Laws and regulations

The healthcare system is governed by laws and regulations in order to ensure the provision of safe and secure care. Here are a few of the laws and regulations that apply when you receive care from us.

Processing of personal data within Stockholm County Healthcare Services

Every time you are in contact with the healthcare system, information about you is registered. The ways in which we may register and use your personal data are subject to strict regulation. This means that we have a great responsibility to ensure that your personal data is processed in the correct way, so that we can provide a good, secure service while also protecting your personal privacy.

There are several situations in which we process personal data. The most common situations are:

  • In medical records.
  • In healthcare statistics.
  • In follow-ups and quality assurance of healthcare provision.
  • In healthcare research.
  • For personnel reasons, such as processing salary, absence due to illness and job applications.

Applicable laws and regulations

Personal data may only be collected and processed for justifiable purposes. It is not permitted to collect more personal data than is necessary for the stated purpose. Neither may the data be stored for longer than is necessary, nor processed in a different way to the originally intended use.

The processing of personal data is regulated by several laws for the protection of your personal privacy, such as the Public Access to Information and Secrecy Act, the General Data Protection Regulation and the Patient Data Act. The General Data Protection Regulation (GDPR) is a new EU-wide regulation that replaces the previous personal data legislation.

If you should have any questions about our processing of personal data, or about your rights in relation to GDPR, or if you would like to contact our data protection officer, you can contact us at:

Postal address: Dataskyddsombudet, Stockholms läns sjukvårdsområde, Box 43436, 104 31 Stockholm.

Telephone no.: 08-123 400 00 (switchboard).

Email: Remember never to send anything containing patient data by email.

The Patient Data Act.

The rules for the processing of personal data in the healthcare sector are stated in the Patient Data Act. Among other things, this law regulates:

  • the opportunities for healthcare personnel who participate in the care of a certain patient to have access to the medical records necessary for the provision of care, even if they were written by another healthcare organisation
  • the rules for which individuals may access patient data in the course of their work within the healthcare system
  • the patient’s right to block information in their medical records in an electronic records system

The Health and Medical Services Act

The Health and Medical Services Act is what is known as a framework law, and includes fundamental rules for all health and medical care. This law also regulates what we, as care providers, are obliged to provide patients.


The Act concerning Support and Service for Persons with Certain Functional Impairments (LSS)

The purpose of this law is to ensure that those with functional impairments shall receive the support they need in order to live as independently as possible. LSS is what is known as an entitlement law. This means that a person that does not receive the support to which they are entitled may seek legal redress in a court.

Patient fees and high-cost protection

The healthcare system in Sweden is mainly funded by taxes collected by county councils and municipalities. The fee paid by a patient (for example, for a doctor’s appointment) only represents a small part of the actual cost.

High-cost protection means that a cost ceiling is imposed, which ensures that people do not pay more than a fixed amount for their healthcare. The high-cost protection is structured in the same way in all of Sweden’s county councils and regions. More information about patient fees and high-cost protection is available from 1177 Vårdguiden.

The Patient Act

The Patient Act came into force on 1 January 2015. The most important objective of this act is to strengthen the position of the patient and to increase people’s involvement in their own care.

The act gives patients the opportunity to choose their own providers of publicly financed primary care and specialist outpatient care throughout Sweden. Patients can also register with another county council other than where they live. The home county council pays for the cost of the care, but the patient pays for their own travel and other expenses.

One important element of the act is that healthcare personnel have a greater obligation to inform patients of the choices, risks and opportunities that exist. Among other things, patients shall receive information about treatment methods and the risks of complications.

The Patient Safety Act

Among other things, the Patient Safety Act means that care providers have a clear responsibility to find and rectify system faults. The act also includes procedures for how complaints concerning care are to be processed. More information about our work with patient safety is available under the heading ‘Safe and secure care’ above.


Everyone who works within the healthcare system has a duty of confidentiality. This means that information about your contact with the healthcare system and the treatment you receive may not be disclosed without your consent. This is regulated by the Public Access to Information and Secrecy Act for all those who work in public healthcare services.

Care guarantee

The care guarantee is a statutory element of the Health and Medical Services Act. This guarantee specifies the time limits within which you will be offered care from the county council or the Region. The care guarantee does not, however, regulate whether care should be given or what kind of care a patient may receive.