A Shared Picture Before a Shared System

Finland has no single place to see the harm its own health system causes. The data exists. It's just scattered across a dozen registers that were never built to talk to each other.

There is no national repository that lets anyone track, compare, and learn from patient-safety incidents across Finnish social and health care. Incident data is fragmented across many separate statutory registers, recorded inconsistently, and rarely current, so the country can't reliably see where harm is happening or whether anything is improving.

The stakes are not small. The reform plan estimates that correcting healthcare harm costs Finland over a billion euros a year; in 2024 alone, 25 million euros was paid out in patient-injury compensation, with the cost to providers many times higher. Up to roughly half of these events are thought to be preventable, and voluntary reporting systems typically capture only 5 to 20 percent of the harm that actually occurs. The mandate to fix this is real: the WHO Global Patient Safety Action Plan makes incident-reporting uptake one of its top indicators, Finland's national patient-safety strategy puts reporting reform in 10 of its 12 objectives, and national audits and research had all already recommended a national system to monitor, compare, and learn. The Ministry of Social Affairs and Health tasked the Finnish Centre for Client and Patient Safety with delivering exactly that.

After building a proof-of-concept on AI-assisted incident reporting inside a wellbeing services county, the Finnish Centre brought me onto the national reform. For most of it there were two of us working full-time: the programme director and me. My half was the systems and the technical view.

My core job was to map the entire fragmented current state: every statutory way an incident gets recorded and reported in Finland, and every system and authority involved. In practice that meant interviewing and meeting a large part of Finnish public healthcare, plus every patient and client record-system vendor, since I was the only person on the project with the technical depth to engage them on how the systems actually work. In parallel I scoped possible collaborations and joint funding bids with public and private partners, one of which became a Sitra-funded pilot on surgical-complication reporting. I also owned the AI thread, keeping the reform current with a field that was arriving in healthcare very fast, through meetings with AI companies, startups, and cloud providers.

The rest of the work was designing the future-state vision and then validating it, round after round, with the national bodies that hold the data: the Finnish institute for health and welfare, the expected home for a future national repository, and the social-insurance institution, which runs the national Kanta data platform. How data ownership should work across them, where it should live, who holds it, how it moves, was still an open question, and a large part of the design was reconciling the options into something everyone could stand behind, along with the agencies (the medicines authority, the radiation-safety authority, and others) that ultimately consume incident data. It's strategic and systems design, but it only worked because I could also read the architecture.

The mapping turned up at least 10 distinct statutory recording and reporting procedures, each with its own law and its own receiving authority: ordinary patient-record entries, national care notifications, healthcare-associated infections, medically-related deaths, drug adverse effects, medical-device incidents, radiation-safety deviations, and more. Each was a separate pipe to a separate place.

Laid side by side, the pattern was unmistakable. The same harm gets entered many times, in incompatible ways, into systems that never aggregate. Terminology drifts (the same event is called different things by different authorities), recording quality varies, voluntary systems capture only a fraction of real events, and the lessons that local incident systems do produce almost never spread beyond the organisation that learned them.

The procedures everyone wanted reformed were the symptom, not the cause. The real task was to redesign the whole data lifecycle so an incident is recorded once and then flows, through shared structures, to the authorities and into one national repository that feeds learning back to providers.

This is the spine the target state is built on, recording once. Today a single harm can be entered into the patient record, and a medicines-authority report, and a local voluntary system, separately, by hand, in mismatched terms. The future-state principle is to record it once where care already happens, in a nationally defined structure with standard classifications, and let it move from there. Transparency and national learning aren't a new form to fill in. They're what you get when an event is recorded once, in a shared structure, and allowed to flow.

The core deliverable was a national master plan for reforming how patient-safety incident data is produced: the background and justification, the goals and scope, a full documented current state of every statutory recording and reporting channel, the target state on a five-to-ten-year horizon with its risks, and the follow-up work. Underneath it sat the design.

What I designed and assembled into it: a documented current-state model of the whole fragmented landscape; a single service-agnostic future reporting process (record once, structure with a shared data model, route through the national platform); three future-state architecture scenarios for how the data flows nationally; a concept for a national incident repository that aggregates the statutory data; the target-state change tables mapping today's fragmentation to a unified, AI-assisted future; and an AI-assisted reporting vision running through all of it. The plan also names its own next deliverable: the five-to-ten-year roadmap that turns this into a sequence of fundable steps.

What this came down to was alignment, not technology. Pulling policy, process, and technology into one shared national vision, across ministries, national data holders still settling who owns what, the authorities who consume the data, and the vendors who build the systems, was the actual work. In a system this fragmented, most of the design is building a shared picture before anyone can build a shared system. The map and the vision weren't preludes to the work. They were the work.

What I would be honest about: the future state leans heavily on programmes I didn't control, international classifications and national platform development that are years out, so a real share of the roadmap is gated on other people's timelines. We also deliberately scoped out near-misses and no-harm events to keep the first reform tractable, even though they matter for prevention, and that's a coverage gap worth naming rather than hiding. And the AI vision, real as it is, is staged on purpose, not magic.

More than anything, this needed someone who could sit between the policy and the architecture and translate in both directions: enough of a designer to draw the future state, enough of an engineer to know it could actually be built. That bridge, not a better reporting form, is what a reform this fragmented runs on.