Health data in a record

Healthcare providers such as family doctors, dentists and specialists are legallyobliged to record the health data of their patients in a record. This is necessary for proper treatment or care. This means patients cannot always prevent their health data from being included in a (medical) record.

On this page

  1. General information

This obligation for care providers has been laid down in several places, because it can involve different types of care. For example:

  • The record-keeping requirement in the case of medical treatment is stated in the Medical Treatment Contracts Act (WGBO, Article 7:454, paragraph 1 of the Dutch Civil Code).
  • The record-keeping requirement in the case of youth care is set out in the Youth Act (Article 7.3.8 of the Youth Act).

Because it is a legal obligation to include health data in a file, the patient or client does not have to give consent for this.

Security

The General Data Protection Regulation (GDPR) states that healthcare providers must take measures to properly secure health data (Article 32 GDPR). A healthcare provider is, for example, a general practitioner’s office or a hospital.

The NEN 7510 standard states how healthcare providers should do this. For example, only authorised employees may have access to a patient’s file. And healthcare providers must check this.

Read more at: Access to the health data record.

Retention period

The main rule of the GDPR is that personal data may not be retained for longer than is necessary for the purpose for which it was recorded (Article 5(1)(e) GDPR). This retention period is laid down in specific laws. For example, the WGBO stipulates a retention period of 20 years in principle.

Read more at:Retention of the health data record.

Patients’ rights

When people’s personal data is processed, they have certain rights. Patients’ rights are stated in national law such as the WGBO, the Additional Provisions for the Processing of Personal Data in Healthcare (Additional Provisions) Act (Wabvpz) and in the GDPR.

 

  • The WGBO states that patients have the right to access their health data file and to request correction, addition or destruction of their record. It is not always possible to have health data erased. The healthcare provider makes this assessment on a case-by-case basis and adheres to the GDPR.
  • The Wabvpz gives patients the right to access their record electronically.
  • The GDPR also contains various privacy rights.

Read more at: Rights regarding the health data record.

 

Related themes and topics

Health

Youth Healthcare

Youth healthcare is a task of the municipality, which is often carried out by the Municipal Health Service (‘GGD’). This is regulated by law (Article 5 of the Public Health Act).
Go to subject
Health

Using and sharing health data

Data about someone’s health is special personal data. This health data is processed in a medical record, for example.
Go to subject