Announcement | This website is no longer being updated

The CEF Telecom programme 2014-2020 has concluded. The CEF Digital platform is no longer being actively updated.

Please visit the following websites to access the latest information:


CEF DIGITAL home page

Estonian Central Health Information System and Patient Portal

The Central Health Information System EHR is a patient-oriented system where patient summaries about every case are collected. Data are visible to all clinicians who treat patients and patients can see their own data and see who have accessed their data.

@Photo from Pixabay.


The Central Health Information System (so called Personal Digital History – as EHR service) started in Estonia in 2008. The central system is a patient-oriented system (based on the personal ID–code). In the EHR central system, epicrises about every case (short overview about visits, anamnesis, diagnoses, treatment, examinations and recommendations) have been collected, which are visible to all clinicians who treat patients. The doctors` access to the central database is allowed only via the personal ID-card for security reasons. All accesses will be logged and are allowed only to licensed health care providers. In addition to this database all the collected epicrises are linked to the Medical Images Bank, the Prescription Centre and health care providers systems via the X - road.
The Estonian EHR has a specific service portal for patients – the Patient Portal. Every person has access to the portal via her/his ID-card and can have a look at his/her personal data. A patient can also look up information about his/her children (up to 18 years) or others if specifically permitted. There are several services possible for a patient:
• to see their own data from various service providers in one place
• make declarations (allow donation, distribution of the rights for the family to open or to close the data, data closure for doctors) all over Estonia
• look at their treatment bills, prescriptions, and the loggings (who has accessed their data)



Start date1 Jan 2008 
Nature and status of project Rolled Out 
Is the OOP case/enabler mandatory?


Enabling assets or components 

Relevant Enablers
Estonian data exchange layer for information systems (X-Road)
Estonian Public Key Infrastructure
Estonian Catalogue of Public Sector Information (RIHA)
Estonian three-level IT baseline security system ISKE

Political commitment
Legal interoperability
Health Services Organisation Act,

Especially Chapter 51 HEALTH INFORMATION SYSTEM (adopted on 2008)
National Health Information System Regulation,
Personal Data Protection Act,
Public Information Act,
Population Register Act,
Socio-cultural influence factors
Legal and organizational interoperability: legislation approved by stakeholders

All registers must linked by use commonly accepted keys:
• personal code for citizens,
• code of institution,
• standardized address presentation.

Secure data exchange layer X-Road ( is used for gathering data from different registers. X-Road is a technological and organizational environment enabling a secure Internet-based data exchange between information systems. All registers and Statistics Estonia must be a member of X-Road

Information regarding the X-Road members and the services they provide is available via the Administration System for the State Information System (RIHA). RIHA ( ) serves as a catalogue for the state’s information system. At the same time RIHA is a procedural and administrative environment via which the comprehensive and balanced development of the state’s information system has ensured. RIHA guarantees the transparency of the administration of the state’s information system and helps to plan the state’s information management.

PKI or the public key infrastructure ( ) enables secure digital authentication and signing. The infrastructure also allows forwarding data by using an encrypting key pair: a public encryption key and a private decryption key. In Estonia, this technology is used in relation with electronic identity (ID card, mobile ID, digital ID). All members of X-Road are using Digital seal certificates for signing messages. Citizens and officials are using electronic identity tokens.

All participants must be implemented three-level IT baseline security system ISKE ( The goal of implementing ISKE is to ensure a security level sufficient for the data processed in IT systems. The necessary security level achieved by implementing the standard organisational, infrastructural/physical and technical security measures.

Data guidelines of Estonian Data Protection Inspectorate ( must followed.

Data handling / data exchange

Data handler

Stakeholder nameStakeholder typeStakeholder roleKind of data

Health Information System (TEHIK)

GovernmentDatabase ownerHealth data
Population RegisterGovernmentDatabase providerPersonal data
Business RegisterGovernmentDatabase providerBusiness
Universities, ScientistsCitizenData consumerHealth data
Address Data SystemGovernmentDatabase providerAdress data
Health Care providers (GP, Hospital, Emergency service, Dentists IS)BusinessData recorderHealth data
Medicines Coding Centre (State Agensy of Medicine)GovernmentDatabase providerSemantic data
Registre of Handlers of medicines – Licences of Pharmacies and pharmasists (State Agency of Medicine)GovernmentDatabase providerLicences data
Health Insurance Status Register (Health Insurance Foundation)GovernmentDatabase providerInsurance data
Health care providers Register (Health care Board)GovernmentDatabase providerProviders data
Health professionals Register (Health care Board)GovernmentData consumerData about professionals
Statistics PortalGovernmentData consumerStatistics data
HIS X-Road MISP – Portal for GPBusinessData recorderHealth data
HIS X-Road MISP – portal for Emergency Mobile StationsGovernmentData consumerHealth data
Prescription Centre (Health Insurance Foundation)GovernmentDatabase ownerHealth data
Medical Images RepositoryGovernmentDatabase providerHealth data
Patient PortalCitizenData consumerHealth data
Road Administration BoardGovernmentData consumerHealth data
Social Security BoardGovernmentData consumerHealth data
Health Insurance FoundationGovernmentData consumerHealth data
Medical Registries (Cancer Register) – National Health Development InstituteGovernmentData consumerHealth data
Medical Registries (Infection Diseases register) – Health Care BoardGovernmentData consumerHealth data
State Information Board (X-road, eID, Mobile-ID, ID-card)GovernmentData supervisorGovernance data
Citizen as Patient (via or )CitizenData consumerHealth data


Data: citizens
Medical documents: Health care providers (hospitals, doctors, etc)
National registry (National Health Information System):
Processor: Health and Welfare Information Systems Centre (former Estonian eHealth Foundation)


- Each family doctor is able to view the data on patients in their practice list to see which specialist doctors they have visited or whether they have been hospitalised or received emergency care (irrespective of geographic location)
- Each attending doctor is able to see which prescriptions (both historical and current) a patient has from other doctors in order to assess pharmaceutical interactions
- Each attending doctor is able to see a patient’s tests or visits associated with the same case (this is particularly important in case of chronic diagnoses or chronic patients, as well as patients under monitoring)
- Each attending doctor is able to see whether ordered test results are in, even if the tests were made by another provider
- Reduced number of duplicate tests for the same case
- A brief general overview of patient’s critical data is available without any tests in emergency situations
- Collected data can be used to develop various new services
- Persons can view their prescriptions, summary reports, test results (except images) and the details of their children, and they can also see who else has viewed their data in the systems; they can make their data accessible or inaccessible, issue expressions of will (regarding organ donations, powers of attorney) and order electronic medical certificates
- For the patient is available to ask a second opinion
- Various public agencies can order aggregate and anonymised statistics
- Scientists can conduct research based on different linked databases, subject to a permission of the ethics committee 


• Legal, organizational, technical, social-cultural, fiscal and professional interoperability (see conclusions for detailed description)
• Secure data exchange layer for confidential and legally binding data needed. In case of Estonia the X-Road is used, The use of X-Road ensures complete security of the exchange of data
• The unique personal identification code provides opportunity to merge personal data from different registers.
• The unique company commercial registry code provides opportunity to merge business data from different registers.
• eID and PKI infrastructure needed. Citizen, Doctors and nurses can use for login IDcard, mobileID or digiID
• Central eHealth system meets very high security requirements for trust reasons (Baseline security system ISKE)
• All e-health classificatories are regulated by government act and published at publishing center and identified by OID register
• All health care providers have a contract with the TEHIK (former E-health Foundation, processor of the HIS)
• The Data security guidelines of Estonian Data Protection Inspectorate ( must be followed by all counterparts.
• Harmonized and agreed working flows, standard, classificatory and data models among the health professionals 


Motivation is needed for stakeholders
High development costs (health care providers infosystem development - hardware and software, implementation and training, harmonizing the work flow processes and data models among different health care providers, implementing the international standards and indicators )
High standardization cost (medical terminology and international standards adaptation. Example SNOMED and others)
Organisational interoperability
Changing paradigms between global market, entrepreneurs, patient awareness, technological possibilities and insurance market – lack of clear vision (where to invest)


Disclaimer: Please note that this article is a result of the SCOOP4C Pilot Project, not an application of a CEF Building Block.

Last updated on  Jul 26, 2019 16:13

Share this post

Event calendar
Media library
Success stories

Subscribe to our newsletter

This page has no comments.