Health data in a record
Healthcare providers such as family doctors, dentists and specialists are legallyobliged to record the health data of their patients in a record. This is necessary for proper treatment or care. This means patients cannot always prevent their health data from being included in a (medical) record.
On this page
This obligation for care providers has been laid down in several places, because it can involve different types of care. For example:
- The record-keeping requirement in the case of medical treatment is stated in the Medical Treatment Contracts Act (WGBO, Article 7:454, paragraph 1 of the Dutch Civil Code).
- The record-keeping requirement in the case of youth care is set out in the Youth Act (Article 7.3.8 of the Youth Act).
Because it is a legal obligation to include health data in a file, the patient or client does not have to give consent for this.
Security
The General Data Protection Regulation (GDPR) states that healthcare providers must take measures to properly secure health data (Article 32 GDPR). A healthcare provider is, for example, a general practitioner’s office or a hospital.
The NEN 7510 standard states how healthcare providers should do this. For example, only authorised employees may have access to a patient’s file. And healthcare providers must check this.
Read more at: Access to the health data record.
Retention period
The main rule of the GDPR is that personal data may not be retained for longer than is necessary for the purpose for which it was recorded (Article 5(1)(e) GDPR). This retention period is laid down in specific laws. For example, the WGBO stipulates a retention period of 20 years in principle.
Read more at:Retention of the health data record.
Patients’ rights
When people’s personal data is processed, they have certain rights. Patients’ rights are stated in national law such as the WGBO, the Additional Provisions for the Processing of Personal Data in Healthcare (Additional Provisions) Act (Wabvpz) and in the GDPR.
- The WGBO states that patients have the right to access their health data file and to request correction, addition or destruction of their record. It is not always possible to have health data erased. The healthcare provider makes this assessment on a case-by-case basis and adheres to the GDPR.
- The Wabvpz gives patients the right to access their record electronically.
- The GDPR also contains various privacy rights.
Read more at: Rights regarding the health data record.