Kotletti mascot — a golden cutlet with googly eyes roasting a legacy system on a bonfire

Artist's rendering. No legacy systems were harmed. Probably.

Kotletti.Finally, a healthcare system named after something you can actually digest.

Open-source. Modular. Built like modern software — because it is. Some systems cost hundreds of millions and still surprise their users. This one doesn't.

It should be this simple

What a healthcare system owes you

The problem is architectural

A doctor takes an oath.
Then the software breaks it.

A doctor promises to keep your secrets. Then types them into a centralized database accessible to thousands of administrators, IT staff, billing departments, and anyone who breaches the system. The oath is sincere. The architecture makes it impossible to honor.
Finland's Kanta stores 5.5 million people's records in one place. The US has Epic and Cerner, each holding hundreds of millions. The UK has the NHS Spine. Every one of these is a honeypot — a single point where a breach exposes everything.
And they all get breached.
The entire security apparatus — access control lists, role-based permissions, audit logs, consent platforms, GDPR compliance layers — exists to compensate for one architectural decision: putting everyone's data in one place.
What if we didn't?
Kotletti eliminates the honeypot. Patient data exists only where the patient has explicitly shared it. Data flows between people through cryptographic identities. No central database. No central point of failure. The architecture enforces the oath.

The architecture

Your data belongs in your pocket.
Not in a honeypot.

A doctor takes an oath to keep your secrets. Then the architecture makes it impossible to honor. Kotletti is built on an identity-first model — patient data exists only where the patient has explicitly shared it. No central database. No honeypot. The math enforces the oath.

Read more about the identity-first model

How it works

The patient is the record

Identity-first

Every actor in the system — patient, doctor, lab, pharmacy, device — has a cryptographic identity. Data flows between identities through explicit sharing. Nothing goes to a central database. Nothing is accessible by default.

Blind lab work

The doctor assigns a random ID to your sample. The lab never learns whose sample it is. The results are signed by the lab, matched by the doctor, and given to you. A lab breach exposes blind IDs — not patient identities.

Prescriptions without middlemen

A prescription is a signed document. You carry it to any pharmacy. The pharmacy verifies the doctor's signature cryptographically. No central prescription database. No fax machines. The math verifies it.

Insurance sees only what it should

The patient shares billing codes — not clinical notes, not psychiatric history, not the full record. If a claim needs justification, the patient shares the specific relevant notes. Insurance never has access to everything.

Emergency access that works

A signed medical summary card. Emergency contacts with cryptographic authority. Time-boxed access for verified responders. Emergencies don't require a central database — they require graduated options under patient control.

Devices as peers

A heart monitor shares data with you and your cardiologist. Not with the manufacturer's cloud. Not with the hospital's general IT. When you disconnect, the device has no lingering connection to your data.

What disappears

When the architecture is right,
most of the machinery is unnecessary

Access Control Lists. In the central model, you maintain complex rules about who can see what. In Kotletti, there is no database to control access to. You see what was shared with you. Period.
Consent Management Platforms. Entire software systems exist to track what each patient consented to. In Kotletti, consent IS the act of sharing. You consented by sharing.
Breach Notification for Millions. When a central database is breached, millions must be notified. In Kotletti, a breach affects one device — not every patient in the system.
Cross-Border Compliance. GDPR, HIPAA, and other regulations govern how data moves between jurisdictions. In Kotletti, the data is on the patient's device. The patient shares it directly, wherever they are.

The principles

What Kotletti will be

Built like infrastructure

Linux runs the world. SSH secures it. Nobody reboots them on Tuesdays. Kotletti is built to that standard — boring, reliable, and invisible when it works.

Everywhere and nowhere

The server is everywhere and nowhere at the same time. That's how peer-to-peer works. There is no central place to attack. The way the real world works, but digitally.

Usable or it evolves

If it's hard to use, it forks. It branches. It evolves into different apps until every nurse, doctor, and patient actually wants to open it. Usability isn't a feature — it's the survival mechanism.

A Finnish export product

Finland builds things that work in silence. Kotletti will be a vientituote — an export product. Built here, useful everywhere. Healthcare doesn't stop at borders. Neither should the software.

Taxpayer-friendly

The current systems cost hundreds of millions and still surprise their users. Kotletti is open source. The savings aren't theoretical — they're inevitable.

Voices from the field

What the people say

I klik seven taims for opening one patient. SEVEN TAIMS! My finger is now like maratton runner. Wery atletik finger. Rest of me, not so mats. De system is not helping me, it is training me. But in rong direktion.

— Dr. Seppo "Seven Kliks" Virtanen Chief of Unnecessary Kliking, Municipal Helt Center

De old system vas updating. Tree hours. I drink vone kahvi. Den anoder kahvi. Den I start knitting. I finish hole sokk before de system finish loading. Now I haff wery nice sokks but patients are still vaiting.

— Nurse Pirjo Järvinen Head of Vaiting and Advansed Sokk Produkktion

Dey said new system is koming. Dat vas 2015. Den 2017. Den "soon." My dotter vas born, vent to skool, and learned to kode faster dan dis deployment. She offered to help. Dey said no. Of kourse dey said no.

— Dr. Jarkko Nieminen Spesialist in Kronik Vaiting and Internal Medisine

I press save. Nossing happen. I press again. Nossing. I press törd taim — now I haff tree same preskriptions. Patient gets enaf antibiotiks for hole village. Wery effisient. In rong direktion.

— Nurse Maarit "Triple Save" Korhonen Department of Aksidental Bulk Preskriptions

De training vas two viiks. TWO VIIKS! For writing notes! I vent to medikal skool six years and it vas easier to understand de human body dan dis user interfeis. At least de body makes some sense, you know.

— Dr. Antti Mäkelä Senior Konsultant, Department of User Suffering

Samvone asked me how mats de system kost. I told dem. Dey tought I vas talking about a brits. No no, I said, brits vould be tsiper. And de brits you kan aktually kross to de adder side.

— Timo "Budget" Lahtinen IT Direktor and Part-Taim Kraisis Kounselor

These are fictional characters. Any resemblance to your actual Tuesday morning is purely coincidental.

Open source

Software you can inspect
is software you can trust

Readable

Healthcare software handles lives. The code should be open to every developer, auditor, clinician, and citizen who wants to look. Not because we're idealistic. Because it's irresponsible not to be.

Forkable

Don't like a decision we made? Fork it. Improve it. Run your own. No permission needed. No license fee. No phone call to a sales team that doesn't pick up.

Auditable

Every commit is public. Every decision has a trail. When someone asks "why does it work this way?" — the answer is never "we'll get back to you."

Why "Kotletti"

It's a cutlet.

A kotletti is straightforward. You know what's in it. You know what it costs. It doesn't need a brand strategy or a twelve-month onboarding program. It's just good, honest, ordinary food.

Healthcare software should be the same. Not a seven-course mystery menu. Not a molecular gastronomy experiment funded by taxpayers. A cutlet.

Also, we're Finnish. We like naming things after food. Don't overthink it.

Talkoot

This is a talkoot.

In Finland, when something needs building, the neighbours show up. No contracts. No procurement rounds. You bring what you know. Someone brings coffee. The work gets done.

That's how Kotletti is built. Not by a vendor. By people who use healthcare systems, build healthcare systems, or simply believe they should work better than they do.

Developers

Write code. Review code. Break things in staging so they don't break in production.

Clinicians

Tell us what's wrong. Not with the code — with the workflow. You know where it hurts.

Designers

Make seven clicks into one. Make the important thing visible. Make the screen feel calm.

Everyone else

Translate. Document. Test. Ask hard questions. File issues that start with "why does it—" We need those most.

Pull up a chair.
The talkoot has started.

Join the build. Ask a question. Or just tell us what's broken in the system you use today.

Get involved
Next news drops in