Skip to content

Swedish Patient Data Act (HSLF-FS 2016:40)

We are not lawyers, this is not legal advise.

It is your responsibility to discover what law applies to you and how to best comply with it. In case of doubt, consult your Data Protection Officer (DPO) or equivalent.

Note

Controls not covered below are controls which cannot be fulfilled by Compliant Kubernetes. These include requirements such as:

  • Your management team needs to regularly perform various risk analysis.
  • You need to do background checks when recruiting.
  • You need to activate multi-factor authentication in your Identity Provider.
  • You need to have a policy on how to safely use USB sticks.
  • Requirements which fall under the scope of the application.

If you are a Swedish healthcare provider, you likely process patient data. Patient data includes GDPR personal data and patient records. HSLF-FS 2016:40 recommends following ISO 27001.

Please look at the ISO 27001 controls to understand how Compliant Kubernetes helps you keep patient data private and secure.

HSLF-FS 2016:40 3 kap. 9 § Upphandling och utveckling

HSLF-FS 2016:40 3 kap. 10 § Upphandling och utveckling

HSLF-FS 2016:40 3 kap. 12 § Säkerhetskopiering

HSLF-FS 2016:40 3 kap. 13 § Säkerhetskopiering

HSLF-FS 2016:40 3 kap. 14 § Fysiskt skydd av informationssystem

HSLF-FS 2016:40 3 kap. 15 § Behandling av personuppgifter i öppna nät

HSLF-FS 2016:40 4 kap. 2 § Styrning av behörigheter

HSLF-FS 2016:40 4 kap. 3 § Styrning av behörigheter

HSLF-FS 2016:40 4 kap. 9 § Kontroll av åtkomst till uppgifter

Further reading