The National Exchange Point was specially developed and secured for the reliable exchange of medical data between healthcare providers. The National Exchange Point meets all requirements, standards and qualifications for security, and it is the only exchange system in the Netherlands that complies with all laws and regulations in this area.

These are the most important measures for securing safe exchange of medical data through the National Exchange Point:

  • Healthcare providers cannot just connect to the network. The computer system(s) of the healthcare provider must meet strict security requirements.
  • A healthcare provider can only log into the network with a special id-card and a password.
  • A patient must first expressly authorize his healthcare provider to share his medical data.
  • Only healthcare providers who are involved in the treatment of you as a patient may view your data.
  • And they may only access your data if that is necessary for your treatment.
  • The use of the National Exchange Point is closely monitored. The network keeps track of who has viewed which data and when, enabling you to keep track of your data.

In short: your privacy is always monitored.

 

Legislation

The most important legislation that protects your privacy:

  • 'Algemene Verordening Gegevensbescherming (AVG), voorheen de Wet bescherming persoonsgegevens (Wbp)' (General Data Protection Regulation (AVG), formerly the Personal Data Protection Act (Wbp)).
  • 'Wet op de geneeskundige behandelingsovereenkomst (WGBO)' (Act on the Medical Treatment Agreement (WGBO)).

The National Exchange Point ensures the privacy of the patient, both technically and organisationally. This has been confirmed by the 'Autoriteit Persoonsgegevens (AP)' (Dutch Data Protection Authority (AP)), the court and the court of appeal.

 

Has there been unauthorised access to your data?

If you suspect your data has been accessed without authorisation or by mistake, please contact Volgjezorg. We will investigate. If your data is being misused, we will report this to the correct authorities (The regulatory agencies 'Autoriteit Persoonsgegevens (AP)' and 'Inspectie voor de Gezondheidzorg (IGZ)').