Change in data controller responsibility for your medical records as of January 1, 2025
As of January 1st 2025, the Emergency Hospital Board of Region Stockholm (akutsjukhusnämnden) will become the data controller responsible for managing patient records from the following hospitals:
- Danderyds sjukhus
- S:t Eriks ögonsjukhus
- Södersjukhuset
- Södertälje sjukhus
The responsibility for your medical records at these hospitals will be transferred to Region Stockholm's organization.
This change will not affect your healthcare or your access to your medical records.
You do not need to take any action due to this change. Additionally, it is not possible to oppose to this change, as it is carried out in compliance with under the General Data Protection Regulation (GDPR) and the Swedish Patient Data Act.
You will still be able to access your medical records via 1177.se.
Restrictions, access, and consent
As the hospitals will operate under Region Stockholm’s organization starting January 1st, 2025, the rules governing access, restrictions and consent for your healthcare information may change in certain cases:
- Staff access to medical records from other hospitals or other healthcare facilities operated by Region Stockholm will no longer require the patient's explicit consent.
- Consent is still required for these hospitals to access records held by private healthcare providers, or by public healthcare providers from other regions.
- Patients retain the right to request restrictions on their medical records. However, within the healthcare provider Region Stockholm, such restrictions may be overridden with the patient's consent or in emergency situations (starting January 1st, 2025). Contact your healthcare provider if you wish to restrict access to your records.
- Restrictions cannot be overridden by private healthcare providers or by public healthcare providers from other regions.
Note: The General Data Protection Regulation (GDPR) is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR Act controls how your personal information is used by organizations, businesses or the government.
- Last reviewed on: 13 december 2024