully or partially automated is documented and can be controlled.
Caregivers must make systematic and recurring checks of whether anyone
unauthorized access to such information.
The government or the authority determined by the government may notify
regulations on documentation and control in accordance with the first paragraph.

The patient's ability to restrict electronic access for healthcare purposes
Section 4 Personal data documented for purposes specified in Chapter 2 § 4
first paragraphs 1 and 2 of a care unit or within a care process may not be made
available through electronic access for the person working at another
care unit or within another care process at the same care provider, if the patient
opposes it. In such cases, the task must be blocked immediately.
However, guardians of a child do not have the right to block the child's information.
Information that there is blocked information may be available to others
care units or care processes.
Section 5 A block pursuant to section 4, first paragraph, may be lifted by a competent executive
at the care provider, if
1. the patient agrees to it, or
2. the patient's consent can not be obtained and the information can be assumed to have
importance for the care that the patient inevitably needs.
Information about care units or care processes that blocked the information must in that case
referred to in 2 are made available.
Thereafter, only such information that can be assumed to be important for the care of
the patient is made available.

Identity protection in some cases
Section 6 / Ceases to apply U: 2021-05-01 / In Section 14 of the Act (1996: 1156) on prescription registers
there are provisions for the E-health authority to disclose certain information to
regions on the prescribing of medicines and other goods and that information on
the patient's identity must be encrypted upon disclosure.
Data referred to in the first paragraph may not be processed for the purpose of disclosing a patient
identity without the patient's consent.
Information about a patient's identity that has been documented in health and
healthcare and which the regions must co-operate with such tasks as
referred to in the first paragraph, shall be encrypted so that the patient's identity is protected at
the treatment. Lag (2019: 931) .
Section 6 / Entry into force I: 2021-05-01 / I Chapter 6 Section 3 of the Act (2018: 1212) on national
list of medicines, there are provisions for the e-health authority to release
certain information to the regions on the prescribing of medicines and other goods and
that information about the patient's identity must be encrypted upon disclosure.
Data referred to in the first paragraph may not be processed for the purpose of disclosing a patient
identity without the patient's consent.
Information about a patient's identity that has been documented in health and
healthcare and which the regions must co-operate with such tasks as
referred to in the first paragraph, shall be encrypted so that the patient's identity is protected at
the treatment. Lag (2019: 991) .

Chapter 5 Basic provisions on the release of
information and documents as well as certain information obligation
Provisions in other laws
Section 1 Provisions on the right to take part in documents and information within it
general health care is contained in the Freedom of the Press Ordinance and the
and the Secrecy Act (2009: 400). Lag (2009: 525) .
Section 2 The Patient Safety Act (2010: 659) contains provisions that limit
the possibility of disclosing information from the individual health service. Law
(2010: 677) .

Authority's obligation to provide information from a journal drawn up within
individual health care
Section 3 An authority which according to ch. takes care of a patient record drawn up
in individual health care has, if information from the medical record is requested for special
case, the same obligation to provide the information for which it was responsible
the record before handing over to the authority.

Disclosure by direct access
Section 4 Disclosure through direct access to personal data is permitted only in it
to the extent specified in law or regulation.
If a region or a municipality conducts health care through several
authorities, such an authority may have direct access to personal data such as
processed by any other such authority in the same region or municipality.
Further provisions on disclosure through direct access are found in Section 5, Chapter 6.
and in ch. 7 9 §. Lag (2019: 931) .
Section 5 A care provider may allow an individual direct access to such information about
the individual himself who may be disclosed to him or her and who is treated
for purposes specified in ch. § 4 first paragraph 1 and 2. The individual receives under
the same conditions allow direct access to such documentation as
referred to in ch. 4 § 3, first paragraph, first sentence.
The government or the authority determined by the government may notify
regulations on the requirements for safety measures that shall apply to such
direct access referred to in the first subparagraph.

Delivery on medium for automated processing
Section 6 If a personal data is disclosed, it can be done on a medium for automated
treatment.

Chapter 6 Coherent record keeping
Direct access to information from another care provider
§ 1 / Ceases to apply U: 2021-07-01 / A care provider may, under the conditions
as stated in section 2, have direct access to personal data processed by others
care providers for purposes specified in ch. § 4 first paragraph 1 and 2.
A care provider may not have direct access to personal data processed by one
another care provider in an investigation according to the law (2018: 744) on
insurance medical investigations. That law contains special provisions on
direct access in such investigations. Lag (2018: 747) .
§ 1 / Entry into force I: 2021-07-01 / A care provider may, under the conditions that
specified in section 2, have direct access to personal data processed by others
care providers for purposes specified in ch. § 4 first paragraph 1 and 2.
A care provider may not have direct access to personal data processed by one
another care provider in an investigation according to the law (2018: 744) on
insurance medical investigations. That law contains special provisions on
direct access in such investigations.
A care provider may not have direct access to personal data processed by one
other care providers in activities covered by the Act (2021: 363) on aesthetics
surgical procedures and aesthetic injection treatments. In that law there is
special provisions on direct access to such activities.
Lag (2021: 365) .

The patient's influence in cohesive record keeping etc.
Section 2 If a patient objects, he or she receives other information about the patient than them
referred to in the second paragraph are not made available to other care providers by
coherent record keeping.
Information that there is blocked information about a patient and information about which one
care providers who have blocked the information may be made available to other care providers
through coherent record keeping. Another care provider may receive information about
which care provider has blocked the data only under those conditions
as specified in § 4.
Before information about a patient is made available to other care providers through
coherent record keeping, the patient should be informed about what the cohesive
record keeping means and that the patient may object to other information
than those specified in the second paragraph are made available to other care providers through
coherent record keeping.
If a patient objects to tasks other than those specified in others
the paragraph is made available to other care providers through coherent record keeping
the data must be blocked immediately. However, the guardian of a child can not
block information about the child. A patient can request it at any time
caregivers who have blocked the data lift the block.
Unobstructed information about the patient must be made available to the care providers
connected to the system of unified record keeping. A further one will be introduced
information in the system that there is unresolved information about the patient. Other
care providers must be able to take part in this task without taking part in the information about which
caregivers who have made the information available and the content of other information.
Section 2 a A care provider may make information about a patient that is not only temporary
lacks the ability to take a position according to § 2 available to the care providers who are
connected to the system of unified record keeping, if
1. the patient's attitude to such personal data processing as far as
possible clarified, and
2. there is no reason to assume that the patient would have objected
personal data processing. Lag (2014: 829) .
Section 3 In order for a care provider to be allowed to process information as another care provider
made available in the system of coherent record keeping according to § 2 fifth
paragraph is required that
1. the information relates to a patient with whom there is a current patient relationship;
2. the data can be assumed to be important for prevention, investigation or treatment
diseases and injuries of the patient in health care, or to
assess the need for or carry out initiatives in accordance with the Act (2019: 1297) on
coordination efforts for patients on sick leave, and
3. the patient agrees to it.
The care provider may also process such information about
1. the information concerns a patient for whom there is or has been a patient relationship
with,
2. the information may be presumed to be relevant for the purpose of issuing the certificate in question
and Chapter 3 § 16, and
3. the patient agrees to it.
In order for a care provider to be allowed to process such information as a guardian
does not have the right to block according to § 2 fourth paragraph second sentence is required to
the conditions under the first paragraph 1 and 2 or the second paragraph 1 and 2 are
fulfilled. Lag (2019: 1299) .
Section 3 a A care provider may take part in information about which care provider has done
information available under § 2 or 2 a, if the patient is not only temporarily absent
ability to give consent in accordance with section 3, first paragraph 3.
The care provider may also process the information referred to in section 2 or 2 a, if
1. the care provider assesses that these can be assumed to be important for the care that is
necessary with regard to the patient's state of health,
2. the patient's attitude to such personal data processing as far as
possible clarified, and
3. there is no reason to assume that the patient would have objected
personal data processing. Lag (2014: 829) .
Section 4 If there is blocked information about a patient and there is a danger of it
his life or there is otherwise a serious risk to his health, sheep
the care provider, if the patient cannot lift the block in accordance with section 2, fourth paragraph, take part
of information about which care provider or providers has blocked the information. If
the caregiver, on the basis of this information, assesses that the blocked information
can be assumed to be important for the care that the patient inevitably needs
the caregiver requests from the caregiver who has blocked the information that he or she has
lifts the latch.
If there is unresolved information about a patient and there is a danger to him or her
life or there is otherwise a serious risk to his health, the caregiver may, if
the patient's consent can not be obtained according to § 3, take part of information on which or
which care providers have made the information available. About the caregiver with
management of this information assesses that the unobstructed information can be assumed to have
importance for the care that the patient inevitably needs, the caregiver receives
process the unallocated data.
Section 5 A care provider may not process another care provider's information about one
patient in the system of coherent record keeping under other conditions
than those specified in §§ 3-4, even if the patient expressly agrees to it.
Lag (2014: 829) .

Personal data responsibility for coherent record keeping
Section 6 The Government or the authority determined by the Government may notify
regulations on who shall have personal data responsibility for overall issues of
technical and organizational security measures for coherent record keeping.
Page 2

I 2 kap. Section 6 contains general provisions on personal data liability.

Authorization assignment and access control
Section 7 The provisions of Chapter 4 Sections 2 and 3 also apply to authorization allocation
and access control for coherent record keeping.

Preservation and thinning
Section 8 When patient records are available to several care providers through cohesion
record keeping applies to the obligation according to ch. § 17 to preserve a record document
only the caregiver responsible for the action.
If a record document or other document is available to an authority only
through coherent record keeping and the authority is not responsible for it, may
the authority thins the document from its archive.

Chapter 7 National and regional quality registers
Introductory provision
Section 1 Quality register refers to an automated and structured collection of
personal data set up specifically for the purpose of systematically and
continuously develop and ensure the quality of care. The quality registers must enable
comparison in health care at national or regional level.
The provisions of this chapter apply to national and regional quality registers
in which personal data is collected from several care providers.

The individual's attitude to treatment in quality registers
Section 2 Personal data may not be processed in a national or regional manner
quality register, if the individual opposes it.
If the individual opposes the processing of personal data after it has begun,
the information shall be deleted from the register as soon as possible.
Section 2 a For the individual who is not only temporarily incapable of taking a position
pursuant to section 2, first paragraph, personal data may be processed in a national or
regional quality register, if
1. his or her attitude to such personal data processing so far
as possible clarified, and 2. there is no reason to assume that he or she
would have opposed the processing of personal data.
Personal data in a quality register shall be deleted as soon as possible, if so
after the processing of personal data has begun, there is reason to assume that
the individual would oppose it. Lag (2014: 829) .

Information
§ 3 Before personal data is processed in a national or regional
quality register, the person responsible for personal data must ensure that the individual,
in addition to the information to be provided in accordance with ch. § 6, receives information about
the right to have information about himself deleted from the register at any time.
If it is not possible to provide the information before the personal data processing
commenced, it shall be left as soon as possible thereafter. Lag (2018: 447) .

Purpose of quality register
§ 4 Instead of what is stated in ch. Sections 4 and 5 apply to personal data in
national and regional quality registers may be processed for the purpose of:
systematically and continuously develop and ensure the quality of care.
Section 5 Personal data that is processed for the purposes specified in section 4 may also
treated for the purposes
1. production of statistics,
2. research in health care,
Disclosure to the person who is to use the data for the purposes specified in 1
and 2 or in § 4, and
4. fulfillment of any other information obligation that follows from law or
regulation than that specified in ch. 6 Section 5 of the Public Access to Information and Secrecy Act
(2009: 400). Lag (2009: 525) .
Section 6 Personal data in national and regional quality registers may not be processed
for any purpose other than those specified in §§ 4 and 5.

Personal data responsibility
Section 7 Only authorities in health care may be
personal data controllers for central processing of personal data in a national
or regional quality register.
The government or the authority determined by the government may decide
derogation from the first paragraph.
I 2 kap. Section 6 contains general provisions on personal data liability.

Personal data that may be processed
Section 8 Only such personal data as is necessary for the purposes specified in section 4
may be processed in a national or regional quality register.
An individual's social security number or name may be processed in a national or regional
quality register only if it is not sufficient for the purposes specified in § 4 that
use coded personal data or personal data that can only indirectly
attributed to the individual.
Data on health may be processed in national and regional quality registers.
Other sensitive personal data may be processed nationally and regionally
quality register only about the government or the authority of the government
decides in individual cases allows it.
Sensitive personal data may be processed pursuant to Article 9 (2) (h) of the EU
data protection regulation provided that the requirement of professional secrecy in Article 9 (3) (i)
the regulation is complied with. Lag (2018: 447) .
Section 8 a Information on violations of the law referred to in Chapter 2 Section 7 may be dealt with in
national and regional quality registers only if the government or it
authority determined by the government in individual cases allows it. Lag (2018: 447) .

Disclosure by direct access
Section 9 A care provider may have direct access to the information provided by the care provider
to a national or regional quality register.

Preservation and thinning
Section 10 Personal data in a national or regional quality register shall be thinned out
when they are no longer needed for the purpose specified in section 4.
An archival authority within a region or a municipality may, however, prescribe that
personal data in a national or regional quality register kept within
the region or municipality may be preserved for archival purposes of general interest,
scientific or historical research purposes or statistical purposes.
If the government or the authority determined by the government has issued regulations
according to section 7, second paragraph, the government or the authority may also prescribe that
personal data may be retained for such purposes. Lag (2019: 931) .

Chapter 8 Rights for the individual
Right to access information
§ 1 That an authority in general health care under certain
conditions are obliged to disclose medical records and other documents and
information to a patient, is stated in the Freedom of the Press Ordinance and the public and
the Secrecy Act (2009: 400). Lag (2009: 525) .
Section 2 A medical record document in individual health care shall, at the request of
the patient or by a relative of the patient as soon as possible
him or her to be read or transcribed on the spot or in transcript or
copy, unless otherwise follows from ch. 6 § 12 or § 13 first paragraph
the Patient Safety Act (2010: 659).
Questions concerning the disclosure of a record document pursuant to the first paragraph are examined by it
who is responsible for the journal document.
The person responsible considers that the record document or any part of it should not be submitted
out, he or she shall immediately submit the matter to the Inspectorate with his or her own opinion
for care and care for trial. Lag (2012: 954) .
Section 3 has been repealed by law (2018: 447) .

Destruction of patient records
Section 4 On application by the patient or someone else mentioned in a
patient record, the Swedish Health and Care Inspectorate may decide that the record completely or
partially to be destroyed.
The preconditions for this are that
1. acceptable reasons are given for the application;
2. the patient record or the part of it to which the application obviously does not relate
needed for patient care, and
3. from a general point of view, there is obviously no reason to preserve the record.
Before the application is finally examined, the person responsible for a record document who
covered by the application is given an opportunity to comment. Lag (2012: 954) .

Information
Section 5 A care provider shall, at the request of a patient, provide information about it
direct access and electronic access to patient data such as
occurred.
The government or the authority determined by the government may notify
detailed rules on information pursuant to the first paragraph.
Section 6 In addition to what is stated in Articles 13 and 14 of the EU
Data Protection Ordinance, the person who is responsible for personal data in accordance with this Act
provide information to the data subject about
1. the obligation to provide information that may result from law or regulation;
2. the confidentiality and security rules applicable to the data; and
the treatment,
The right according to ch. 4 § 4 to in certain cases request that information be blocked,
4. the right under § 5 to obtain information about the direct access and electronic
access that has occurred,
5. the right under Article 82 of the EU Data Protection Regulation and Chapter 7 § 1 of the law
(2018: 218) with supplementary provisions to the EU Data Protection Regulation to
damages in the processing of personal data in violation of this law, and
6. what applies in terms of search terms, direct access and disclosure of
data on medium for automated processing.
I 6 kap. § 2 and ch. 7 Section 3 contains further provisions on what information
to be provided in certain cases. Lag (2018: 447) .

Other rights under this law
Section 7 This Act contains regulations on other rights for the individual in Chapter 3. 8
§, 4 kap. 4 §, 6 kap. Section 2 and Chapter 7 2 and 3 §§.

Chapter 9 Disposal and return of
patient journal
Prerequisites for disposal
§ 1 If it can be assumed for probable reasons that patient records within individual health
and healthcare will not be handled in accordance with this law or regulations
which has been announced in connection with the law, the Inspectorate for Health and Care
decide that the patient records should be taken care of.
The Health and Care Inspectorate may also decide on the care of
patient records in individual health care, if
1. the person responsible for the management of the records shall apply for it, and
2. there is a clear need for the records to be taken care of. Lag (2012: 954) .

Conditions for return
Section 2 A patient record taken into care shall be returned, if possible
there are no grounds for disposal according to § 1. Decision regarding return
notified by the Swedish Health and Care Inspectorate upon application by the person who at
the decision on custody was responsible for the handling of the record.
Lag (2012: 954) .

The responsibility for taken care of journals
Section 3 Patient records that have been disposed of in accordance with section 1 shall be kept separate at
the archival authority of that region or, in the case of a municipality which does not belong to any
region, the municipality where the records are located. The Health and Care Inspectorate shall
In each decision on disposal, state with which archival authority the records
to be stored. Lag (2019: 931) .

Preservation of records kept

Section 4 Recorded documents kept shall be preserved for at least ten years from the time they are issued
came in to the archives authority.

Enforcement of decisions on care
Section 5 A decision on the care of patient records may also be enforced if
it has not gained legal force, unless otherwise provided in the decision.
The police authority shall provide the assistance necessary to enforce a decision on
care of patient records.

Chapter 10 Appeal
Section 1 Has been repealed by law (2018: 447) .
Section 2 The Health and Care Inspectorate's decision to reject an application for
destruction of a patient record according to ch. 8 § 4 first paragraph, and in the case of
disposal or return of patient records according to ch. 9 §§ 1 and 2,
may be appealed to a general administrative court. Trial permit required at
appeal to the Court of Appeal.
Regarding an appeal by the Swedish Health and Care Inspectorate's decision according to 8
Cape. Section 2, second paragraph, applies in applicable parts, Chapter 6. 7-11 §§ publicity and
the Secrecy Act (2009: 400).
Other decisions under this Act may not be appealed.
Lag (2018: 447) .

Transitional provisions
2008: 355
1. This Act enters into force on 1 July 2008, when the Patient Records Act (1985: 562)
and the Act (1998: 544) on care registers shall cease to apply.
2. The provisions in ch. 7 shall not apply until 1 July 2009 in
question of national and regional quality registers that have started to be maintained before this
entry into force of the law.
3. The provisions in ch. 7 Sections 2 and 3 do not apply to personal data such as
processed in national and regional quality registers before 1 July 2009.
2012: 954
1. This Act shall enter into force on 1 June 2013.
2. In applying section 7 a of the Administrative Procedure Act (1971: 291) shall
The Health and Care Inspectorate be the individual's counterpart.
2018: 747
1. This law enters into force on 1 January 2019.
2. The new provisions shall apply to insurance medical examinations
as requested by the Swedish Social Insurance Agency from the entry into force.

Our other websites

Follow Sweden's Riksdag

Subscribe

EU information

For you who want to monitor the work in the house and
committees, there are several different ways to choose from.

Open data

Follow & subscribe

Follow President Andreas Norlén

Celebrate democracy!

The switch

Contact

Work with us

Press

For teachers

Visit the Riksdag

The Riksdag Library

08-786 40 00
Questions about the Riksdag and the EU?
020-349 000
riksdagsinformation@riksdagen.se

Order and download

Registrar
registrator.riksdagsforvaltningen@riksdagen.se

All public power in Sweden is based on the people and the Riksdag is
the main representative of the people.
To the top
About the site

Cookies Availability

Listen

Easy to read

Sign language

In English

Other languages

Dictionary

