Personal data

Sophiahemmet Hospital offers highly specialised care for all through our own clinics and our 40 or so independent care providers.

Sophiahemmet guarantees the safe and secure handling of personal data

Your care provider has responsibility for your treatment and with it, the handling of your personal data. You can find contact details for the care providers at Sophiahemmet Hospital here.
Sophiahemmet AB (SHAB) operates the following clinics/units:
Försäkringsmottagningen, Husläkarmottagningen, Hälsocentralen and Nursing unit.

The body responsible for these services is: Sophiahemmet AB, Box 5605, 114 86 Stockholm
Sophiahemmet AB’s data protection representative:
Christian Benson.

To contact the data protection representative, please write to:
Sophiahemmet AB, Dataskyddsombud, Box 5605, 114 86 Stockholm.

Why we handle your personal data

Every time you come to Sophiahemmet for treatment, we enter your personal details into different healthcare registers. This we need to do to give you the best and safest possible care.
We handle your personal data for the following purposes:

  • your medical records and other documentation necessary to your treatment
  • administration, so that we can provide the care you require
  • other documentation as required by law, ordinance or other such regulation
  • the development and quality-assurance of care provision
  • planning, evaluation and operational control
  • statistics on healthcare outcomes (e.g. for quality registries)

The handling of your personal data for these purposes is regulated by the Patient Data Act (SFS 2008:355)


In some cases, such as sending you emails or text messages, we need your consent to handle your personal data. You are entitled to withdraw your consent at any time, upon which the handling of your data will cease. Note that each care provider also handles your consent, which means the if you wish to withdraw it from multiple providers, you will have to contact each of them separately; this also applies to medical services such as laboratories and radiology.

Categories of personal data

We only collect the data that is essential to the above purposes, such as:

  • name
  • civic registration number
  • address
  • contact details
  • email address
  • health-related information

We also handle sensitive personal data whenever it is necessary to do so in order to provide proper and safe care. In some cases, we also handle the personal data of family members that you or they have submitted.

Confidentiality and security regulations

We may only disclose your personal data if it causes no suffering or harm to you or a member of your family. While we endeavour at all times to do so with your consent, in some situations we are legally obliged to pass on your personal data to the county council and other public authorities. Our staff are bound by non-disclosure agreements to keep your medical records strictly confidential, and security measures, such as limited access authorisation, protect your personal data from unauthorised access.

Saving and deleting data

As a rule, your medical records and the personal data they contain are saved for at least 10 years from the date of your latest appointment at Sophiahemmet. The data required for patient and financial administration are saved for as long as we have legal grounds for handling them and provided it is deemed essential to do so. After that they will be deleted or anonymised so that they can no longer be traced to you personally.


If you have any complaints about how your personal data have been handled and/or protected, please write to your care provider. If your complaint is directed at any of Sophiahemmet AB’s own clinics or units, please write to:

Sophiahemmet AB, Dataskyddsombud, Box 5605, 114 86 Stockholm. You can also contact the Swedish Data Protection Authority if you believe that your personal data have been handled incorrectly.

Shared medical records

A shared medical records system allowing care providers, under certain conditions, to gain direct access to each other’s digital medical records is not fully implemented at Sophiahemmet as many of our providers’ records systems are incompatible or unconnected.

A shared medical records system gives one healthcare provider access to all necessary data for a patient’s diagnosis and care – such as previous test results, medication, diagnoses and treatments – kept by another. As a patient it means there is no need for you to repeat your entire medical history every time you seek help from a new care provider.

It is only the care provider who has an ongoing relationship with you as a patient that can access your records in a shared system. When staff from another provider wish to access your medical records in a shared system, they require the proper authorisation and your explicit consent.

Contact the clinic you visited for more information about shared medical records.

You are entitled to refuse shared access to your records, in which care you are to notify your doctor. If you want to block all or part of your medical records for other providers, please contact your care provider/clinic. Parents/guardians may not block their child’s medical records.

Blocking your medical records

You are entitled to block all or part of your medical records from access by other providers, but it remains your responsibility to inform the staff of what they need to know to be able to provide a good, safe healthcare service. You are to request a block via the clinic/unit you have been in contact with either on the phone or in person.

Lifting a block

If you wish to lift a block you have placed on your medical records, you must do so in person with your healthcare provider and not by proxy.

Emergency access

If your life or health are in danger and you are unconscious or too incapacitated to give your consent, the healthcare workers may still access your medical records. The staff will first check which provider has your records in the shared system, and the details deemed important to your current situation can be opened for access. The staff must contact the other care provider, who can temporarily lift the block and provide emergency access to your records.

National quality registry

So that care services can be evaluated and improved, we report to national quality registries. Each quality registry is run by a central organisation with responsibility for personal data.

As a reporting healthcare provider we have direct access to the information we report to the quality registries. The organisation in charge of the registry can also access your personal details.

We are under no legal obligation to seek your consent to be registered but you do have the right to be informed about it, at which point you may refuse to take part.

You have the right to demand that your details be deleted from a registry at any time. In such cases you must contact the registry in question.


As a patient you often need to provide samples (e.g. blood), some of which are routinely stored in a biobank. A biobank is a collection of samples that are taken for medical purposes, that are saved for longer than two months and that are traceable to a particular person.

As a patient you decide how your samples are to be used. The Biobank Act provides that you are to be informed about and must give your consent to your samples being saved and the purposes to which they may be put. You have the right to change your decision at any time. However, if you have asked for your samples to be destroyed, your request will of course be irrevocable.

Your rights

View your medical records

As a patient you have the right to read and request a copy of your own medical records. If you are over 16 you can view your records via 1177’s online services by logging in with your e-ID. You can find out more about accessing your medical records on the 1177 website under “e-tjänster” (in Swedish).


To obtain a printout of your medical records, call or write to your healthcare provider or place an order via 1177’s online services. For further details and a request form, click here (in Swedish).

Log extract

Access to your records by someone not directly involved in your care or who has other duties unconnected to them is punishable by law. You have the right to view the access log to your medical records in the records system.
You may order a log extract via 1177’s online services. You may also send a written request in the post to the relevant healthcare provider at:
Provider’s name, Sophiahemmet Sjukhus, Box 5605, 114 86 Stockholm

Your request must contain:

  • Your name
  • Your civic registration number
  • Your telephone number
  • The period which you want the log to cover

The extract will be sent to your registered address by registered mail.

Correcting incorrect personal data

If any personal details are incorrect, including those in your medical records, please contact your healthcare provider with a correction request. If you and the provider disagree about a correction, you can request a note to be made in the records stating that you believe them to contain incorrect or misleading information.
It is important that the contact details we have for you are correct. Your address is updated automatically via the Swedish Population Register, but please notify us of any change of phone number.

Deleting your records

In certain cases you can apply to have your medical records fully or partially deleted. Contact the Health and Social Care Inspectorate (IVO) for further information.