Experiences about Finnish Personal Health Record data repository (part 1)

I recently familiarized about Omatietovaranto (Finnish Personal Health Record) data repository service and web interfaces in a work project. Omatietovaranto (PHR) is centralized national location for health and well being data which is produced or measured in applications or devices. Measurable data (observations) can be like steps, activity, weight, blood pressure etc. Omatietovaranto (PHR) is owned by National institute for health and welfare. System is developed and maintained by Kela.

PHR data repository accepts data models in HL7 FIHR standard data format which is a common standard in health systems all around the world. Data content is developed nationally with HL 7 Finland. You can find more information about HL7 Finland from and generally from

Suppliers can integrate their well being and health applications to the PHR if various acceptance criteria are accepted and test process is successfully passed. Tests are controlled and managed by Kela. Acceptance criteria are mostly related general security practices, social and health regulation and data protection of the application. Acceptance criteria must be accepted before applying to the QA-environment (aka AT-test). If healthcare professionals are able to use citizen's PHR data then application should be validated and certified as Class A application (Social and healthcare data system). You can get more information about healthcare professional application requirements from Kela.

Suppliers can freely familiarize to PHR data repository via Sandbox environment which is offered by Kela. Sandbox environment is not fully identically with the real production environment but It's a good place to start. Official site of PHR and information about Sandbox environment can be find from here

Knowledge prerequisites before starting

I listed a few technologies with you should familiarize before start developing and integrating your application to the PHR data repository.

Oauth 2.0

Authorization is handled with Oauth 2.0 protocol in PHR data repository. You should be familiar with Oauth 2.0 authorization flow and most important terms of the flow: authorization server, authorization code, access token, refresh token and resource server.

Oauth 2.0
Oauth 2.0 simplified
Introduction to Oauth 2.0 (has a good picture about Oauth 2.0 authorization flow)
Authorization service in Sandbox environment is located at

Client certificates

PHR QA and production environments require a client certificate which should be passed in requests which are heading to the Token or Resource Server endpoints. Note: Sandbox environment does not require client certificate. Certificate (well being application certificate) should be applied from the Population Register Centre (VRK) when application is approved to the acceptance test.

Client certificate vs Server certificate
C#: HttpClient with client certificates


You should understand how to consume REST API because Omatietovaranto PHR resource server is a REST API.

HAPI-FHIR Sandbox Enviroment Resource Server tool
Resource server documentation
Resource server is located at

FIHR data models

Simplifier Finnish PHR site contains a lot of information about national data models. You can find data model examples from the site. Finnish PHR implementation guide contains ex. min and max data contents of the models.

Finnish PHR implementation guide
Finnish PHR
Fast Healthcare Interoperability Resources
Official site of FHIR

A few notes about Sandbox environment

  1. Sandbox Environment does not require a Client certificate
  2. Sandbox Environment is not updated so frequently than other environments
  3. Sandbox Environment has known issues with self service portal (ex. PHR application client information is not possible to edit after creation - 27.10.2018 fixed)
  4. If you use HAPI-FIHR Resource server tool and you want to observe queries with browser developer tool or Fiddler, notice that tool might use obsolete query standards. You should check all Resource server query parameters from
  5. There are differences in server URL:s when using Authorization, Token and Resource endpoints in Sandbox and other environments