Select your nation of interest

Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
NETHERLAND SUPERVISORY AUTHORITY: medical record, health service providers and GDPR.

NETHERLAND SUPERVISORY AUTHORITY: medical record, health service providers and GDPR.

The health workers, as general medicine doctors, dentists and specialists record health data about their patients in a medical record. The patient rights and health workers duties are established by the law.

File requirements

According to Law on the Contract of Medical Treatment, health workers must store the medical record.

Security

The GDPR requires that the health workers must protect medical records. For example, only authorized people can have access to a patient’s file.

Retention period

The principle rule for health records is written in the WGBO. This law provides that the health worker must store the medical record for 20 years.

Anyway, the GDPR and other specific legislation can be applied for the determination of how long a health worker should store a medical record.

Patient’s rights

The patient’s rights concerning its own medical record are written in part the WGBO and partly in GDPR.Many dispositions are also included in the health legislation.

Patients have the right to view their own medical records, ask for any corrections, or adds or also the destruction. They can also ask for data transfer. (right of data transfer).

Health services provider and GDPR

The GDPR also took on new responsibilities, also for health workers. Rules help them to manage carefully all the sensitive information about privacy of patients, especially now that they are digitized.

Obligation of the GDPR

According to GDPR, new information requirements and new work rules are applied for working with the patient’s consent.
In many case you will be asked to:
– keep your processing activities register;
– keep your Data Protection Impact Analysis;
– appoint a Data Protection Officer

This is important also to manage the patient’s security.

With the enter in force of the GDPR this has not changed, but there is a news: the responsibility.

Responsibility means having the ability to prove that you have adopted all the technical and organizational measures to protect your patient’s data and that the processing is in compliance with the GDPR.

Existing rules that will continue to be applied.

Actual privacy rules are confirmed by GDPR and reinforced in some parts. This is the list of the applicable laws:

  • Law on the Contract of Medical Treatment (WGBO);
  • Quality, Complaints and Disputes Act (Wkkgz);
  • Individual Health Professions Act (BIG Act);
  • Health Insurance Act (Zvw);
  • Health Market Regulation Act (WMG);
  • Additional provisions for the processing of personal data in the Health Act.

The rules of the GDPR also coexist with current rules on medical professional secrecy.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DEI PAESI BASSI – AP

Team Privacy & Data Protection
30 December 2020

Recommended to you

Apple: 0-day detected in WebKit rendering engine (AL02/250312/CSIRT-ITA)

12 March, 2025

Adobe: Security Updates (AL03/250312/CSIRT-ITA

12 March, 2025

Joomla! Updates (AL04/250312/CSIRT-ITA)

12 March, 2025

HONG KONG SUPERVISORY AUTHORITY: Publishes Investigation Findingson the Data Breach Incident of the Companies...

12 March, 2025

Zoom Vulnerability (AL05/250312/CSIRT-ITA)

12 March, 2025

Laravel: Public PoC for CVE-2024-13919 Exploitation (AL06/250312/CSIRT-ITA)

12 March, 2025

Resolved vulnerabilities in Cisco products (AL07/250312/CSIRT-ITA)

12 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

12 March, 2025

Schneider Electric: Vulnerabilities discovered in various products (AL03/250311/CSIRT-ITA)

11 March, 2025

Siemens Product Updates (AL04/250311/CSIRT-ITA)

11 March, 2025

Ivanti March Security Update (AL05/250311/CSIRT-ITA)

11 March, 2025

Fixed vulnerabilities in Google Chrome (AL06/250311/CSIRT-ITA)

11 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

11 March, 2025

Vulnerabilities discovered in Fortinet products (AL07/250311/CSIRT-ITA)

11 March, 2025

LATVIAN SUPERVISORY AUTHORITY: Can my personal data be transferred to extrajudicial debt collection or...

11 March, 2025

CROATIAN SUPERVISORY AUTHORITY: A new coordinated action by the EDPB has begun: the right...

11 March, 2025

CISCO Product Updates (AL01/230112/CSIRT-ITA)

10 March, 2025

HONG KONG SUPERVISORY AUTHORITY: A Female Arrested for Suspected Doxxing Arising from Online Shopping Dispute

10 March, 2025

Vulnerability in QNAP Products (AL01/250310/CSIRT-ITA)

10 March, 2025

ICELANDIC SUPERVISORY AUTHORITY: Information obligation for automated decision-making

7 March, 2025

Advanced Research