Using and sharing health data

Data about someone’s health is special personal data. This health data is processed in a medical record, for example. But a social worker’s record may also contain such data. Special personal data receives additional protection under the General Data Protection Regulation (GDPR).

On this page

  1. General information

It is important that all people who use healthcare are assured that their health data is safe. To ensure this, the GDPR and healthcare legislation clearly state which (additional) rules healthcare providers must comply with when they process (use) health data.

For example, to protect health data, a healthcare provider is required to:

Quick answers

To whom can I turn if I have a question or complaint about the processing of my health data?

Do you have a question or a complaint about the processing of your health data by your care provider or healthcare provider? For example, because you believe your care provider has violated medical confidentiality? Please discuss your question or complaint with your care provider first.

If you not satisfied with the outcome of that discussion, or don’t want to have such a discussion, you have various options. For example, you can contact the Data Protection Officer (DPO) of your healthcare provider. The DPO is the person who stands up for (your) privacy interests within the healthcare institution.

Want to initiate a formal procedure? You can:

Is a processing register mandatory for small healthcare practices or healthcare providers?

Yes, usually it is. According to the GDPR, organisations with fewer than 250 employees are obliged to establish a processing register when they process personal data:

  • that pose a high risk to people’s rights and freedoms; and/or
  • the processing of which is not temporary; and/or
  • that fall under the category of special personal data.

Find out what must be included in the processing register.

Related themes and topics

Identificatie

Identity document in healthcare

A duty to provide proof of identity applies in the healthcare sector. This means that you have to show a valid identity document to your care provider.
Go to information page
Employment and benefits

Sick employees

There are strict rules for recording and sharing information about sick employees.
Go to subject